Security Contacts - Create

Create security contact configurations for the subscription

PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/securityContacts/default?api-version=2023-12-01-preview

URI Parameters

Name In Required Type Description
securityContactName
path True

securityContactName

Name of the security contact object

Regex pattern: ^(default)$

subscriptionId
path True

string

Azure subscription ID

Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$

api-version
query True

string

API version for the operation

Request Body

Name Type Description
properties.emails

string

List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact.

properties.isEnabled

boolean

Indicates whether the security contact is enabled.

properties.notificationsByRole

NotificationsByRole

Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription.

properties.notificationsSources NotificationsSource[]:

A collection of sources types which evaluate the email notification.

properties.phone

string

The security contact's phone number

Responses

Name Type Description
200 OK

SecurityContact

OK

201 Created

SecurityContact

Created

Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Create security contact data

Sample request

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityContacts/default?api-version=2023-12-01-preview

{
  "properties": {
    "notificationsByRole": {
      "state": "On",
      "roles": [
        "Owner"
      ]
    },
    "isEnabled": true,
    "emails": "john@contoso.com;jane@contoso.com",
    "phone": "(214)275-4038",
    "notificationsSources": [
      {
        "sourceType": "AttackPath",
        "minimalRiskLevel": "Critical"
      },
      {
        "sourceType": "Alert",
        "minimalSeverity": "Medium"
      }
    ]
  }
}

Sample response

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityContacts/default",
  "name": "default",
  "type": "Microsoft.Security/securityContact",
  "properties": {
    "notificationsByRole": {
      "roles": [
        "Owner"
      ]
    },
    "isEnabled": true,
    "emails": "john@microsoft.com;jane@microsoft.com",
    "phone": "(214)275-4038",
    "notificationsSources": [
      {
        "sourceType": "AttackPath",
        "minimalRiskLevel": "Critical"
      },
      {
        "sourceType": "Alert",
        "minimalSeverity": "Medium"
      }
    ]
  }
}
{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityContacts/default",
  "name": "default",
  "type": "Microsoft.Security/securityContact",
  "properties": {
    "notificationsByRole": {
      "state": "On",
      "roles": [
        "Owner"
      ]
    },
    "isEnabled": true,
    "emails": "john@microsoft.com;jane@microsoft.com",
    "phone": "(214)275-4038",
    "notificationsSources": [
      {
        "sourceType": "AttackPath",
        "minimalRiskLevel": "Critical"
      },
      {
        "sourceType": "Alert",
        "minimalSeverity": "Medium"
      }
    ]
  }
}

Definitions

Name Description
CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

CloudErrorBody

The error detail.

ErrorAdditionalInfo

The resource management error additional info.

minimalRiskLevel

Defines the minimal attach path risk level which will be sent as email notifications

minimalSeverity
NotificationsByRole

Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription.

NotificationsSourceAlert

Alert notification source

NotificationsSourceAttackPath

Attack path notification source

SecurityContact

Contact details and configurations for notifications coming from Microsoft Defender for Cloud.

securityContactName

Name of the security contact object

securityContactRole

Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles:

state

Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription.

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name Type Description
error.additionalInfo

ErrorAdditionalInfo[]

The error additional info.

error.code

string

The error code.

error.details

CloudErrorBody[]

The error details.

error.message

string

The error message.

error.target

string

The error target.

CloudErrorBody

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

CloudErrorBody[]

The error details.

message

string

The error message.

target

string

The error target.

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

minimalRiskLevel

Defines the minimal attach path risk level which will be sent as email notifications

Name Type Description
Critical

string

Get notifications on new attack paths with Critical risk level

High

string

Get notifications on new attack paths with High or Critical risk level

Low

string

Get notifications on new attach paths with Low, Medium, High or Critical risk level

Medium

string

Get notifications on new attach paths with Medium, High or Critical risk level

minimalSeverity

Name Type Description
High

string

Get notifications on new alerts with High severity

Low

string

Get notifications on new alerts with Low, Medium or High severity

Medium

string

Get notifications on new alerts with Medium or High severity

NotificationsByRole

Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription.

Name Type Description
roles

securityContactRole[]

Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles:

state

state

Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription.

NotificationsSourceAlert

Alert notification source

Name Type Description
minimalSeverity

minimalSeverity

sourceType string:

Alert

The source type that will trigger the notification

NotificationsSourceAttackPath

Attack path notification source

Name Type Description
minimalRiskLevel

minimalRiskLevel

Defines the minimal attach path risk level which will be sent as email notifications

sourceType string:

AttackPath

The source type that will trigger the notification

SecurityContact

Contact details and configurations for notifications coming from Microsoft Defender for Cloud.

Name Type Description
id

string

Resource Id

name

string

Resource name

properties.emails

string

List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact.

properties.isEnabled

boolean

Indicates whether the security contact is enabled.

properties.notificationsByRole

NotificationsByRole

Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription.

properties.notificationsSources NotificationsSource[]:

A collection of sources types which evaluate the email notification.

properties.phone

string

The security contact's phone number

type

string

Resource type

securityContactName

Name of the security contact object

Name Type Description
default

string

The single applicable name of the security contact object

securityContactRole

Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles:

Name Type Description
AccountAdmin

string

If enabled, send notification on new alerts to the account admins

Contributor

string

If enabled, send notification on new alerts to the subscription contributors

Owner

string

If enabled, send notification on new alerts to the subscription owners

ServiceAdmin

string

If enabled, send notification on new alerts to the service admins

state

Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription.

Name Type Description
Off

string

Don't send notification on new alerts to the subscription's admins

On

string

Send notification on new alerts to the subscription's admins