Closed erenes closed 2 months ago
We solved it by creating a custom policy, I am also not a 100% sure about my diagnosis here.
I think this rule is broken. We have configured the correct settings but all (100+) of our subscriptions are flagged as breaking this rule.
it's definitely broke
Details of the scenario you tried and the problem that is occurring
We noticed that the policy triggers on subscriptions where we have enabled the "alertNotifications" on our securityContacts. I don't think that this is the intended behavior.
Verbose logs showing the problem
N/A
Suggested solution to the issue
I suggest that the
anyOf
in the policy is replaced byallOf
: https://github.com/Azure/azure-policy/blob/fb3a632a61e36f32a79875c50d75f3f72d8a6c36/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json#L37If policy is Guest Configuration - details about target node
N/A