I've been trying to figure out how to stop our CEO from receiving alerts generated by Defender or Purview. Today, for example, I was testing some auto-labeling settings, and all simulation emails ended up going to four people, including him. I'm unsure why he receives these alerts since he only has the role of Application Administrator. Previously, he set up our tenant when we moved to the cloud, but now he doesn't have Elevated Access. How can I manage who gets these alerts? Any help would be appreciated!
3 Answers
To manage alert notifications in Microsoft Defender for Cloud, follow these steps: Open the Azure Portal and search for 'Defender for Cloud.' Then, go to 'Environment settings' and select your subscription. Under 'Settings,' click 'Email notifications' to toggle alerts for high severity and add additional email addresses if needed. This way, you can effectively control who gets the alert emails.
The reason your CEO is still receiving alerts is likely because his account was the first one set up, making it the technical contact for root objects. To resolve this, you can create a distribution list (DL) that excludes him. It's a good idea to make that change for better control over who gets notified.
How exactly do I remove him as a technical contact? Or is there a way to replace existing recipients with the new distribution list? Thanks!
I’m in a similar situation—anyone else know how to handle this? Could use some pointers!
This is exactly what I needed to know! Thanks a ton!