Merge pull request #275133 from ElazarK/WI250909-email-notifications

PMEds28 · web-flow · commit 7083859c0fd9 · 2024-05-22T10:35:36.000+01:00
added email notifications attack path
diff --git a/articles/defender-for-cloud/TOC.yml b/articles/defender-for-cloud/TOC.yml
@@ -115,7 +115,7 @@
     - name: Investigate the health of your resources
       displayName: health, resources, outstanding, security, issues,
       href: investigate-resource-health.md
-    - name: Set up email notifications
+    - name: Configure email notifications for alerts and attack paths
       displayName: email,e-mail, notifications
       href: configure-email-notifications.md
     - name: Create autoresponses to alerts using an ARM template or Bicep
diff --git a/articles/defender-for-cloud/configure-email-notifications.md b/articles/defender-for-cloud/configure-email-notifications.md
@@ -1,52 +1,68 @@
 ---
-title: Configure email notifications for alerts
-description: Learn how to fine-tune the Microsoft Defender for Cloud security alert emails.
-ms.topic: quickstart
+title: Configure email notifications for alerts and attack paths
+description: Learn how to fine-tune the Microsoft Defender for Cloud security alert emails to ensure the right people receive timely notifications.
+ms.topic: how-to
 ms.author: dacurwin
 author: dcurwin
-ms.date: 02/25/2024
+ms.date: 05/19/2024
 ms.custom: mode-other
+#customer intent: As a user, I want to learn how to customize email notifications for alerts and attack paths in Microsoft Defender for Cloud.
 ---
-# Quickstart: configure email notifications for security alerts
 
-Security alerts need to reach the right people in your organization. By default, Microsoft Defender for Cloud emails subscription owners whenever a high-severity alert is triggered for their subscription. This page explains how to customize these notifications.
+# Configure email notifications for alerts and attack paths
 
-Use Defender for Cloud's **Email notifications** settings page to define preferences for notification emails including:
+Microsoft Defender for Cloud allows you to configure email notifications for alerts and attack paths. Configuring email notifications allows for the delivery of timely notifications to the appropriate recipients. By modifying the email notification settings, preferences can be defined for the severity levels of alerts and the risk level of attack paths that trigger notifications. By default, subscription owners receive email notifications for high-severity alerts and attack paths. 
+
+Defender for Cloud's **Email notifications** settings page allows you to define preferences for notification emails including:
 
 - ***who* should be notified** - Emails can be sent to select individuals or to anyone with a specified Azure role for a subscription.
 - ***what* they should be notified about** - Modify the severity levels for which Defender for Cloud should send out notifications.
 
-To avoid alert fatigue, Defender for Cloud limits the volume of outgoing emails. For each email address, Defender for Cloud sends:
+:::image type="content" source="./media/configure-email-notifications/email-notification-settings.png" alt-text="Screenshot showing how to configure the details of the contact who is to receive emails about alerts and attack paths." lightbox="media/configure-email-notifications/email-notification-settings.png":::
 
-- approximately **four emails per day** for **high-severity** alerts
-- approximately **two emails per day** for **medium-severity** alerts
-- approximately **one email per day** for **low-severity** alerts
+## Email frequency
 
-:::image type="content" source="./media/configure-email-notifications/email-notification-settings.png" alt-text="Configuring the details of the contact who is to receive emails about security alerts." lightbox="media/configure-email-notifications/email-notification-settings.png":::
+To avoid alert fatigue, Defender for Cloud limits the volume of outgoing emails. For each email address, Defender for Cloud sends:
+
+|Alert type | Severity/Risk level | Email volume |
+|--|--|--|
+| Alert | High | Four emails per day |
+| Alert | Medium | Two emails per day | 
+| Alert | Low | One email per day |
+| Attack path | Critical | One email per 30 minutes |
+| Attack path | High | One email per hour |
+| Attack path | Medium | One email per two hours |
+| Attack path | Low | One email per three hours |
 
 ## Availability
 
-|Aspect|Details|
-|----|:----|
-|Release state:|General availability (GA)|
-|Pricing:|Email notifications are free; for security alerts, enable the enhanced security plans ([plan pricing](https://azure.microsoft.com/pricing/details/defender-for-cloud/)) |
-|Required roles and permissions:|**Security Admin**<br>**Subscription Owner**<br>**Contributor** |
-|Clouds:|:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: National (Azure Government, Microsoft Azure operated by 21Vianet)|
+Required roles and permissions: Security Admin, Subscription Owner or Contributor.
 
-## Customize the security alerts email notifications via the portal<a name="email"></a>
+## Customize the email notifications in the portal
 
 You can send email notifications to individuals or to all users with specific Azure roles.
 
-1. From Defender for Cloud's **Environment settings** area, select the relevant subscription, and open **Email notifications**.
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Navigate to **Microsoft Defender for Cloud** > **Environment settings**.
+
+1. Select the relevant subscription.
+
+1. Select **email notifications**.
 
 1. Define the recipients for your notifications with one or both of these options:
 
     - From the dropdown list, select from the available roles.
     - Enter specific email addresses separated by commas. There's no limit to the number of email addresses that you can enter.
 
-1. To apply the security contact information to your subscription, select **Save**.
+1. Select the notification types:
+
+    - **Notify about alerts with the following severity (or higher)** and select a severity level.
+    - **Notify about attack paths with the following risk level (or higher)** and select a risk level.
 
-## Customize the alerts email notifications through the API
+1. Select **Save**.
+
+## Customize the email notifications with an API
 
 You can also manage your email notifications through the supplied REST API. For full details, see the [SecurityContacts API documentation](/rest/api/defenderforcloud/security-contacts).
 
@@ -71,10 +87,10 @@ URI: `https://management.azure.com/subscriptions/<SubscriptionId>/providers/Micr
 }
 ```
 
-## Next steps
-
-To learn more about security alerts, see the following pages:
+## Related content
 
 - [Security alerts - a reference guide](alerts-reference.md) - Learn about the security alerts you might see in Microsoft Defender for Cloud's Threat Protection module.
 - [Manage and respond to security alerts in Microsoft Defender for Cloud](managing-and-responding-alerts.yml) - Learn how to manage and respond to security alerts.
+- [Identify and remediate attack paths](how-to-manage-attack-path.md).
+- [Investigating risk with security explorer/attack paths](concept-attack-path.md)
 - [Workflow automation](workflow-automation.yml) - Automate responses to alerts with custom notification logic.
diff --git a/articles/defender-for-cloud/media/configure-email-notifications/email-notification-settings.png b/articles/defender-for-cloud/media/configure-email-notifications/email-notification-settings.png
diff --git a/articles/defender-for-cloud/permissions.md b/articles/defender-for-cloud/permissions.md
@@ -2,7 +2,7 @@
 title: User roles and permissions
 description: This article explains how Microsoft Defender for Cloud uses role-based access control to assign permissions to users and identify the permitted actions for each role.
 ms.topic: limits-and-quotas
-ms.date: 10/09/2023
+ms.date: 05/12/2024
 ---
 
 # User roles and permissions
@@ -32,6 +32,7 @@ The following table displays roles and allowed actions in Defender for Cloud.
 | Apply security recommendations for a resource</br> (and use [Fix](implement-security-recommendations.md)) | - | - | ✔ | ✔ | ✔ |
 | View alerts and recommendations | ✔ | ✔ | ✔ | ✔ | ✔ |
 | Exempt security recommendations | - |✔|-|-| ✔ |
+| Configure email notifications | - | ✔ | ✔| ✔ | ✔ |
 
 The specific role required to deploy monitoring components depends on the extension you're deploying. Learn more about [monitoring components](monitoring-components.md).
 
diff --git a/articles/defender-for-cloud/release-notes.md b/articles/defender-for-cloud/release-notes.md
@@ -2,7 +2,7 @@
 title: Release notes
 description: This page is updated frequently with the latest updates in Defender for Cloud.
 ms.topic: overview
-ms.date: 05/20/2024
+ms.date: 05/22/2024
 ---
 
 # What's new in Microsoft Defender for Cloud?
@@ -24,19 +24,28 @@ If you're looking for items older than six months, you can find them in the [Arc
 
 |Date | Update |
 |--|--|
+| May 22 | [Configure email notifications for attack paths](#configure-email-notifications-for-attack-paths) |
 | May 21 | [Advanced hunting in Microsoft Defender XDR now includes Defender for Cloud alerts and incidents](#advanced-hunting-in-microsoft-defender-xdr-now-includes-defender-for-cloud-alerts-and-incidents) |
 | May 9 | [Checkov integration for IaC scanning in Defender for Cloud (Preview)](#checkov-integration-for-iac-scanning-in-defender-for-cloud-preview) |
-| May 7 | [General availability of permissions management in Defender for Cloud](#general-availability-of-permissions-management-in-defender-for-cloud) |
 | May 6 | [AI multicloud security posture management is publicly available for Azure and AWS](#ai-multicloud-security-posture-management-is-publicly-available-for-azure-and-aws) |
-| May 6 | [Limited public preview of threat protection for AI workloads in Azure](#limited-public-preview-of-threat-protection-for-ai-workloads-in-azure) |
 | May 2 | [Updated security policy management is now generally available](#updated-security-policy-management-is-now-generally-available) |
 | May 1 | [Defender for open-source databases is now available on AWS for Amazon instances (Preview)](#defender-for-open-source-databases-is-now-available-on-aws-for-amazon-instances-preview) |
 
+### Configure email notifications for attack paths
+
+May 22, 2024
+
+You can now configure email notifications for attack paths in Defender for Cloud. This feature allows you to receive email notifications when an attack path is detected with a specified risk level or higher. 
+
+Learn how to [configure email notifications](configure-email-notifications.md).
+
 ### Advanced hunting in Microsoft Defender XDR now includes Defender for Cloud alerts and incidents
 
+May 21, 2024
+
 Defender for Cloud's alerts and incidents are now integrated with Microsoft Defender XDR. This integration allows security teams to access Defender for Cloud alerts and incidents within the Microsoft Defender Portal. This integration provides richer context to investigations that span cloud resources, devices, and identities.
 
-Learn more about about the [advanced hunting in XDR integration](concept-integration-365.md#advanced-hunting-in-xdr).
+Learn more about the [advanced hunting in XDR integration](concept-integration-365.md#advanced-hunting-in-xdr).
 
 ### Checkov integration for IaC scanning in Defender for Cloud (Preview)
 
