MS.DEFENDER.5.2v1 - The alerts SHOULD be sent to a monitored address or incorporated into a Security Information and Event Management (SIEM).

Information

Suspicious or malicious events, if not resolved promptly, may have a greater impact to users and the agency. Sending alerts to a monitored email address or SIEM system helps ensure events are acted upon in a timely manner to limit overall impact.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

For each enabled alert, to add one or more email recipients:

1. Sign in to Microsoft 365 Defender.

2. Under Email & collaboration, select Policies & rules.

3. Select Alert Policy.

4. Click the alert policy to modify.

5. Click the pencil icon next to Set your recipients.

6. Check the Opt-In for email notifications box.

7. Add one or more email addresses to the Email recipients text box.

8. Click Next.

9. On the Review page, click Submit to save the notification settings.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|CA-7, 800-53|CM-2, 800-53|CM-5, 800-53|CM-6, 800-53|CM-7, 800-53|CM-10, 800-53|IA-2, 800-53|IA-9, 800-53|SC-8, 800-53|SC-23, 800-53|SI-3, 800-53|SI-4, 800-53|SI-7

Plugin: microsoft_azure

Control ID: ce45782376f3497850dca9dc301711d5ce00959179566c5001efda9cacbfdcc8