subscriptions
| Name | Type | Description |
|---|---|---|
| Resource Health Unhealthy | ActivityLog | Resource Health Unhealthy Alert |
| Service Health Advisory | ActivityLog | Service Health Advisory Alert |
| Service Health Incident | ActivityLog | Service Health Incident Alert |
| Service Health Maintenance | ActivityLog | Service Health Maintenance Alert |
| Service Health Security | ActivityLog | Service Health Security Alert |
Dashboards:
Click a tab to view the dashboard template
{
"__inputs": [],
"__elements": {},
"__requires": [
{
"type": "panel",
"id": "bargauge",
"name": "Bar gauge",
"version": ""
},
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "9.5.12"
},
{
"type": "datasource",
"id": "grafana-azure-monitor-datasource",
"name": "Azure Monitor",
"version": "1.0.0"
}
],
"title": "Subscriptions",
"editable": true,
"links": [],
"liveNow": false,
"panels": [
],
"refresh": "",
"schemaVersion": 38,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"current": {},
"hide": 0,
"includeAll": false,
"label": "Datasource",
"multi": false,
"name": "ds",
"options": [],
"query": "grafana-azure-monitor-datasource",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
},
{
"current": {},
"datasource": {
"type": "grafana-azure-monitor-datasource",
"uid": "${ds}"
},
"definition": "",
"hide": 0,
"includeAll": false,
"label": "Subscription",
"multi": false,
"name": "sub",
"options": [],
"query": {
"azureLogAnalytics": {
"query": "",
"resources": []
},
"queryType": "Azure Subscriptions",
"refId": "A"
},
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"type": "query"
}
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"version": null
}Resource Health Unhealthy - ActivityLog Alert
Resource Health Unhealthy Alert
Properties:
| category | ResourceHealth |
| causes | |
| currentHealthStatus | |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"metadata": {
"description": "Unique name (within the Resource Group) for the Activity log alert."
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Resource Health Unhealthy Alert",
"metadata": {
"description": "Description of alert"
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Indicates whether or not the alert is enabled."
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]"
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('alertName')]",
"location": "Global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": [
"[subscription().id]"
],
"enabled": "[parameters('isEnabled')]",
"condition": {
"allOf": [
{
"field": "category",
"equals": "ResourceHealth"
},
{
"anyOf": [
{
"field": "properties.cause",
"equals": "PlatoformInitiated"
},
{
"field": "properties.cause",
"equals": "UserInitiated"
}
]
},
{
"anyOf": [
{
"field": "properties.currentHealthStatus",
"equals": "Degraded"
},
{
"field": "properties.currentHealthStatus",
"equals": "Unavailable"
}
]
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Unique name (within the Resource Group) for the Activity log alert.')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Resource Health Unhealthy Alert'
@description('Indicates whether or not the alert is enabled.')
param isEnabled bool = true
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = {
name: alertName
location: 'Global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: [
subscription().id
]
enabled: isEnabled
condition: {
allOf: [
{
field: 'category'
equals: 'ResourceHealth'
}
{
anyOf: [
{
field: 'properties.cause'
equals: 'PlatoformInitiated'
}
{
field: 'properties.cause'
equals: 'UserInitiated'
}
]
}
{
anyOf: [
{
field: 'properties.currentHealthStatus'
equals: 'Degraded'
}
{
field: 'properties.currentHealthStatus'
equals: 'Unavailable'
}
]
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "Deploy_activitylog_ResourceHealth_Unhealthy_Alert",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy Resource Health Unhealthy Alert",
"description": "Policy to Deploy Resource Health Unhealthy Alert",
"metadata": {
"version": "1.1.0",
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"alertResourceGroupName": {
"type": "String",
"metadata": {
"displayName": "Resource Group Name",
"description": "Resource group the alert is placed in"
},
"defaultValue": "rg-amba-monitoring-001"
},
"alertResourceGroupTags": {
"type": "Object",
"metadata": {
"displayName": "Resource Group Tags",
"description": "Tags on the Resource group the alert is placed in"
},
"defaultValue": {
"_deployed_by_amba": true
}
},
"alertResourceGroupLocation": {
"type": "String",
"metadata": {
"displayName": "Resource Group Location",
"description": "Location of the Resource group the alert is placed in"
},
"defaultValue": "centralus"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "disabled"
},
"MonitorDisable": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled",
"description": "Tag name to disable monitoring. Set to true if monitoring should be disabled"
},
"defaultValue": "MonitorDisable"
},
"BYOActionGroup": {
"type": "String",
"metadata": {
"displayName": "Customer defined Action Group Resource ID",
"description": "The Resource ID of an existing Action Group already deployed by the customer in his environment"
},
"defaultValue": ""
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions"
},
{
"field": "[[concat('tags[', parameters('MonitorDisable'), ']')]",
"notEquals": "true"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/activityLogAlerts",
"existenceScope": "resourcegroup",
"resourceGroupName": "[[parameters('alertResourceGroupName')]",
"deploymentScope": "subscription",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"anyOf": [
{
"allOf": [
{
"value": "[[empty(parameters('BYOActionGroup'))]",
"equals": true
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
"contains": "ag-AMBA-SH-"
}
]
},
{
"allOf": [
{
"value": "[[empty(parameters('BYOActionGroup'))]",
"equals": false
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*]",
"where": {
"anyOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
"contains": "[[split(trim(parameters('BYOActionGroup')),',')[0]]"
}
]
}
},
"equals": 1
}
]
}
]
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
"where": {
"anyOf": [
{
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "category"
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
"equals": "ResourceHealth"
}
]
}
]
}
},
"equals": 1
}
]
},
"deployment": {
"location": "northeurope",
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertResourceGroupName": {
"type": "string"
},
"alertResourceGroupTags": {
"type": "object"
},
"alertResourceGroupLocation": {
"type": "string"
},
"enabled": {
"type": "string"
},
"BYOActionGroup": {
"type": "String"
}
},
"variables": {
"varBYOActionGroups": "[[split(parameters('BYOActionGroup'), ',')]",
"copy": [
{
"name": "varActionGroupIds",
"count": "[[length(variables('varBYOActionGroups'))]",
"mode": "serial",
"input": {
"actionGroupId": "[[trim(variables('varBYOActionGroups')[copyIndex('varActionGroupIds')])]"
}
}
]
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2021-04-01",
"name": "[[parameters('alertResourceGroupName')]",
"location": "[[parameters('alertResourceGroupLocation')]",
"tags": "[[parameters('alertResourceGroupTags')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "ResourceHealtAlert",
"resourceGroup": "[[parameters('alertResourceGroupName')]",
"dependsOn": [
"[[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enabled": {
"type": "string"
},
"alertResourceGroupName": {
"type": "string"
},
"BYOActionGroup": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"condition": "[[empty(parameters('BYOActionGroup'))]",
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ResourceHealthUnhealthyAlert",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"actions": {
"actionGroups": [
{
"actionGroupId": "[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-SH-', subscription().displayName, '-001')]",
"webhookProperties": {}
}
]
},
"description": "Resource Health Unhealthy Alert",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ResourceHealth"
},
{
"anyOf": [
{
"field": "properties.cause",
"equals": "PlatformInitiated"
},
{
"field": "properties.cause",
"equals": "UserInitiated"
}
]
},
{
"anyOf": [
{
"field": "properties.currentHealthStatus",
"equals": "Degraded"
},
{
"field": "properties.currentHealthStatus",
"equals": "Unavailable"
}
]
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
},
{
"condition": "[[not(empty(parameters('BYOActionGroup')))]",
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ResourceHealthUnhealthyAlert",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"actions": {
"actionGroups": "[[variables('varActionGroupIds')]"
},
"description": "Resource Health Unhealthy Alert",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ResourceHealth"
},
{
"anyOf": [
{
"field": "properties.cause",
"equals": "PlatformInitiated"
},
{
"field": "properties.cause",
"equals": "UserInitiated"
}
]
},
{
"anyOf": [
{
"field": "properties.currentHealthStatus",
"equals": "Degraded"
},
{
"field": "properties.currentHealthStatus",
"equals": "Unavailable"
}
]
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"BYOActionGroup": {
"value": "[[parameters('BYOActionGroup')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"alertResourceGroupTags": {
"value": "[[parameters('alertResourceGroupTags')]"
},
"alertResourceGroupLocation": {
"value": "[[parameters('alertResourceGroupLocation')]"
},
"BYOActionGroup": {
"value": "[[parameters('BYOActionGroup')]"
}
}
}
}
}
}
}
}
}
Service Health Advisory - ActivityLog Alert
Service Health Advisory Alert
Properties:
| category | ServiceHealth |
| incidentType | ActionRequired |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"metadata": {
"description": "Unique name (within the Resource Group) for the Activity log alert."
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Service Health Advisory Alert",
"metadata": {
"description": "Description of alert"
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Indicates whether or not the alert is enabled."
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('##TELEMETRY_PID-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]"
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('alertName')]",
"location": "Global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": [
"[subscription().id]"
],
"enabled": "[parameters('isEnabled')]",
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "ActionRequired"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Unique name (within the Resource Group) for the Activity log alert.')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Service Health Advisory Alert'
@description('Indicates whether or not the alert is enabled.')
param isEnabled bool = true
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = {
name: alertName
location: 'Global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: [
subscription().id
]
enabled: isEnabled
condition: {
allOf: [
{
{
field: 'category'
equals: 'ServiceHealth'
}
{
field: 'properties.incidentType'
equals: 'ActionRequired'
}
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "Deploy_activitylog_ServiceHealth_HealthAdvisory",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy Service Health Advisory Alert",
"description": "Policy to Deploy Service Health Advisory Alert",
"metadata": {
"version": "1.2.0",
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"alertResourceGroupName": {
"type": "String",
"metadata": {
"displayName": "Resource Group Name",
"description": "Resource group the alert is placed in"
},
"defaultValue": "rg-amba-monitoring-001"
},
"alertResourceGroupTags": {
"type": "Object",
"metadata": {
"displayName": "Resource Group Tags",
"description": "Tags on the Resource group the alert is placed in"
},
"defaultValue": {
"_deployed_by_amba": true
}
},
"alertResourceGroupLocation": {
"type": "String",
"metadata": {
"displayName": "Resource Group Location",
"description": "Location of the Resource group the alert is placed in"
},
"defaultValue": "centralus"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "disabled"
},
"MonitorDisable": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled",
"description": "Tag name to disable monitoring. Set to true if monitoring should be disabled"
},
"defaultValue": "MonitorDisable"
},
"ALZMonitorActionGroupEmail": {
"type": "String",
"metadata": {
"displayName": "Action Group Email Addresses",
"description": "Email addresses to send alerts to"
},
"defaultValue": ""
},
"BYOActionGroup": {
"type": "String",
"metadata": {
"displayName": "Customer defined Action Group Resource ID",
"description": "The Resource ID of an existing Action Group already deployed by the customer in his environment"
},
"defaultValue": ""
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions"
},
{
"field": "[[concat('tags[', parameters('MonitorDisable'), ']')]",
"notEquals": "true"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/activityLogAlerts",
"existenceScope": "resourceGroup",
"resourceGroupName": "[[parameters('alertResourceGroupName')]",
"deploymentScope": "subscription",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"anyOf": [
{
"allOf": [
{
"value": "[[empty(parameters('BYOActionGroup'))]",
"equals": true
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
"contains": "ag-AMBA-SH-"
}
]
},
{
"allOf": [
{
"value": "[[empty(parameters('BYOActionGroup'))]",
"equals": false
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*]",
"where": {
"anyOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
"contains": "[[split(trim(parameters('BYOActionGroup')),',')[0]]"
}
]
}
},
"equals": 1
}
]
}
]
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
"where": {
"anyOf": [
{
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "category"
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
"equals": "ServiceHealth"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "properties.incidentType"
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
"equals": "ActionRequired"
}
]
}
]
}
},
"equals": 2
}
]
},
"deployment": {
"location": "northeurope",
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertResourceGroupName": {
"type": "string"
},
"alertResourceGroupTags": {
"type": "object"
},
"alertResourceGroupLocation": {
"type": "string"
},
"enabled": {
"type": "string"
},
"ALZMonitorActionGroupEmail": {
"type": "string"
},
"BYOActionGroup": {
"type": "String"
}
},
"variables": {
"varBYOActionGroups": "[[split(parameters('BYOActionGroup'), ',')]",
"copy": [
{
"name": "varActionGroupIds",
"count": "[[length(variables('varBYOActionGroups'))]",
"mode": "serial",
"input": {
"actionGroupId": "[[trim(variables('varBYOActionGroups')[copyIndex('varActionGroupIds')])]"
}
}
]
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2021-04-01",
"name": "[[parameters('alertResourceGroupName')]",
"location": "[[parameters('alertResourceGroupLocation')]",
"tags": "[[parameters('alertResourceGroupTags')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "ServiceHealthHealth",
"resourceGroup": "[[parameters('alertResourceGroupName')]",
"dependsOn": [
"[[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enabled": {
"type": "string"
},
"alertResourceGroupName": {
"type": "string"
},
"ALZMonitorActionGroupEmail": {
"type": "string"
},
"BYOActionGroup": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"condition": "[[empty(parameters('BYOActionGroup'))]",
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ServiceHealthAdvisoryEvent",
"location": "Global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"actions": {
"actionGroups": [
{
"actionGroupId": "[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-SH-', subscription().displayName, '-001')]"
}
]
},
"description": "Service Health Advisory Alert",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "ActionRequired"
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
},
{
"condition": "[[not(empty(parameters('BYOActionGroup')))]",
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ServiceHealthAdvisoryEvent",
"location": "Global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"actions": {
"actionGroups": "[[variables('varActionGroupIds')]"
},
"description": "Service Health Advisory Alert",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "ActionRequired"
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"ALZMonitorActionGroupEmail": {
"value": "[[parameters('ALZMonitorActionGroupEmail')]"
},
"BYOActionGroup": {
"value": "[[parameters('BYOActionGroup')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"alertResourceGroupTags": {
"value": "[[parameters('alertResourceGroupTags')]"
},
"alertResourceGroupLocation": {
"value": "[[parameters('alertResourceGroupLocation')]"
},
"ALZMonitorActionGroupEmail": {
"value": "[[parameters('ALZMonitorActionGroupEmail')]"
},
"BYOActionGroup": {
"value": "[[parameters('BYOActionGroup')]"
}
}
}
}
}
}
}
}
}
Service Health Incident - ActivityLog Alert
Service Health Incident Alert
Properties:
| category | ServiceHealth |
| incidentType | Incident |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"metadata": {
"description": "Unique name (within the Resource Group) for the Activity log alert."
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Service Health Incident Alert",
"metadata": {
"description": "Description of alert"
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Indicates whether or not the alert is enabled."
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('##TELEMETRY_PID-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]"
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('alertName')]",
"location": "Global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": [
"[subscription().id]"
],
"enabled": "[parameters('isEnabled')]",
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "Incident"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Unique name (within the Resource Group) for the Activity log alert.')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Service Health Incident Alert'
@description('Indicates whether or not the alert is enabled.')
param isEnabled bool = true
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = {
name: alertName
location: 'Global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: [
subscription().id
]
enabled: isEnabled
condition: {
allOf: [
{
{
field: 'category'
equals: 'ServiceHealth'
}
{
field: 'properties.incidentType'
equals: 'Incident'
}
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "Deploy_activitylog_ServiceHealth_Incident",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy Service Health Incident Alert",
"description": "Policy to Deploy Service Health Incident Alert",
"metadata": {
"version": "1.2.0",
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"alertResourceGroupName": {
"type": "String",
"metadata": {
"displayName": "Resource Group Name",
"description": "Resource group the alert is placed in"
},
"defaultValue": "rg-amba-monitoring-001"
},
"alertResourceGroupTags": {
"type": "Object",
"metadata": {
"displayName": "Resource Group Tags",
"description": "Tags on the Resource group the alert is placed in"
},
"defaultValue": {
"_deployed_by_amba": true
}
},
"alertResourceGroupLocation": {
"type": "String",
"metadata": {
"displayName": "Resource Group Location",
"description": "Location of the Resource group the alert is placed in"
},
"defaultValue": "centralus"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "disabled"
},
"MonitorDisable": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled",
"description": "Tag name to disable monitoring. Set to true if monitoring should be disabled"
},
"defaultValue": "MonitorDisable"
},
"ALZMonitorActionGroupEmail": {
"type": "String",
"metadata": {
"displayName": "Action Group Email Addresses",
"description": "Email addresses to send alerts to"
},
"defaultValue": ""
},
"BYOActionGroup": {
"type": "String",
"metadata": {
"displayName": "Customer defined Action Group Resource ID",
"description": "The Resource ID of an existing Action Group already deployed by the customer in his environment"
},
"defaultValue": ""
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions"
},
{
"field": "[[concat('tags[', parameters('MonitorDisable'), ']')]",
"notEquals": "true"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/activityLogAlerts",
"existenceScope": "resourcegroup",
"resourceGroupName": "[[parameters('alertResourceGroupName')]",
"deploymentScope": "subscription",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"anyOf": [
{
"allOf": [
{
"value": "[[empty(parameters('BYOActionGroup'))]",
"equals": true
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
"contains": "ag-AMBA-SH-"
}
]
},
{
"allOf": [
{
"value": "[[empty(parameters('BYOActionGroup'))]",
"equals": false
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*]",
"where": {
"anyOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
"contains": "[[split(trim(parameters('BYOActionGroup')),',')[0]]"
}
]
}
},
"equals": 1
}
]
}
]
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
"where": {
"anyOf": [
{
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "category"
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
"equals": "ServiceHealth"
}
]
},
{
"allOf": [
{
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field",
"equals": "properties.incidentType"
},
{
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals",
"equals": "Incident"
}
]
}
]
}
},
"equals": 2
}
]
},
"deployment": {
"location": "northeurope",
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertResourceGroupName": {
"type": "string"
},
"alertResourceGroupTags": {
"type": "object"
},
"alertResourceGroupLocation": {
"type": "string"
},
"enabled": {
"type": "string"
},
"ALZMonitorActionGroupEmail": {
"type": "string"
},
"BYOActionGroup": {
"type": "String"
}
},
"variables": {
"varBYOActionGroups": "[[split(parameters('BYOActionGroup'), ',')]",
"copy": [
{
"name": "varActionGroupIds",
"count": "[[length(variables('varBYOActionGroups'))]",
"mode": "serial",
"input": {
"actionGroupId": "[[trim(variables('varBYOActionGroups')[copyIndex('varActionGroupIds')])]"
}
}
]
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2021-04-01",
"name": "[[parameters('alertResourceGroupName')]",
"location": "[[parameters('alertResourceGroupLocation')]",
"tags": "[[parameters('alertResourceGroupTags')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "ServiceHealthIncident",
"resourceGroup": "[[parameters('alertResourceGroupName')]",
"dependsOn": [
"[[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enabled": {
"type": "string"
},
"alertResourceGroupName": {
"type": "string"
},
"ALZMonitorActionGroupEmail": {
"type": "string"
},
"BYOActionGroup": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"condition": "[[empty(parameters('BYOActionGroup'))]",
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ServiceHealthIncident",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"actions": {
"actionGroups": [
{
"actionGroupId": "[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-SH-', subscription().displayName, '-001')]"
}
]
},
"description": "Service Health Incident Alert",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "Incident"
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
},
{
"condition": "[[not(empty(parameters('BYOActionGroup')))]",
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ServiceHealthIncident",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"actions": {
"actionGroups": "[[variables('varActionGroupIds')]"
},
"description": "Service Health Incident Alert",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "Incident"
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"ALZMonitorActionGroupEmail": {
"value": "[[parameters('ALZMonitorActionGroupEmail')]"
},
"BYOActionGroup": {
"value": "[[parameters('BYOActionGroup')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"alertResourceGroupTags": {
"value": "[[parameters('alertResourceGroupTags')]"
},
"alertResourceGroupLocation": {
"value": "[[parameters('alertResourceGroupLocation')]"
},
"ALZMonitorActionGroupEmail": {
"value": "[[parameters('ALZMonitorActionGroupEmail')]"
},
"BYOActionGroup": {
"value": "[[parameters('BYOActionGroup')]"
}
}
}
}
}
}
}
}
}
Service Health Maintenance - ActivityLog Alert
Service Health Maintenance Alert
Properties:
| category | ServiceHealth |
| incidentType | Maintenance |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"metadata": {
"description": "Unique name (within the Resource Group) for the Activity log alert."
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Service Health Maintenance Alert",
"metadata": {
"description": "Description of alert"
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Indicates whether or not the alert is enabled."
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('##TELEMETRY_PID-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]"
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('alertName')]",
"location": "Global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": [
"[subscription().id]"
],
"enabled": "[parameters('isEnabled')]",
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "Maintenance"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Unique name (within the Resource Group) for the Activity log alert.')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Service Health Maintenance Alert'
@description('Indicates whether or not the alert is enabled.')
param isEnabled bool = true
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = {
name: alertName
location: 'Global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: [
subscription().id
]
enabled: isEnabled
condition: {
allOf: [
{
{
field: 'category'
equals: 'ServiceHealth'
}
{
field: 'properties.incidentType'
equals: 'Maintenance'
}
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "Deploy_activitylog_ServiceHealth_Maintenance",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy Service Health Maintenance Alert",
"description": "Policy to Deploy Service Health Maintenance Alert",
"metadata": {
"version": "1.2.0",
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"alertResourceGroupName": {
"type": "String",
"metadata": {
"displayName": "Resource Group Name",
"description": "Resource group the alert is placed in"
},
"defaultValue": "rg-amba-monitoring-001"
},
"alertResourceGroupTags": {
"type": "Object",
"metadata": {
"displayName": "Resource Group Tags",
"description": "Tags on the Resource group the alert is placed in"
},
"defaultValue": {
"_deployed_by_amba": true
}
},
"alertResourceGroupLocation": {
"type": "String",
"metadata": {
"displayName": "Resource Group Location",
"description": "Location of the Resource group the alert is placed in"
},
"defaultValue": "centralus"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "disabled"
},
"MonitorDisable": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled",
"description": "Tag name to disable monitoring. Set to true if monitoring should be disabled"
},
"defaultValue": "MonitorDisable"
},
"ALZMonitorActionGroupEmail": {
"type": "String",
"metadata": {
"displayName": "Action Group Email Addresses",
"description": "Email addresses to send alerts to"
},
"defaultValue": ""
},
"BYOActionGroup": {
"type": "String",
"metadata": {
"displayName": "Customer defined Action Group Resource ID",
"description": "The Resource ID of an existing Action Group already deployed by the customer in his environment"
},
"defaultValue": ""
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions"
},
{
"field": "[[concat('tags[', parameters('MonitorDisable'), ']')]",
"notEquals": "true"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/activityLogAlerts",
"existenceScope": "resourcegroup",
"resourceGroupName": "[[parameters('alertResourceGroupName')]",
"deploymentScope": "subscription",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"anyOf": [
{
"allOf": [
{
"value": "[[empty(parameters('BYOActionGroup'))]",
"equals": true
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
"contains": "ag-AMBA-SH-"
}
]
},
{
"allOf": [
{
"value": "[[empty(parameters('BYOActionGroup'))]",
"equals": false
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*]",
"where": {
"anyOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
"contains": "[[split(trim(parameters('BYOActionGroup')),',')[0]]"
}
]
}
},
"equals": 1
}
]
}
]
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
"where": {
"anyOf": [
{
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "category"
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
"equals": "ServiceHealth"
}
]
},
{
"allOf": [
{
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field",
"equals": "properties.incidentType"
},
{
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals",
"equals": "Maintenance"
}
]
}
]
}
},
"equals": 2
}
]
},
"deployment": {
"location": "northeurope",
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertResourceGroupName": {
"type": "string"
},
"alertResourceGroupTags": {
"type": "object"
},
"alertResourceGroupLocation": {
"type": "string"
},
"enabled": {
"type": "string"
},
"ALZMonitorActionGroupEmail": {
"type": "string"
},
"BYOActionGroup": {
"type": "String"
}
},
"variables": {
"varBYOActionGroups": "[[split(parameters('BYOActionGroup'), ',')]",
"copy": [
{
"name": "varActionGroupIds",
"count": "[[length(variables('varBYOActionGroups'))]",
"mode": "serial",
"input": {
"actionGroupId": "[[trim(variables('varBYOActionGroups')[copyIndex('varActionGroupIds')])]"
}
}
]
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2021-04-01",
"name": "[[parameters('alertResourceGroupName')]",
"location": "[[parameters('alertResourceGroupLocation')]",
"tags": "[[parameters('alertResourceGroupTags')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "ServiceHealthMaintenance",
"resourceGroup": "[[parameters('alertResourceGroupName')]",
"dependsOn": [
"[[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enabled": {
"type": "string"
},
"alertResourceGroupName": {
"type": "string"
},
"ALZMonitorActionGroupEmail": {
"type": "string"
},
"BYOActionGroup": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"condition": "[[empty(parameters('BYOActionGroup'))]",
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ServiceHealthPlannedMaintenance",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"actions": {
"actionGroups": [
{
"actionGroupId": "[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-SH-', subscription().displayName, '-001')]"
}
]
},
"description": "Service Health Planned Maintenance Alert",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "Maintenance"
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
},
{
"condition": "[[not(empty(parameters('BYOActionGroup')))]",
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ServiceHealthPlannedMaintenance",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"actions": {
"actionGroups": "[[variables('varActionGroupIds')]"
},
"description": "Service Health Planned Maintenance Alert",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "Maintenance"
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"ALZMonitorActionGroupEmail": {
"value": "[[parameters('ALZMonitorActionGroupEmail')]"
},
"BYOActionGroup": {
"value": "[[parameters('BYOActionGroup')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"alertResourceGroupTags": {
"value": "[[parameters('alertResourceGroupTags')]"
},
"alertResourceGroupLocation": {
"value": "[[parameters('alertResourceGroupLocation')]"
},
"ALZMonitorActionGroupEmail": {
"value": "[[parameters('ALZMonitorActionGroupEmail')]"
},
"BYOActionGroup": {
"value": "[[parameters('BYOActionGroup')]"
}
}
}
}
}
}
}
}
}
Service Health Security - ActivityLog Alert
Service Health Security Alert
Properties:
| category | ServiceHealth |
| incidentType | Security |
References:
Templates:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertName": {
"type": "string",
"metadata": {
"description": "Unique name (within the Resource Group) for the Activity log alert."
}
},
"alertDescription": {
"type": "string",
"defaultValue": "Service Health Security Alert",
"metadata": {
"description": "Description of alert"
}
},
"isEnabled": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Indicates whether or not the alert is enabled."
}
},
"currentDateTimeUtcNow": {
"type": "string",
"defaultValue": "[utcNow()]",
"metadata": {
"description": "The current date and time using the utcNow function. Used for deployment name uniqueness"
}
},
"telemetryOptOut": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"description": "The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry."
}
}
},
"variables": {
"pidDeploymentName": "[take(concat('##TELEMETRY_PID-', uniqueString(resourceGroup().id, parameters('alertName'), parameters('currentDateTimeUtcNow'))), 64)]"
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('alertName')]",
"location": "Global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"description": "[parameters('alertDescription')]",
"scopes": [
"[subscription().id]"
],
"enabled": "[parameters('isEnabled')]",
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "Security"
}
]
}
}
},
{
"condition": "[equals(parameters('telemetryOptOut'), 'No')]",
"apiVersion": "2020-06-01",
"name": "[variables('pidDeploymentName')]",
"type": "Microsoft.Resources/deployments",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": []
}
}
}
]
}
@description('Unique name (within the Resource Group) for the Activity log alert.')
@minLength(1)
param alertName string
@description('Description of alert')
param alertDescription string = 'Service Health Security Alert'
@description('Indicates whether or not the alert is enabled.')
param isEnabled bool = true
@description('"The current date and time using the utcNow function. Used for deployment name uniqueness')
param currentDateTimeUtcNow string = utcNow()
@description('The customer usage identifier used for telemetry purposes. The default value of False enables telemetry. The value of True disables telemetry.')
@allowed([
'Yes'
'No'
])
param telemetryOptOut string = 'No'
resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = {
name: alertName
location: 'Global'
tags: {
_deployed_by_amba: 'true'
}
properties: {
description: alertDescription
scopes: [
subscription().id
]
enabled: isEnabled
condition: {
allOf: [
{
{
field: 'category'
equals: 'ServiceHealth'
}
{
field: 'properties.incidentType'
equals: 'Security'
}
}
]
}
}
}
var ambaTelemetryPidName = 'pid-8bb7cf8a-bcf7-4264-abcb-703ace2fc84d-${uniqueString(resourceGroup().id, alertName, currentDateTimeUtcNow)}'
resource ambaTelemetryPid 'Microsoft.Resources/deployments@2020-06-01' = if (telemetryOptOut == 'No') {
name: ambaTelemetryPidName
tags: {
_deployed_by_amba: 'true'
}
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "Deploy_activitylog_ServiceHealth_SecurityAdvisory",
"properties": {
"policyType": "Custom",
"mode": "All",
"displayName": "Deploy Service Health Security Advisory Alert",
"description": "Policy to Deploy Service Health Security Advisory Alert",
"metadata": {
"version": "1.2.0",
"category": "Monitoring",
"source": "https://github.com/Azure/azure-monitor-baseline-alerts/",
"alzCloudEnvironments": [
"AzureCloud"
],
"_deployed_by_amba": "True"
},
"parameters": {
"enabled": {
"type": "String",
"metadata": {
"displayName": "Alert State",
"description": "Alert state for the alert"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "true"
},
"alertResourceGroupName": {
"type": "String",
"metadata": {
"displayName": "Resource Group Name",
"description": "Resource group the alert is placed in"
},
"defaultValue": "rg-amba-monitoring-001"
},
"alertResourceGroupTags": {
"type": "Object",
"metadata": {
"displayName": "Resource Group Tags",
"description": "Tags on the Resource group the alert is placed in"
},
"defaultValue": {
"_deployed_by_amba": true
}
},
"alertResourceGroupLocation": {
"type": "String",
"metadata": {
"displayName": "Resource Group Location",
"description": "Location of the Resource group the alert is placed in"
},
"defaultValue": "centralus"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Effect of the policy"
},
"allowedValues": [
"deployIfNotExists",
"disabled"
],
"defaultValue": "disabled"
},
"MonitorDisable": {
"type": "String",
"metadata": {
"displayName": "Monitoring disabled",
"description": "Tag name to disable monitoring. Set to true if monitoring should be disabled"
},
"defaultValue": "MonitorDisable"
},
"ALZMonitorActionGroupEmail": {
"type": "String",
"metadata": {
"displayName": "Action Group Email Addresses",
"description": "Email addresses to send alerts to"
},
"defaultValue": ""
},
"BYOActionGroup": {
"type": "String",
"metadata": {
"displayName": "Customer defined Action Group Resource ID",
"description": "The Resource ID of an existing Action Group already deployed by the customer in his environment"
},
"defaultValue": ""
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions"
},
{
"field": "[[concat('tags[', parameters('MonitorDisable'), ']')]",
"notEquals": "true"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"type": "Microsoft.Insights/activityLogAlerts",
"existenceScope": "resourcegroup",
"resourceGroupName": "[[parameters('alertResourceGroupName')]",
"deploymentScope": "subscription",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/enabled",
"equals": "[[parameters('enabled')]"
},
{
"anyOf": [
{
"allOf": [
{
"value": "[[empty(parameters('BYOActionGroup'))]",
"equals": true
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
"contains": "ag-AMBA-SH-"
}
]
},
{
"allOf": [
{
"value": "[[empty(parameters('BYOActionGroup'))]",
"equals": false
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*]",
"where": {
"anyOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/actions.actionGroups[*].actionGroupId",
"contains": "[[split(trim(parameters('BYOActionGroup')),',')[0]]"
}
]
}
},
"equals": 1
}
]
}
]
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
"where": {
"anyOf": [
{
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "category"
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
"equals": "ServiceHealth"
}
]
},
{
"allOf": [
{
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].field",
"equals": "properties.incidentType"
},
{
"field": "microsoft.insights/activityLogAlerts/condition.allOf[*].equals",
"equals": "Security"
}
]
}
]
}
},
"equals": 2
}
]
},
"deployment": {
"location": "northeurope",
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"alertResourceGroupName": {
"type": "string"
},
"alertResourceGroupTags": {
"type": "object"
},
"alertResourceGroupLocation": {
"type": "string"
},
"enabled": {
"type": "string"
},
"ALZMonitorActionGroupEmail": {
"type": "string"
},
"BYOActionGroup": {
"type": "String"
}
},
"variables": {
"varBYOActionGroups": "[[split(parameters('BYOActionGroup'), ',')]",
"copy": [
{
"name": "varActionGroupIds",
"count": "[[length(variables('varBYOActionGroups'))]",
"mode": "serial",
"input": {
"actionGroupId": "[[trim(variables('varBYOActionGroups')[copyIndex('varActionGroupIds')])]"
}
}
]
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2021-04-01",
"name": "[[parameters('alertResourceGroupName')]",
"location": "[[parameters('alertResourceGroupLocation')]",
"tags": "[[parameters('alertResourceGroupTags')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-10-01",
"name": "ServiceSecurityIncident",
"resourceGroup": "[[parameters('alertResourceGroupName')]",
"dependsOn": [
"[[resourceId('Microsoft.Resources/resourceGroups', parameters('alertResourceGroupName'))]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"enabled": {
"type": "string"
},
"alertResourceGroupName": {
"type": "string"
},
"ALZMonitorActionGroupEmail": {
"type": "string"
},
"BYOActionGroup": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"condition": "[[empty(parameters('BYOActionGroup'))]",
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ServiceHealthSecurityIncident",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"actions": {
"actionGroups": [
{
"actionGroupId": "[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/microsoft.insights/actionGroups/', 'ag-AMBA-SH-', subscription().displayName, '-001')]"
}
]
},
"description": "Service Health Security Alert",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "Security"
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
},
{
"condition": "[[not(empty(parameters('BYOActionGroup')))]",
"type": "microsoft.insights/activityLogAlerts",
"apiVersion": "2020-10-01",
"name": "ServiceHealthSecurityIncident",
"location": "global",
"tags": {
"_deployed_by_amba": true
},
"properties": {
"actions": {
"actionGroups": "[[variables('varActionGroupIds')]"
},
"description": "Service Health Security Alert",
"enabled": "[[parameters('enabled')]",
"scopes": [
"[[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth"
},
{
"field": "properties.incidentType",
"equals": "Security"
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"ALZMonitorActionGroupEmail": {
"value": "[[parameters('ALZMonitorActionGroupEmail')]"
},
"BYOActionGroup": {
"value": "[[parameters('BYOActionGroup')]"
}
}
}
}
]
},
"parameters": {
"enabled": {
"value": "[[parameters('enabled')]"
},
"alertResourceGroupName": {
"value": "[[parameters('alertResourceGroupName')]"
},
"alertResourceGroupTags": {
"value": "[[parameters('alertResourceGroupTags')]"
},
"alertResourceGroupLocation": {
"value": "[[parameters('alertResourceGroupLocation')]"
},
"ALZMonitorActionGroupEmail": {
"value": "[[parameters('ALZMonitorActionGroupEmail')]"
},
"BYOActionGroup": {
"value": "[[parameters('BYOActionGroup')]"
}
}
}
}
}
}
}
}
}