View and manage Azure security issues

With the increased use of cloud computing, customers rely increasingly on Azure to run their workload for critical and noncritical business applications. It's important for you as an Azure customer to stay informed about Azure security issues or privacy breaches and take the right action to protect your environment.

This article shows where Azure customers receive Azure security notifications, and the three steps you can follow to ensure security alerts reach the right people in your organization.

Security issues affecting your Azure subscription workloads

You receive security-related notifications affecting your Azure subscription workloads in two ways:

Security Advisory in Azure Service Health

Azure publishes Service Health notifications, which contain information about the resources under your subscription.

• You can review these security advisories in the Service Health experience in the Azure portal and get notified about security advisories through your preferred channel by setting up Service Health alerts for this type of notification.
• You can create Activity Log alerts on Service Health notifications using the Azure portal.

Email Notification

We communicate security-related information affecting your Azure subscription workloads via Email and/or Azure Service Health Notifications. We send notifications to subscription admins or owners.

Security issues affecting your Azure tenant workloads

• We communicate security-related information affecting your Azure tenant workloads through Email and/or Azure Service Health Notifications.
• We send notifications to Global Admins, Technical Contacts, and Security Admins.

Azure Service Health security communications are visible.

• For services designed at the subscription level, notifications are sent at the subscription level.
• For services designed at the tenant level (for example, Microsoft Entra), notifications are sent at the tenant level.

However, when Microsoft identifies a security event that is both impactful and designed at the subscription level, we also proactively send another notifications at the tenant level to ensure maximum visibility and awareness.

Stay informed about Azure security issues

1. Check the Contact on Subscription Admin Owner Role

   Ensure that there's a contactable email address as the subscription administrator or subscription owner. This email address is used for security issues that would have an effect at the subscription level.

2. Check the Contacts for Tenant Global Admin, Technical Contact, and Security Admin Roles

   Ensure that there are contactable email addresses entered for your Global Admins, Technical contacts, and security admins. T hese email addresses are used for security issues that would have an effect at the tenant level.

3. Create Azure Service Health alerts for subscription notifications

   Create Azure Service Health alerts for security events so that your organization can be alerted for any security event that Microsoft identifies. This channel is the same one you configure to be alerted of outages, or maintenance information on the platform: Create Activity Log Alerts on Service Notifications using the Azure portal.

Depending on your requirements, you can configure various alerts to use the same action group or different action groups. Action group types include sending a voice call, SMS, or email. You can also trigger various types of automated actions.

There's an important difference between Service Health security advisories and Microsoft Defender for Cloud security notifications.

• Security advisories in Service Health provide notifications dealing with platform vulnerabilities and security and privacy breaches at the subscription and tenant level.
• Security notifications in Microsoft Defender for Cloud communicate vulnerabilities that pertain to affected individual Azure resources.

For more information about the Azure Service Health notifications, see Azure service health notifications.