Email Notifications Disabled

  • Query id: 79c2c2c0-eb00-47c0-ac16-f8b0e2c81c92
  • Query name: Email Notifications Disabled
  • Platform: AzureResourceManager
  • Severity: Info
  • Category: Networking and Firewall
  • CWE: 778
  • URL: Github

Description

Email notifications about new security alerts, should be set to 'On', and be sent to persons with specific RBAC roles on the subscription
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      state: 'Off'
      minimalSeverity: 'High'
    }
    notificationsByRole: {
      state: 'On'
      roles: ['Owner']
    }
  }
}
Positive test num. 2 - json file
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "2.0.0.0",
  "apiProfile": "2019-03-01-hybrid",
  "parameters": {},
  "variables": {},
  "functions": [],
  "resources": [
    {
      "name": "security contact",
      "type": "Microsoft.Security/securityContacts",
      "apiVersion": "2020-01-01-preview",
      "properties": {
        "emails": "sample@email.com",
        "phone": "9999999",
        "alertNotifications": {
          "state": "Off",
          "minimalSeverity": "High"
        },
        "notificationsByRole": {
          "state": "On",
          "roles": [
            "Owner"
          ]
        }
      }
    }
  ],
  "outputs": {}
}
Positive test num. 3 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      state: 'On'
      minimalSeverity: 'High'
    }
  }
}

Positive test num. 4 - json file
{
  "properties": {
    "template": {
      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
      "contentVersion": "2.0.0.0",
      "apiProfile": "2019-03-01-hybrid",
      "parameters": {},
      "variables": {},
      "functions": [],
      "resources": [
        {
          "name": "security contact",
          "type": "Microsoft.Security/securityContacts",
          "apiVersion": "2020-01-01-preview",
          "properties": {
            "emails": "sample@email.com",
            "phone": "9999999",
            "alertNotifications": {
              "state": "On",
              "minimalSeverity": "High"
            }
          }
        }
      ],
      "outputs": {}
    },
    "parameters": {}
  },
  "kind": "template",
  "type": "Microsoft.Blueprint/blueprints/artifacts",
  "name": "myTemplate"
}
Positive test num. 5 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      state: 'On'
      minimalSeverity: 'High'
    }
    notificationsByRole: {
      state: 'Off'
      roles: ['Owner']
    }
  }
}
Positive test num. 6 - json file
{
  "properties": {
    "template": {
      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
      "contentVersion": "2.0.0.0",
      "apiProfile": "2019-03-01-hybrid",
      "parameters": {},
      "variables": {},
      "functions": [],
      "resources": [
        {
          "name": "security contact",
          "type": "Microsoft.Security/securityContacts",
          "apiVersion": "2020-01-01-preview",
          "properties": {
            "emails": "sample@email.com",
            "phone": "9999999",
            "alertNotifications": {
              "state": "On",
              "minimalSeverity": "High"
            },
            "notificationsByRole": {
              "state": "Off",
              "roles": [
                "Owner"
              ]
            }
          }
        }
      ],
      "outputs": {}
    },
    "parameters": {}
  },
  "kind": "template",
  "type": "Microsoft.Blueprint/blueprints/artifacts",
  "name": "myTemplate"
}
Positive test num. 7 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      state: 'On'
      minimalSeverity: 'High'
    }
    notificationsByRole: {
      roles: ['Owner']
    }
  }
}
Positive test num. 8 - json file
{
  "properties": {
    "template": {
      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
      "contentVersion": "2.0.0.0",
      "apiProfile": "2019-03-01-hybrid",
      "parameters": {},
      "variables": {},
      "functions": [],
      "resources": [
        {
          "name": "security contact",
          "type": "Microsoft.Security/securityContacts",
          "apiVersion": "2020-01-01-preview",
          "properties": {
            "emails": "sample@email.com",
            "phone": "9999999",
            "alertNotifications": {
              "state": "On",
              "minimalSeverity": "High"
            },
            "notificationsByRole": {
              "roles": [
                "Owner"
              ]
            }
          }
        }
      ],
      "outputs": {}
    },
    "parameters": {}
  },
  "kind": "template",
  "type": "Microsoft.Blueprint/blueprints/artifacts",
  "name": "myTemplate"
}
Positive test num. 9 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    notificationsByRole: {
      state: 'On'
      roles: ['Owner']
    }
  }
}
Positive test num. 10 - json file
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "2.0.0.0",
  "apiProfile": "2019-03-01-hybrid",
  "parameters": {},
  "variables": {},
  "functions": [],
  "resources": [
    {
      "name": "security contact",
      "type": "Microsoft.Security/securityContacts",
      "apiVersion": "2020-01-01-preview",
      "properties": {
        "emails": "sample@email.com",
        "phone": "9999999",
        "notificationsByRole": {
          "state": "On",
          "roles": [
            "Owner"
          ]
        }
      }
    }
  ],
  "outputs": {}
}
Positive test num. 11 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      minimalSeverity: 'High'
    }
    notificationsByRole: {
      state: 'On'
      roles: ['Owner']
    }
  }
}
Positive test num. 12 - json file
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "2.0.0.0",
  "apiProfile": "2019-03-01-hybrid",
  "parameters": {},
  "variables": {},
  "functions": [],
  "resources": [
    {
      "name": "security contact",
      "type": "Microsoft.Security/securityContacts",
      "apiVersion": "2020-01-01-preview",
      "properties": {
        "emails": "sample@email.com",
        "phone": "9999999",
        "alertNotifications": {
          "minimalSeverity": "High"
        },
        "notificationsByRole": {
          "state": "On",
          "roles": [
            "Owner"
          ]
        }
      }
    }
  ],
  "outputs": {}
}
Positive test num. 13 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      state: 'On'
      minimalSeverity: 'High'
    }
  }
}
Positive test num. 14 - json file
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "2.0.0.0",
  "apiProfile": "2019-03-01-hybrid",
  "parameters": {},
  "variables": {},
  "functions": [],
  "resources": [
    {
      "name": "security contact",
      "type": "Microsoft.Security/securityContacts",
      "apiVersion": "2020-01-01-preview",
      "properties": {
        "emails": "sample@email.com",
        "phone": "9999999",
        "alertNotifications": {
          "state": "On",
          "minimalSeverity": "High"
        }
      }
    }
  ],
  "outputs": {}
}
Positive test num. 15 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      state: 'On'
      minimalSeverity: 'High'
    }
    notificationsByRole: {
      state: 'Off'
      roles: ['Owner']
    }
  }
}
Positive test num. 16 - json file
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "2.0.0.0",
  "apiProfile": "2019-03-01-hybrid",
  "parameters": {},
  "variables": {},
  "functions": [],
  "resources": [
    {
      "name": "security contact",
      "type": "Microsoft.Security/securityContacts",
      "apiVersion": "2020-01-01-preview",
      "properties": {
        "emails": "sample@email.com",
        "phone": "9999999",
        "alertNotifications": {
          "state": "On",
          "minimalSeverity": "High"
        },
        "notificationsByRole": {
          "state": "Off",
          "roles": [
            "Owner"
          ]
        }
      }
    }
  ],
  "outputs": {}
}
Positive test num. 17 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      state: 'On'
      minimalSeverity: 'High'
    }
    notificationsByRole: {
      roles: ['Owner']
    }
  }
}
Positive test num. 18 - json file
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "2.0.0.0",
  "apiProfile": "2019-03-01-hybrid",
  "parameters": {},
  "variables": {},
  "functions": [],
  "resources": [
    {
      "name": "security contact",
      "type": "Microsoft.Security/securityContacts",
      "apiVersion": "2020-01-01-preview",
      "properties": {
        "emails": "sample@email.com",
        "phone": "9999999",
        "alertNotifications": {
          "state": "On",
          "minimalSeverity": "High"
        },
        "notificationsByRole": {
          "roles": [
            "Owner"
          ]
        }
      }
    }
  ],
  "outputs": {}
}
Positive test num. 19 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      state: 'Off'
      minimalSeverity: 'High'
    }
    notificationsByRole: {
      state: 'On'
      roles: ['Owner']
    }
  }
}
Positive test num. 20 - json file
{
  "properties": {
    "template": {
      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
      "contentVersion": "2.0.0.0",
      "apiProfile": "2019-03-01-hybrid",
      "parameters": {},
      "variables": {},
      "functions": [],
      "resources": [
        {
          "name": "security contact",
          "type": "Microsoft.Security/securityContacts",
          "apiVersion": "2020-01-01-preview",
          "properties": {
            "emails": "sample@email.com",
            "phone": "9999999",
            "alertNotifications": {
              "state": "Off",
              "minimalSeverity": "High"
            },
            "notificationsByRole": {
              "state": "On",
              "roles": [
                "Owner"
              ]
            }
          }
        }
      ],
      "outputs": {}
    },
    "parameters": {}
  },
  "kind": "template",
  "type": "Microsoft.Blueprint/blueprints/artifacts",
  "name": "myTemplate"
}
Positive test num. 21 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    notificationsByRole: {
      state: 'On'
      roles: ['Owner']
    }
  }
}
Positive test num. 22 - json file
{
  "properties": {
    "template": {
      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
      "contentVersion": "2.0.0.0",
      "apiProfile": "2019-03-01-hybrid",
      "parameters": {},
      "variables": {},
      "functions": [],
      "resources": [
        {
          "name": "security contact",
          "type": "Microsoft.Security/securityContacts",
          "apiVersion": "2020-01-01-preview",
          "properties": {
            "emails": "sample@email.com",
            "phone": "9999999",
            "notificationsByRole": {
              "state": "On",
              "roles": [
                "Owner"
              ]
            }
          }
        }
      ],
      "outputs": {}
    },
    "parameters": {}
  },
  "kind": "template",
  "type": "Microsoft.Blueprint/blueprints/artifacts",
  "name": "myTemplate"
}
Positive test num. 23 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      minimalSeverity: 'High'
    }
    notificationsByRole: {
      state: 'On'
      roles: ['Owner']
    }
  }
}
Positive test num. 24 - json file
{
  "properties": {
    "template": {
      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
      "contentVersion": "2.0.0.0",
      "apiProfile": "2019-03-01-hybrid",
      "parameters": {},
      "variables": {},
      "functions": [],
      "resources": [
        {
          "name": "security contact",
          "type": "Microsoft.Security/securityContacts",
          "apiVersion": "2020-01-01-preview",
          "properties": {
            "emails": "sample@email.com",
            "phone": "9999999",
            "alertNotifications": {
              "minimalSeverity": "High"
            },
            "notificationsByRole": {
              "state": "On",
              "roles": [
                "Owner"
              ]
            }
          }
        }
      ],
      "outputs": {}
    },
    "parameters": {}
  },
  "kind": "template",
  "type": "Microsoft.Blueprint/blueprints/artifacts",
  "name": "myTemplate"
}

Code samples without security vulnerabilities

Negative test num. 1 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      state: 'On'
      minimalSeverity: 'High'
    }
    notificationsByRole: {
      state: 'On'
      roles: ['Owner']
    }
  }
}
Negative test num. 2 - json file
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "2.0.0.0",
  "apiProfile": "2019-03-01-hybrid",
  "parameters": {},
  "variables": {},
  "functions": [],
  "resources": [
    {
      "name": "security contact",
      "type": "Microsoft.Security/securityContacts",
      "apiVersion": "2020-01-01-preview",
      "properties": {
        "emails": "sample@email.com",
        "phone": "9999999",
        "alertNotifications": {
          "state": "On",
          "minimalSeverity": "High"
        },
        "notificationsByRole": {
          "state": "On",
          "roles": [
            "Owner"
          ]
        }
      }
    }
  ],
  "outputs": {}
}
Negative test num. 3 - bicep file
resource security_contact 'Microsoft.Security/securityContacts@2020-01-01-preview' = {
  name: 'security contact'
  properties: {
    emails: 'sample@email.com'
    phone: '9999999'
    alertNotifications: {
      state: 'On'
      minimalSeverity: 'High'
    }
    notificationsByRole: {
      state: 'On'
      roles: ['Owner']
    }
  }
}

Negative test num. 4 - json file
{
  "properties": {
    "template": {
      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
      "contentVersion": "2.0.0.0",
      "apiProfile": "2019-03-01-hybrid",
      "parameters": {},
      "variables": {},
      "functions": [],
      "resources": [
        {
          "name": "security contact",
          "type": "Microsoft.Security/securityContacts",
          "apiVersion": "2020-01-01-preview",
          "properties": {
            "emails": "sample@email.com",
            "phone": "9999999",
            "alertNotifications": {
              "state": "On",
              "minimalSeverity": "High"
            },
            "notificationsByRole": {
              "state": "On",
              "roles": [
                "Owner"
              ]
            }
          }
        }
      ],
      "outputs": {}
    },
    "parameters": {}
  },
  "kind": "template",
  "type": "Microsoft.Blueprint/blueprints/artifacts",
  "name": "myTemplate"
}