Security Contacts - List
List all security contact configurations for the subscription
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/securityContacts?api-version=2023-12-01-previewURI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
subscription
|
path | True |
string (uuid) |
The ID of the target subscription. The value must be an UUID. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
Azure operation completed successfully. |
|
| Other Status Codes |
An unexpected error response. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
List security contact data
Sample request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityContacts?api-version=2023-12-01-preview
Sample response
{
"value": [
{
"name": "default",
"type": "Microsoft.Security/securityContact",
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityContact/default",
"properties": {
"emails": "john@contoso.com;Jane@contoso.com",
"isEnabled": true,
"notificationsByRole": {
"roles": [
"Owner",
"Admin"
],
"state": "On"
},
"notificationsSources": [
{
"minimalRiskLevel": "Critical",
"sourceType": "AttackPath"
},
{
"minimalSeverity": "Medium",
"sourceType": "Alert"
}
],
"phone": "(214)275-4038"
}
}
]
}Definitions
| Name | Description |
|---|---|
|
Common. |
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). |
|
Common. |
The error detail. |
|
created |
The type of identity that created the resource. |
|
Error |
The resource management error additional info. |
|
Minimal |
Defines the minimal attack path risk level which will be sent as email notifications |
|
Minimal |
Defines the minimal alert severity which will be sent as email notifications |
|
Notifications |
Alert notification source |
|
Notifications |
Attack path notification source |
|
Security |
Contact details and configurations for notifications coming from Microsoft Defender for Cloud. |
|
Security |
List of security contacts response |
|
Security |
Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. |
|
Security |
A possible role to configure sending security notification alerts to |
|
Source |
The source type that will trigger the notification |
| State |
Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. |
|
system |
Metadata pertaining to creation and last modification of the resource. |
Common.CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
| Name | Type | Description |
|---|---|---|
| error.additionalInfo |
The error additional info. |
|
| error.code |
string |
The error code. |
| error.details |
The error details. |
|
| error.message |
string |
The error message. |
| error.target |
string |
The error target. |
Common.CloudErrorBody
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| User | |
| Application | |
| ManagedIdentity | |
| Key |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
MinimalRiskLevel
Defines the minimal attack path risk level which will be sent as email notifications
| Value | Description |
|---|---|
| Critical |
Get notifications on new attack paths with Critical risk level |
| High |
Get notifications on new attack paths with High or Critical risk level |
| Medium |
Get notifications on new attach paths with Medium, High or Critical risk level |
| Low |
Get notifications on new attach paths with Low, Medium, High or Critical risk level |
MinimalSeverity
Defines the minimal alert severity which will be sent as email notifications
| Value | Description |
|---|---|
| High |
Get notifications on new alerts with High severity |
| Medium |
Get notifications on new alerts with Medium or High severity |
| Low |
Get notifications on new alerts with Low, Medium or High severity |
NotificationsSourceAlert
Alert notification source
| Name | Type | Description |
|---|---|---|
| minimalSeverity |
Defines the minimal alert severity which will be sent as email notifications |
|
| sourceType |
string:
Alert |
The source type that will trigger the notification |
NotificationsSourceAttackPath
Attack path notification source
| Name | Type | Description |
|---|---|---|
| minimalRiskLevel |
Defines the minimal attach path risk level which will be sent as email notifications |
|
| sourceType |
string:
Attack |
The source type that will trigger the notification |
SecurityContact
Contact details and configurations for notifications coming from Microsoft Defender for Cloud.
| Name | Type | Description |
|---|---|---|
| id |
string (arm-id) |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| name |
string |
The name of the resource |
| properties.emails |
string |
List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. |
| properties.isEnabled |
boolean |
Indicates whether the security contact is enabled. |
| properties.notificationsByRole |
Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. |
|
| properties.notificationsSources | NotificationsSource[]: |
A collection of sources types which evaluate the email notification. |
| properties.phone |
string |
The security contact's phone number |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
SecurityContactList
List of security contacts response
| Name | Type | Description |
|---|---|---|
| nextLink |
string (uri) |
The link to the next page of items |
| value |
The SecurityContact items on this page |
SecurityContactPropertiesNotificationsByRole
Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription.
| Name | Type | Description |
|---|---|---|
| roles |
Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: |
|
| state |
Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. |
SecurityContactRole
A possible role to configure sending security notification alerts to
| Value | Description |
|---|---|
| AccountAdmin |
If enabled, send notification on new alerts to the account admins |
| ServiceAdmin |
If enabled, send notification on new alerts to the service admins |
| Owner |
If enabled, send notification on new alerts to the subscription owners |
| Contributor |
If enabled, send notification on new alerts to the subscription contributors |
SourceType
The source type that will trigger the notification
| Value | Description |
|---|---|
| Alert |
Alert |
| AttackPath |
AttackPath |
State
Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription.
| Value | Description |
|---|---|
| Passed |
All supported regulatory compliance controls in the given standard have a passed state |
| Failed |
At least one supported regulatory compliance control in the given standard has a state of failed |
| Skipped |
All supported regulatory compliance controls in the given standard have a state of skipped |
| Unsupported |
No supported regulatory compliance data for the given standard |
| On |
Send notification on new alerts to the subscription's admins |
| Off |
Don't send notification on new alerts to the subscription's admins |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string (date-time) |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string (date-time) |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |