Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscription - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/securityContacts@2023-12-01-preview' = {
name: 'string'
properties: {
emails: 'string'
isEnabled: bool
notificationsByRole: {
roles: [
'string'
]
state: 'string'
}
notificationsSources: [
{
sourceType: 'string'
// For remaining properties, see NotificationsSource objects
}
]
phone: 'string'
}
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
{
minimalSeverity: 'string'
sourceType: 'Alert'
}
For AttackPath, use:
{
minimalRiskLevel: 'string'
sourceType: 'AttackPath'
}
Property Values
Microsoft.Security/securityContacts
| Name | Description | Value |
|---|---|---|
| name | The resource name | 'default' (required) |
| properties | Security contact data | SecurityContactProperties |
NotificationsSource
| Name | Description | Value |
|---|---|---|
| sourceType | Set to 'Alert' for type NotificationsSourceAlert. Set to 'AttackPath' for type NotificationsSourceAttackPath. | 'Alert' 'AttackPath' (required) |
NotificationsSourceAlert
| Name | Description | Value |
|---|---|---|
| minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'Alert' (required) |
NotificationsSourceAttackPath
| Name | Description | Value |
|---|---|---|
| minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | 'Critical' 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'AttackPath' (required) |
SecurityContactProperties
| Name | Description | Value |
|---|---|---|
| emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
| isEnabled | Indicates whether the security contact is enabled. | bool |
| notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
| notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
| phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
| Name | Description | Value |
|---|---|---|
| roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: 'AccountAdmin' 'Contributor' 'Owner' 'ServiceAdmin' |
| state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | 'Off' 'On' |
ARM template resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscription - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following JSON to your template.
{
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2023-12-01-preview",
"name": "string",
"properties": {
"emails": "string",
"isEnabled": "bool",
"notificationsByRole": {
"roles": [ "string" ],
"state": "string"
},
"notificationsSources": [ {
"sourceType": "string"
// For remaining properties, see NotificationsSource objects
} ],
"phone": "string"
}
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
{
"minimalSeverity": "string",
"sourceType": "Alert"
}
For AttackPath, use:
{
"minimalRiskLevel": "string",
"sourceType": "AttackPath"
}
Property Values
Microsoft.Security/securityContacts
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2023-12-01-preview' |
| name | The resource name | 'default' (required) |
| properties | Security contact data | SecurityContactProperties |
| type | The resource type | 'Microsoft.Security/securityContacts' |
NotificationsSource
| Name | Description | Value |
|---|---|---|
| sourceType | Set to 'Alert' for type NotificationsSourceAlert. Set to 'AttackPath' for type NotificationsSourceAttackPath. | 'Alert' 'AttackPath' (required) |
NotificationsSourceAlert
| Name | Description | Value |
|---|---|---|
| minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'Alert' (required) |
NotificationsSourceAttackPath
| Name | Description | Value |
|---|---|---|
| minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | 'Critical' 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'AttackPath' (required) |
SecurityContactProperties
| Name | Description | Value |
|---|---|---|
| emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
| isEnabled | Indicates whether the security contact is enabled. | bool |
| notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
| notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
| phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
| Name | Description | Value |
|---|---|---|
| roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: 'AccountAdmin' 'Contributor' 'Owner' 'ServiceAdmin' |
| state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | 'Off' 'On' |
Usage Examples
Terraform (AzAPI provider) resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscription
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/securityContacts@2023-12-01-preview"
name = "string"
parent_id = "string"
body = {
properties = {
emails = "string"
isEnabled = bool
notificationsByRole = {
roles = [
"string"
]
state = "string"
}
notificationsSources = [
{
sourceType = "string"
// For remaining properties, see NotificationsSource objects
}
]
phone = "string"
}
}
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
{
minimalSeverity = "string"
sourceType = "Alert"
}
For AttackPath, use:
{
minimalRiskLevel = "string"
sourceType = "AttackPath"
}
Property Values
Microsoft.Security/securityContacts
| Name | Description | Value |
|---|---|---|
| name | The resource name | 'default' (required) |
| properties | Security contact data | SecurityContactProperties |
| type | The resource type | "Microsoft.Security/securityContacts@2023-12-01-preview" |
NotificationsSource
| Name | Description | Value |
|---|---|---|
| sourceType | Set to 'Alert' for type NotificationsSourceAlert. Set to 'AttackPath' for type NotificationsSourceAttackPath. | 'Alert' 'AttackPath' (required) |
NotificationsSourceAlert
| Name | Description | Value |
|---|---|---|
| minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'Alert' (required) |
NotificationsSourceAttackPath
| Name | Description | Value |
|---|---|---|
| minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | 'Critical' 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'AttackPath' (required) |
SecurityContactProperties
| Name | Description | Value |
|---|---|---|
| emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
| isEnabled | Indicates whether the security contact is enabled. | bool |
| notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
| notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
| phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
| Name | Description | Value |
|---|---|---|
| roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: 'AccountAdmin' 'Contributor' 'Owner' 'ServiceAdmin' |
| state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | 'Off' 'On' |