Security Contacts - Create
Create security contact configurations for the subscription
PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/securityContacts/default?api-version=2023-12-01-preview
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
security
|
path | True |
Name of the security contact object Regex pattern: |
|
subscription
|
path | True |
string |
Azure subscription ID Regex pattern: |
api-version
|
query | True |
string |
API version for the operation |
Request Body
Name | Type | Description |
---|---|---|
properties.emails |
string |
List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. |
properties.isEnabled |
boolean |
Indicates whether the security contact is enabled. |
properties.notificationsByRole |
Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. |
|
properties.notificationsSources | NotificationsSource[]: |
A collection of sources types which evaluate the email notification. |
properties.phone |
string |
The security contact's phone number |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK |
|
201 Created |
Created |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Create security contact data
Sample request
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityContacts/default?api-version=2023-12-01-preview
{
"properties": {
"notificationsByRole": {
"state": "On",
"roles": [
"Owner"
]
},
"isEnabled": true,
"emails": "john@contoso.com;jane@contoso.com",
"phone": "(214)275-4038",
"notificationsSources": [
{
"sourceType": "AttackPath",
"minimalRiskLevel": "Critical"
},
{
"sourceType": "Alert",
"minimalSeverity": "Medium"
}
]
}
}
Sample response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityContacts/default",
"name": "default",
"type": "Microsoft.Security/securityContact",
"properties": {
"notificationsByRole": {
"roles": [
"Owner"
]
},
"isEnabled": true,
"emails": "john@microsoft.com;jane@microsoft.com",
"phone": "(214)275-4038",
"notificationsSources": [
{
"sourceType": "AttackPath",
"minimalRiskLevel": "Critical"
},
{
"sourceType": "Alert",
"minimalSeverity": "Medium"
}
]
}
}
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityContacts/default",
"name": "default",
"type": "Microsoft.Security/securityContact",
"properties": {
"notificationsByRole": {
"state": "On",
"roles": [
"Owner"
]
},
"isEnabled": true,
"emails": "john@microsoft.com;jane@microsoft.com",
"phone": "(214)275-4038",
"notificationsSources": [
{
"sourceType": "AttackPath",
"minimalRiskLevel": "Critical"
},
{
"sourceType": "Alert",
"minimalSeverity": "Medium"
}
]
}
}
Definitions
Name | Description |
---|---|
Cloud |
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). |
Cloud |
The error detail. |
Error |
The resource management error additional info. |
minimal |
Defines the minimal attach path risk level which will be sent as email notifications |
minimal |
|
Notifications |
Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. |
Notifications |
Alert notification source |
Notifications |
Attack path notification source |
Security |
Contact details and configurations for notifications coming from Microsoft Defender for Cloud. |
security |
Name of the security contact object |
security |
Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: |
state |
Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. |
CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
Name | Type | Description |
---|---|---|
error.additionalInfo |
The error additional info. |
|
error.code |
string |
The error code. |
error.details |
The error details. |
|
error.message |
string |
The error message. |
error.target |
string |
The error target. |
CloudErrorBody
The error detail.
Name | Type | Description |
---|---|---|
additionalInfo |
The error additional info. |
|
code |
string |
The error code. |
details |
The error details. |
|
message |
string |
The error message. |
target |
string |
The error target. |
ErrorAdditionalInfo
The resource management error additional info.
Name | Type | Description |
---|---|---|
info |
object |
The additional info. |
type |
string |
The additional info type. |
minimalRiskLevel
Defines the minimal attach path risk level which will be sent as email notifications
Name | Type | Description |
---|---|---|
Critical |
string |
Get notifications on new attack paths with Critical risk level |
High |
string |
Get notifications on new attack paths with High or Critical risk level |
Low |
string |
Get notifications on new attach paths with Low, Medium, High or Critical risk level |
Medium |
string |
Get notifications on new attach paths with Medium, High or Critical risk level |
minimalSeverity
Name | Type | Description |
---|---|---|
High |
string |
Get notifications on new alerts with High severity |
Low |
string |
Get notifications on new alerts with Low, Medium or High severity |
Medium |
string |
Get notifications on new alerts with Medium or High severity |
NotificationsByRole
Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription.
Name | Type | Description |
---|---|---|
roles |
Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: |
|
state |
Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. |
NotificationsSourceAlert
Alert notification source
Name | Type | Description |
---|---|---|
minimalSeverity | ||
sourceType |
string:
Alert |
The source type that will trigger the notification |
NotificationsSourceAttackPath
Attack path notification source
Name | Type | Description |
---|---|---|
minimalRiskLevel |
Defines the minimal attach path risk level which will be sent as email notifications |
|
sourceType |
string:
Attack |
The source type that will trigger the notification |
SecurityContact
Contact details and configurations for notifications coming from Microsoft Defender for Cloud.
Name | Type | Description |
---|---|---|
id |
string |
Resource Id |
name |
string |
Resource name |
properties.emails |
string |
List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. |
properties.isEnabled |
boolean |
Indicates whether the security contact is enabled. |
properties.notificationsByRole |
Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. |
|
properties.notificationsSources | NotificationsSource[]: |
A collection of sources types which evaluate the email notification. |
properties.phone |
string |
The security contact's phone number |
type |
string |
Resource type |
securityContactName
Name of the security contact object
Name | Type | Description |
---|---|---|
default |
string |
The single applicable name of the security contact object |
securityContactRole
Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles:
Name | Type | Description |
---|---|---|
AccountAdmin |
string |
If enabled, send notification on new alerts to the account admins |
Contributor |
string |
If enabled, send notification on new alerts to the subscription contributors |
Owner |
string |
If enabled, send notification on new alerts to the subscription owners |
ServiceAdmin |
string |
If enabled, send notification on new alerts to the service admins |
state
Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription.
Name | Type | Description |
---|---|---|
Off |
string |
Don't send notification on new alerts to the subscription's admins |
On |
string |
Send notification on new alerts to the subscription's admins |