1. Log in to the Azure portal (https://portal.azure.com/).
2. Navigate to the Security Center dashboard.
3. Click on “Security policy” on the left-hand side of the screen.
4. Select the subscription you want to remediate.
5. Click on “Vulnerability assessment settings” in the “Security policy” window.
6. Ensure that the “Email notifications to subscription owners and admins” toggle is turned on.
7. If the toggle is not turned on, click on the toggle to turn it on.
8. Click on “Save” to save the changes.

​

1. Open the Azure CLI on your computer.
2. Login to your Azure account using the command: az login
3. Select the Azure subscription in which the misconfiguration exists using the command: az account set --subscription <subscription_id> Replace <subscription_id> with the ID of your Azure subscription.
4. Run the below command to enable email notifications for vulnerability assessment: az security va-notification-contacts create --email <email_address> --phone <phone_number> --alert-notifications true --security-contact-name <contact_name> Replace <email_address> with the email address of the admin or subscription owner who needs to receive the email notifications. Replace <phone_number> with the phone number of the admin or subscription owner who needs to receive the SMS notifications. Replace <contact_name> with the name of the contact to be created.
5. If you want to verify that the email notifications have been enabled, you can run the below command: az security va-notification-contacts list This command will list all the notification contacts that have been created.

1. Import the required libraries:

from azure.identity import DefaultAzureCredential
from azure.mgmt.security import SecurityCenter
from azure.mgmt.security.models import SecurityAssessmentMetadata, SecurityAssessmentStatus, EmailNotificationSubscription

2. Authenticate to Azure using the DefaultAzureCredential:

credential = DefaultAzureCredential()
security_center_client = SecurityCenter(credential, "your_subscription_id")

3. Get the current email notification settings:

email_notification_settings = security_center_client.settings.get("emailNotificationSettings")

4. Check if the email notification settings are configured to send notifications to admins and subscription owners:

if email_notification_settings.send_to_admins_and_subscription_owners is False:
    email_notification_settings.send_to_admins_and_subscription_owners = True
    security_center_client.settings.create_or_update("emailNotificationSettings", email_notification_settings)

5. Create a new email notification subscription:

email_notification_subscription = EmailNotificationSubscription(
    name="Your Subscription Name",
    email_addresses=["[email protected]", "[email protected]"],
    assessment_metadata=SecurityAssessmentMetadata(
        display_name="Security Assessment",
        description="This email notification is sent when a new security assessment is available.",
        severity="High"
    ),
    status=SecurityAssessmentStatus(
        new_assessment=True,
        updated_assessment=True,
        resolved_assessment=True
    )
)

security_center_client.notifications.create_email_subscription(email_notification_subscription)

6. Verify that the email notification subscription was created successfully:

email_notification_subscriptions = security_center_client.notifications.list_email_subscriptions()
for subscription in email_notification_subscriptions:
    print(subscription.name)