search

Azure / azure-policy

Repository for Azure Resource Policy built-in definitions and samples
MIT License
1.47k stars 1.07k forks source link

Email notification for high severity alerts should be enabled: Validates that email notifications are off rather than on #1312

Closed erenes closed 2 months ago

erenes commented 2 months ago

Details of the scenario you tried and the problem that is occurring

We noticed that the policy triggers on subscriptions where we have enabled the "alertNotifications" on our securityContacts. I don't think that this is the intended behavior.

Verbose logs showing the problem

N/A

Suggested solution to the issue

I suggest that the anyOf in the policy is replaced by allOf: https://github.com/Azure/azure-policy/blob/fb3a632a61e36f32a79875c50d75f3f72d8a6c36/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json#L37

If policy is Guest Configuration - details about target node

N/A

erenes commented 2 months ago

We solved it by creating a custom policy, I am also not a 100% sure about my diagnosis here.

mattias-fjellstrom commented 2 months ago

I think this rule is broken. We have configured the correct settings but all (100+) of our subscriptions are flagged as breaking this rule.

nickel-tyler commented 2 months ago

it's definitely broke