Microsoft.Security securityContacts
Bicep resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscriptions - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/securityContacts@2023-12-01-preview' = {
name: 'default'
properties: {
emails: 'string'
isEnabled: bool
notificationsByRole: {
roles: [
'string'
]
state: 'string'
}
notificationsSources: [
{
sourceType: 'string'
// For remaining properties, see NotificationsSource objects
}
]
phone: 'string'
}
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
sourceType: 'Alert'
minimalSeverity: 'string'
For AttackPath, use:
sourceType: 'AttackPath'
minimalRiskLevel: 'string'
Property values
securityContacts
Name | Description | Value |
---|---|---|
name | The resource name | 'default' |
properties | Security contact data | SecurityContactProperties |
SecurityContactProperties
Name | Description | Value |
---|---|---|
emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
isEnabled | Indicates whether the security contact is enabled. | bool |
notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
Name | Description | Value |
---|---|---|
roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: 'AccountAdmin' 'Contributor' 'Owner' 'ServiceAdmin' |
state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | 'Off' 'On' |
NotificationsSource
Name | Description | Value |
---|---|---|
sourceType | Set the object type | Alert AttackPath (required) |
NotificationsSourceAlert
Name | Description | Value |
---|---|---|
sourceType | The source type that will trigger the notification | 'Alert' (required) |
minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | 'High' 'Low' 'Medium' |
NotificationsSourceAttackPath
Name | Description | Value |
---|---|---|
sourceType | The source type that will trigger the notification | 'AttackPath' (required) |
minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | 'Critical' 'High' 'Low' 'Medium' |
ARM template resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscriptions - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following JSON to your template.
{
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2023-12-01-preview",
"name": "default",
"properties": {
"emails": "string",
"isEnabled": "bool",
"notificationsByRole": {
"roles": [ "string" ],
"state": "string"
},
"notificationsSources": [
{
"sourceType": "string"
// For remaining properties, see NotificationsSource objects
}
],
"phone": "string"
}
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
"sourceType": "Alert",
"minimalSeverity": "string"
For AttackPath, use:
"sourceType": "AttackPath",
"minimalRiskLevel": "string"
Property values
securityContacts
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Security/securityContacts' |
apiVersion | The resource api version | '2023-12-01-preview' |
name | The resource name | 'default' |
properties | Security contact data | SecurityContactProperties |
SecurityContactProperties
Name | Description | Value |
---|---|---|
emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
isEnabled | Indicates whether the security contact is enabled. | bool |
notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
Name | Description | Value |
---|---|---|
roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: 'AccountAdmin' 'Contributor' 'Owner' 'ServiceAdmin' |
state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | 'Off' 'On' |
NotificationsSource
Name | Description | Value |
---|---|---|
sourceType | Set the object type | Alert AttackPath (required) |
NotificationsSourceAlert
Name | Description | Value |
---|---|---|
sourceType | The source type that will trigger the notification | 'Alert' (required) |
minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | 'High' 'Low' 'Medium' |
NotificationsSourceAttackPath
Name | Description | Value |
---|---|---|
sourceType | The source type that will trigger the notification | 'AttackPath' (required) |
minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | 'Critical' 'High' 'Low' 'Medium' |
Terraform (AzAPI provider) resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscriptions
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/securityContacts@2023-12-01-preview"
name = "default"
parent_id = "string"
body = jsonencode({
properties = {
emails = "string"
isEnabled = bool
notificationsByRole = {
roles = [
"string"
]
state = "string"
}
notificationsSources = [
{
sourceType = "string"
// For remaining properties, see NotificationsSource objects
}
]
phone = "string"
}
})
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
sourceType = "Alert"
minimalSeverity = "string"
For AttackPath, use:
sourceType = "AttackPath"
minimalRiskLevel = "string"
Property values
securityContacts
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.Security/securityContacts@2023-12-01-preview" |
name | The resource name | "default" |
parent_id | To deploy to a subscription, use the ID of that subscription. | string (required) |
properties | Security contact data | SecurityContactProperties |
SecurityContactProperties
Name | Description | Value |
---|---|---|
emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
isEnabled | Indicates whether the security contact is enabled. | bool |
notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
Name | Description | Value |
---|---|---|
roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: "AccountAdmin" "Contributor" "Owner" "ServiceAdmin" |
state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | "Off" "On" |
NotificationsSource
Name | Description | Value |
---|---|---|
sourceType | Set the object type | Alert AttackPath (required) |
NotificationsSourceAlert
Name | Description | Value |
---|---|---|
sourceType | The source type that will trigger the notification | "Alert" (required) |
minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | "High" "Low" "Medium" |
NotificationsSourceAttackPath
Name | Description | Value |
---|---|---|
sourceType | The source type that will trigger the notification | "AttackPath" (required) |
minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | "Critical" "High" "Low" "Medium" |