Azure Service Health provides you with an interactive dashboard that primarily tracks the health of your Azure Services in the regions that you have deployed to. There are three types of health events that are tracked:
- Health Advisories:- Changes in Azure Services that require your attention, such as quota usage being exceeded or Azure resources becoming deprecated
- Planned maintenance:- Scheduled maintenance that Azure are planning to services in future.
- Service Issues:- Azure resources that are having issues which are affecting your environment(s)
With this, you may want to be alerted by any health events mentioned above. In this blog, I will be showing how to do this, using ARM template along with PowerShell.
Pre-requisite
Before deploying, we need to have an action group created.
Action Groups within Azure are a group of notification preferences and/or actions which are used by both Azure Monitor and service alerts. They can be defined in various ways depending on the environment you are working on, whether one action group is used for all alerts or action groups are split into different alerting scenarios..
Further information on Azure Action Groups and how to deploy, can be found in my blog: Azure Action Groups:- What are they?
The Deployment
Why ARM and not just PowerShell?
As of writing this blog – using the new cmdlet Set-AzActivityLogAlert did not work when trying to define specific regions & services using “properties.impactedServices[].ImpactedRegions[].RegionName” & “properties.impactedServices[*].ServiceName”. The cmdlet does work fine when you want to deploy a service alot for all regions and all services.
ARM Template
Within this template , I will be including all three health events: Health Advisories, Planned Maintenace & Service Issues
This template has been created in a generic way, with parameters that will be passed in at run-time within PowerShell, including both regions and services that you want to be alerted on.
Also note, the resource is configured for incremental, this will allow you to redeploy this template with various changes to services and/or regions.
ServiceHealthAlert.json
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"LogAlertName": {
"type": "string"
},
"actionGroupResourceId": {
"type": "string"
},
"ServiceHealthRegions": {
"type": "array"
},
"ServiceHealthServices": {
"type": "array"
}
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[parameters('activityLogAlertName')]",
"location": "Global",
"kind": null,
"tags": {
},
"properties": {
"mode": "Incremental",
"enabled": true,
"description": "",
"scopes": [
"[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "ServiceHealth",
"containsAny": null
},
{
"field": "properties.incidentType",
"equals": "Informational",
"containsAny": null
},
{
"field": "properties.incidentType",
"equals": "Maintenance",
"containsAny": null
},
{
"field": "properties.incidentType",
"equals": "Incident",
"containsAny": null
},
{
"field": "properties.incidentType",
"equals": "ActionRequired",
"containsAny": null
},
{
"field": "properties.incidentType",
"equals": "Security",
"containsAny": null
},
{
"field": "properties.impactedServices[*].ImpactedRegions[*].RegionName",
"equals": null,
"containsAny": "[parameters('ServiceHealthRegions')]"
},
{
"field": "properties.impactedServices[*].ServiceName",
"equals": null,
"containsAny": "[parameters('ServiceHealthServices')]"
}
]
},
"actions": {
"actionGroups": [
{
"actionGroupId": "[parameters('actionGroupResourceId')]",
"webhookProperties": {
}
}
]
}
}
}
]
}
PowerShell
Time to to look at the PowerShell to run this ARM template
Changes required:
- $actiongroup – Name & ResourceGroup to name of your actiongroup & resource group location
- $ServiceHealthRegions – Contains regions that you want to be alerted on when Azure Services are affected
- $ServiceHealthServices – List of Azure Services you want to be alerted on when they are affected
ServiceHealthAlert.ps1
$actiongroup = Get-AzActionGroup -Name "tamopsag" -ResourceGroup "tamops" -WarningAction Ignore
$ServiceHealthRegions = @(
"North Europe",
"West Europe"
)
$ServiceHealthServices = @(
"Action Groups",
"Activity Logs & Alerts",
"Alerts & Metrics",
"Alerts",
"Application Insights",
"Azure Active Directory",
"Azure Active Directory Domain Services"
)
$params = @{
LogAlertName = "TamOps Azure Service Notification"
ServiceHealthRegions = $ServiceHealthRegions
ServiceHealthServices = $ServiceHealthServices
actiongroupresourceid = $actiongroup.id
}
New-AzResourceGroupDeployment `
-Name "Azure-Service-Notification" `
-ResourceGroupName "tamops" `
-TemplateFile "/home/thomas/clouddrive/ServiceHealthAlert.json" `
-TemplateParameterObject $params
Successful run of the PowerShell Script above will output the below.
DeploymentName : Azure-Service-Notification
ResourceGroupName : tamops
ProvisioningState : Succeeded
Timestamp : 7/17/19 9:55:41 PM
Mode : Incremental
TemplateLink :
Parameters :
Name Type Value
======================= ========================= ==========
activityLogAlertName String TamOps Azure Service Notification
actionGroupResourceId String /subscriptions/<subscriptionid>/resourceGroups/tamops/providers/microsoft.insights/actionGroups/tamopsag
serviceHealthRegions Array [
"North Europe",
"West Europe"
]
serviceHealthServices Array [
"Action Groups",
"Activity Logs & Alerts",
"Alerts & Metrics",
"Alerts",
"Application Insights",
"Azure Active Directory",
"Azure Active Directory Domain Services"
]
Outputs :
DeploymentDebugLogLevel :
As mentioned previously with the ARM template being configured as “incremental”, if you need to apply updates to the above arrays – you can just run the script again and it will update.
Viewing the Service Alert in Azure Portal
Select Service Health icon
Select Health Alerts
You can now see the Service Health alert that was created above
Thomas Thornton 
Is there a way to see a list of all the servicehealthservices to define in this script other than the ones specified in the example?
Hi,
Yes for pretty much any service you can create a service health alert for, you can view these if you search “service health” at top of Azure Portal, then select “+ add service health alert” you can then see services you can create the alert for
Did you ever found something for this?
Sorry. What do you mean?
Hi Thomas,
Very helpful article. Do you have happen to have Resource Health Alert template where I can pass more than one resource groups to monitor as part of my parameters?
Hi Ronnie, what do you mean?
You can loop using foreach{} within PowerShell or similar
The ARM template shared is incorrect. Using this template, the service health alert will fire only when all the conditions provided is met (you have used “allOf” operator ).
Whenever a service health event gets generated, the event should be either Incident or Maintenance, it cannot co-exist in the “allOf” operator. If you are selecting both, then it should come under “anyOf” operator.
Using this condition will create the alert successfully but it wont trigger any alert.
You must create a service health alert from portal and need to use this REST API – https://docs.microsoft.com/en-us/rest/api/monitor/activitylogalerts/get to check multiple combinations and understood how the operator is getting formed for the service health alert.
Hi Naveen, thank you for input. Will review and update accordingly.
I don’t believe “anyOf” will work. Having it set that way makes the deployment fail with “UnsupportedCondition”. Setting it back to “allOf” allows the deployment to succeed.
Thanks Trevor, had initially set to allOf. Had updated with a previous comment. Now reverted
Setting up as “AllOf” will allow you to create the alert rules successfully but the alerts will not fire. With “AllOf” conditions, all the conditions specified in the alert need to be met. Then only the service health event will fire.
Whenever a service health event gets generated, the event should be either Incident or Maintenance, it cannot co-exist in the “allOf” operator. If you are selecting both, then alert will not fire.
As I pointed out previously, You must create a service health alert from portal and need to use this REST API – https://docs.microsoft.com/en-us/rest/api/monitor/activitylogalerts/get to check multiple combinations and understood how the operator is getting formed for the service health alert.
Example: When you are selecting Event type as “Service issue”, “Planned Maintainence” and “Security Advisory”. Below is the format that you need to use.
Setting up as “allof” will allow you to create the alert but the conditions will not met any time and the alerts won’t fire.
“condition”: {
“allOf”: [
{
“field”: “category”,
“equals”: “ServiceHealth”,
“containsAny”: null,
“odata.type”: null
},
{
“anyOf”: [
{
“field”: “properties.incidentType”,
“equals”: “Maintenance”,
“containsAny”: null,
“odata.type”: null
},
{
“field”: “properties.incidentType”,
“equals”: “Incident”,
“containsAny”: null,
“odata.type”: null
},
{
“field”: “properties.incidentType”,
“equals”: “Security”,
“containsAny”: null,
“odata.type”: null
}
],
“odata.type”: null
},
Thank you Naveen, when I get time to review this – will update post accordingly