diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..a2c52f165e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+
+- [Security Policy](#security-policy)
+  - [Reporting a Vulnerability](#reporting-a-vulnerability)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities to
+**[AzureSentinel@microsoft.com](mailto:AzureSentinel@microsoft.com)**. You will receive a response from
+us within 48 hours. If the issue is confirmed, we will release a patch as soon
+as possible depending on complexity but historically within a few days.