Creating Azure Service Health Alerts in PowerShell

Azure Service Health provides you with an interactive dashboard that primarily tracks the health of your Azure Services in the regions that you have deployed to. There are three types of health events that are tracked:

  • Health Advisories:- Changes in Azure Services that require your attention, such as quota usage being exceeded or Azure resources becoming deprecated
  • Planned maintenance:- Scheduled maintenance that Azure are planning to services in future.
  • Service Issues:- Azure resources that are having issues which are affecting your environment(s)

With this, you may want to be alerted by any health events mentioned above. In this blog, I will be showing how to do this, using ARM template along with PowerShell.

Pre-requisite

Before deploying, we need to have an action group created.

Action Groups within Azure are a group of notification preferences and/or actions which are used by both Azure Monitor and service alerts. They can be defined in various ways depending on the environment you are working on, whether one action group is used for all alerts or action groups are split into different alerting scenarios..

Further information on Azure Action Groups and how to deploy, can be found in my blog: Azure Action Groups:- What are they?

The Deployment

Why ARM and not just PowerShell?

As of writing this blog – using the new cmdlet Set-AzActivityLogAlert did not work when trying to define specific regions & services using “properties.impactedServices[].ImpactedRegions[].RegionName” & “properties.impactedServices[*].ServiceName”. The cmdlet does work fine when you want to deploy a service alot for all regions and all services.

ARM Template

Within this template , I will be including all three health events: Health Advisories, Planned Maintenace & Service Issues

This template has been created in a generic way, with parameters that will be passed in at run-time within PowerShell, including both regions and services that you want to be alerted on.

Also note, the resource is configured for incremental, this will allow you to redeploy this template with various changes to services and/or regions.

ServiceHealthAlert.json

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "LogAlertName": {
      "type": "string"
    },
    "actionGroupResourceId": {
      "type": "string"
    },
    "ServiceHealthRegions": {
      "type": "array"
    },
    "ServiceHealthServices": {
      "type": "array"
    }
  },
  "resources": [
    {
      "type": "Microsoft.Insights/activityLogAlerts",
      "apiVersion": "2017-04-01",
      "name": "[parameters('activityLogAlertName')]",
      "location": "Global",
      "kind": null,
      "tags": {

      },
      "properties": {
        "mode": "Incremental",
        "enabled": true,
        "description": "",
        "scopes": [
          "[subscription().id]"
        ],
        "condition": {
          "allOf": [
            {
              "field": "category",
              "equals": "ServiceHealth",
              "containsAny": null
            },
            {
              "field": "properties.incidentType",
              "equals": "Informational",
              "containsAny": null
            },
            {
              "field": "properties.incidentType",
              "equals": "Maintenance",
              "containsAny": null
            },
            {
              "field": "properties.incidentType",
              "equals": "Incident",
              "containsAny": null
            },
            {
              "field": "properties.incidentType",
              "equals": "ActionRequired",
              "containsAny": null
            },
            {
              "field": "properties.incidentType",
              "equals": "Security",
              "containsAny": null
            },
            {
              "field": "properties.impactedServices[*].ImpactedRegions[*].RegionName",
              "equals": null,
              "containsAny": "[parameters('ServiceHealthRegions')]"
            },
            {
              "field": "properties.impactedServices[*].ServiceName",
              "equals": null,
              "containsAny": "[parameters('ServiceHealthServices')]"
            }

          ]
        },
        "actions": {
          "actionGroups": [
            {
              "actionGroupId": "[parameters('actionGroupResourceId')]",
              "webhookProperties": {

              }
            }
          ]
        }
      }
    }
  ]
}

PowerShell

Time to to look at the PowerShell to run this ARM template

Changes required:

  • $actiongroup – Name & ResourceGroup to name of your actiongroup & resource group location
  • $ServiceHealthRegions – Contains regions that you want to be alerted on when Azure Services are affected
  • $ServiceHealthServices – List of Azure Services you want to be alerted on when they are affected

ServiceHealthAlert.ps1

		$actiongroup = Get-AzActionGroup -Name "tamopsag" -ResourceGroup "tamops" -WarningAction Ignore
        
        $ServiceHealthRegions = @(
                            "North Europe",
                            "West Europe"
                            )
                            
		$ServiceHealthServices = @(
							"Action Groups",
							"Activity Logs & Alerts",
							"Alerts & Metrics",
							"Alerts",
							"Application Insights",
							"Azure Active Directory",
							"Azure Active Directory Domain Services"
							)


		$params = @{
			LogAlertName = "TamOps Azure Service Notification"
			ServiceHealthRegions = $ServiceHealthRegions
			ServiceHealthServices = $ServiceHealthServices
			actiongroupresourceid = $actiongroup.id
		}

		New-AzResourceGroupDeployment `
			-Name "Azure-Service-Notification" `
			-ResourceGroupName "tamops" `
			-TemplateFile "/home/thomas/clouddrive/ServiceHealthAlert.json" `
			-TemplateParameterObject $params

Successful run of the PowerShell Script above will output the below.

DeploymentName          : Azure-Service-Notification
ResourceGroupName       : tamops
ProvisioningState       : Succeeded
Timestamp               : 7/17/19 9:55:41 PM
Mode                    : Incremental
TemplateLink            :
Parameters              :
                          Name                     Type                       Value
                          =======================  =========================  ==========
                          activityLogAlertName     String                     TamOps Azure Service Notification
                          actionGroupResourceId    String                     /subscriptions/<subscriptionid>/resourceGroups/tamops/providers/microsoft.insights/actionGroups/tamopsag
                          serviceHealthRegions     Array                      [
                            "North Europe",
                            "West Europe"
                          ]
                          serviceHealthServices    Array                      [
                            "Action Groups",
                            "Activity Logs & Alerts",
                            "Alerts & Metrics",
                            "Alerts",
                            "Application Insights",
                            "Azure Active Directory",
                            "Azure Active Directory Domain Services"
                          ]

Outputs                 :
DeploymentDebugLogLevel :

As mentioned previously with the ARM template being configured as “incremental”, if you need to apply updates to the above arrays – you can just run the script again and it will update.

Viewing the Service Alert in Azure Portal

Select Service Health icon

Select Health Alerts

You can now see the Service Health alert that was created above

15 comments

    1. Hi,

      Yes for pretty much any service you can create a service health alert for, you can view these if you search “service health” at top of Azure Portal, then select “+ add service health alert” you can then see services you can create the alert for

  1. Hi Thomas,

    Very helpful article. Do you have happen to have Resource Health Alert template where I can pass more than one resource groups to monitor as part of my parameters?

  2. The ARM template shared is incorrect. Using this template, the service health alert will fire only when all the conditions provided is met (you have used “allOf” operator ).
    Whenever a service health event gets generated, the event should be either Incident or Maintenance, it cannot co-exist in the “allOf” operator. If you are selecting both, then it should come under “anyOf” operator.
    Using this condition will create the alert successfully but it wont trigger any alert.

    You must create a service health alert from portal and need to use this REST API – https://docs.microsoft.com/en-us/rest/api/monitor/activitylogalerts/get to check multiple combinations and understood how the operator is getting formed for the service health alert.

  3. I don’t believe “anyOf” will work. Having it set that way makes the deployment fail with “UnsupportedCondition”. Setting it back to “allOf” allows the deployment to succeed.

  4. Setting up as “AllOf” will allow you to create the alert rules successfully but the alerts will not fire. With “AllOf” conditions, all the conditions specified in the alert need to be met. Then only the service health event will fire.
    Whenever a service health event gets generated, the event should be either Incident or Maintenance, it cannot co-exist in the “allOf” operator. If you are selecting both, then alert will not fire.
    As I pointed out previously, You must create a service health alert from portal and need to use this REST API – https://docs.microsoft.com/en-us/rest/api/monitor/activitylogalerts/get to check multiple combinations and understood how the operator is getting formed for the service health alert.
    Example: When you are selecting Event type as “Service issue”, “Planned Maintainence” and “Security Advisory”. Below is the format that you need to use.
    Setting up as “allof” will allow you to create the alert but the conditions will not met any time and the alerts won’t fire.
    “condition”: {
    “allOf”: [
    {
    “field”: “category”,
    “equals”: “ServiceHealth”,
    “containsAny”: null,
    “odata.type”: null
    },
    {
    “anyOf”: [
    {
    “field”: “properties.incidentType”,
    “equals”: “Maintenance”,
    “containsAny”: null,
    “odata.type”: null
    },
    {
    “field”: “properties.incidentType”,
    “equals”: “Incident”,
    “containsAny”: null,
    “odata.type”: null
    },
    {
    “field”: “properties.incidentType”,
    “equals”: “Security”,
    “containsAny”: null,
    “odata.type”: null
    }
    ],
    “odata.type”: null
    },

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s