1. Log in to the Azure portal (https://portal.azure.com/).
2. Navigate to the Security Center by clicking on the “Security Center” icon in the left-hand menu.
3. In the Security Center, click on the “Security policy” tab in the left-hand menu.
4. In the Security policy tab, click on the “Edit” button to edit the security policy.
5. Scroll down to the “Email notification settings” section and ensure that the “Send email notifications to subscription owners” option is enabled.
6. If the option is not enabled, click on the toggle switch to enable it.
7. Once enabled, click on the “Save” button to save the changes.

​

1. Open the Azure CLI command prompt.
2. Run the following command to set the security alert email to the subscription owner:
   Copy

   Ask AI

   az monitor activity-log alert update --name {alert_name} --resource-group {resource_group_name} --condition-category "Security" --email-service-owners true --enabled true
   

   Replace {alert_name} with the name of the security alert that you want to update, and {resource_group_name} with the name of the resource group that contains the alert.
3. Verify that the security alert email has been set to the subscription owner by running the following command:
   Copy

   Ask AI

   az monitor activity-log alert show --name {alert_name} --resource-group {resource_group_name}
   

   This command will display the details of the security alert, including the email settings.

1. Install the Azure Python SDK by running the following command:

pip install azure-mgmt-monitor

2. Authenticate with Azure by creating a Service Principal. You can follow the instructions in this Microsoft documentation to create a Service Principal: https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-authenticate?tabs=cmd#create-a-service-principal
3. Once authenticated, you can use the following Python code to configure security alerts to be sent to subscription owners:

from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.monitor import MonitorManagementClient
from azure.mgmt.monitor.models import ActionGroup, EmailReceiver, ActionGroupPatchBody

# Replace the values below with your own
subscription_id = '<your-subscription-id>'
resource_group_name = '<your-resource-group-name>'
action_group_name = '<your-action-group-name>'
owner_email = '<your-owner-email>'

# Create the credentials object
credentials = ServicePrincipalCredentials(
    client_id='<your-client-id>',
    secret='<your-client-secret>',
    tenant='<your-tenant-id>'
)

# Create the MonitorManagementClient object
monitor_client = MonitorManagementClient(credentials, subscription_id)

# Create the action group
action_group = ActionGroup(
    group_short_name=action_group_name,
    receivers=[EmailReceiver(name='Owner', email_address=owner_email)],
    enabled=True
)
monitor_client.action_groups.create_or_update(resource_group_name, action_group_name, action_group)

# Update the default security alert action group to use the new action group
default_action_group = ActionGroupPatchBody(
    enabled=True,
    action_group_id=action_group.id
)
monitor_client.alert_rules.update_action_group(resource_group_name, 'default', default_action_group)