Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Microsoft.Security securityContacts
Bicep resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscription - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/securityContacts@2023-12-01-preview' = {
name: 'string'
properties: {
emails: 'string'
isEnabled: bool
notificationsByRole: {
roles: [
'string'
]
state: 'string'
}
notificationsSources: [
{
sourceType: 'string'
// For remaining properties, see NotificationsSource objects
}
]
phone: 'string'
}
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
{
minimalSeverity: 'string'
sourceType: 'Alert'
}
For AttackPath, use:
{
minimalRiskLevel: 'string'
sourceType: 'AttackPath'
}
Property Values
Microsoft.Security/securityContacts
| Name | Description | Value |
|---|---|---|
| name | The resource name | 'default' (required) |
| properties | Security contact data | SecurityContactProperties |
NotificationsSource
| Name | Description | Value |
|---|---|---|
| sourceType | Set to 'Alert' for type NotificationsSourceAlert. Set to 'AttackPath' for type NotificationsSourceAttackPath. | 'Alert' 'AttackPath' (required) |
NotificationsSourceAlert
| Name | Description | Value |
|---|---|---|
| minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'Alert' (required) |
NotificationsSourceAttackPath
| Name | Description | Value |
|---|---|---|
| minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | 'Critical' 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'AttackPath' (required) |
SecurityContactProperties
| Name | Description | Value |
|---|---|---|
| emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
| isEnabled | Indicates whether the security contact is enabled. | bool |
| notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
| notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
| phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
| Name | Description | Value |
|---|---|---|
| roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: 'AccountAdmin' 'Contributor' 'Owner' 'ServiceAdmin' |
| state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | 'Failed' 'Off' 'On' 'Passed' 'Skipped' 'Unsupported' |
Usage Examples
Bicep Samples
A basic example of deploying subscription's Security Center Contact.
targetScope = 'subscription'
param resourceName string = 'acctest0001'
param location string = 'eastus'
resource securityContact 'Microsoft.Security/securityContacts@2017-08-01-preview' = {
name: resourceName
properties: {
alertNotifications: 'On'
alertsToAdmins: 'On'
email: 'basic@example.com'
phone: '+1-555-555-5555'
}
}
ARM template resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscription - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following JSON to your template.
{
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2023-12-01-preview",
"name": "string",
"properties": {
"emails": "string",
"isEnabled": "bool",
"notificationsByRole": {
"roles": [ "string" ],
"state": "string"
},
"notificationsSources": [ {
"sourceType": "string"
// For remaining properties, see NotificationsSource objects
} ],
"phone": "string"
}
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
{
"minimalSeverity": "string",
"sourceType": "Alert"
}
For AttackPath, use:
{
"minimalRiskLevel": "string",
"sourceType": "AttackPath"
}
Property Values
Microsoft.Security/securityContacts
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2023-12-01-preview' |
| name | The resource name | 'default' (required) |
| properties | Security contact data | SecurityContactProperties |
| type | The resource type | 'Microsoft.Security/securityContacts' |
NotificationsSource
| Name | Description | Value |
|---|---|---|
| sourceType | Set to 'Alert' for type NotificationsSourceAlert. Set to 'AttackPath' for type NotificationsSourceAttackPath. | 'Alert' 'AttackPath' (required) |
NotificationsSourceAlert
| Name | Description | Value |
|---|---|---|
| minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'Alert' (required) |
NotificationsSourceAttackPath
| Name | Description | Value |
|---|---|---|
| minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | 'Critical' 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'AttackPath' (required) |
SecurityContactProperties
| Name | Description | Value |
|---|---|---|
| emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
| isEnabled | Indicates whether the security contact is enabled. | bool |
| notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
| notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
| phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
| Name | Description | Value |
|---|---|---|
| roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: 'AccountAdmin' 'Contributor' 'Owner' 'ServiceAdmin' |
| state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | 'Failed' 'Off' 'On' 'Passed' 'Skipped' 'Unsupported' |
Usage Examples
Terraform (AzAPI provider) resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscription
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/securityContacts@2023-12-01-preview"
name = "string"
parent_id = "string"
body = {
properties = {
emails = "string"
isEnabled = bool
notificationsByRole = {
roles = [
"string"
]
state = "string"
}
notificationsSources = [
{
sourceType = "string"
// For remaining properties, see NotificationsSource objects
}
]
phone = "string"
}
}
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
{
minimalSeverity = "string"
sourceType = "Alert"
}
For AttackPath, use:
{
minimalRiskLevel = "string"
sourceType = "AttackPath"
}
Property Values
Microsoft.Security/securityContacts
| Name | Description | Value |
|---|---|---|
| name | The resource name | 'default' (required) |
| properties | Security contact data | SecurityContactProperties |
| type | The resource type | "Microsoft.Security/securityContacts@2023-12-01-preview" |
NotificationsSource
| Name | Description | Value |
|---|---|---|
| sourceType | Set to 'Alert' for type NotificationsSourceAlert. Set to 'AttackPath' for type NotificationsSourceAttackPath. | 'Alert' 'AttackPath' (required) |
NotificationsSourceAlert
| Name | Description | Value |
|---|---|---|
| minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'Alert' (required) |
NotificationsSourceAttackPath
| Name | Description | Value |
|---|---|---|
| minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | 'Critical' 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'AttackPath' (required) |
SecurityContactProperties
| Name | Description | Value |
|---|---|---|
| emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
| isEnabled | Indicates whether the security contact is enabled. | bool |
| notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
| notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
| phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
| Name | Description | Value |
|---|---|---|
| roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: 'AccountAdmin' 'Contributor' 'Owner' 'ServiceAdmin' |
| state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | 'Failed' 'Off' 'On' 'Passed' 'Skipped' 'Unsupported' |
Usage Examples
Terraform Samples
A basic example of deploying subscription's Security Center Contact.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
azurerm = {
source = "hashicorp/azurerm"
}
}
}
provider "azurerm" {
features {
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "eastus"
}
data "azurerm_client_config" "current" {
}
resource "azapi_resource" "securityContact" {
type = "Microsoft.Security/securityContacts@2017-08-01-preview"
parent_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
name = var.resource_name
body = {
properties = {
alertNotifications = "On"
alertsToAdmins = "On"
email = "basic@example.com"
phone = "+1-555-555-5555"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
Feedback
Was this page helpful?