Azure Monitor Baseline Alerts
Download AlertsGlossaryGitHubGitHub IssuesToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

Alerts Details

Specific alerts for ALZ can be downloaded by clicking on the Download icon (highlighted in red below) in the top right corner of the AMBA documentation.

Alert-Details Download icon

The best way to see which policy alert rules are part of the ALZ pattern it is best to go to the Policy-Initiatives page.

The resources, metric alerts and their settings provide you with a starting point to help you address the following monitoring questions: “What should we monitor in Azure?” and “What alert settings should we use?” While they are opinionated settings and they are meant to cover the most common Azure Landing Zone components, we encourage you to adjust these settings to suit your monitoring needs based on how you’re using Azure.

If you have suggestions for other resources that should be included please open an Issue on this page providing the Azure resource provider and settings you’d like implemented, we can’t promise to implement them all but we will look into it. Or if you’d like to contribute directly, follow the steps on how to contribute here.

Azure Landing Zone Metric Alerts Settings

The values shown for Aggregation, Operator, Threshold, WindowSize, Frequency and Severity have been derived from field experience and what customers have implemented themselves; Alerts are based on Microsoft public guidance where available (indicated by a ‘Yes’ in the Verified column), and on practical application experience where public guidance is not available (indicated by a ‘No’ in the Verified column). Links to Product Group guidance can be found in the References column and when no guidance is provided we’ve provided a link to the description of the Metric on learn.microsoft.com.

The Scope column details where we scoped the alerts as described in Introduction to deploying the ALZ Pattern.

Only a small number of the resources support metric alert rules scoped at the subscription level and the metric alerts would only apply to resources deployed within the same region. The Support for Multiple Resources column to show which resources support metric alerts being scoped at the subscription level. For a complete list of which resources support metrics alert rules scoped at the subscription level click here.

We have tried to make it so that the table doesn’t require a lot of side to side scrolling, but it is still a lot of information, we recommended that you click on the specifc alert name which will take you directly to the JSON definition of the alert you’re interested in.
Alert NameComponentMetricAggregationOperatorThresholdWindowFrequencySeverityScopeSupport for Multiple ResourcesVerifiedReferences
Deploy Automation Account TotalJob AlertMicrosoft.Automation/automationAccountsTotalJobAverageGreaterThan0PT5MPT1M2ResourceNoNAzure Automation Azure Monitor Metrics
Deploy KeyVault Availability AlertMicrosoft.KeyVault/vaultsAvailabilityAverageLessThan90PT5MPT1M1ResourceYesYMonitoring KeyVault Reference Monitoring Microsoft.KeyVault/vaults KeyVault Insights Overview
Deploy KeyVault Capacity AlertMicrosoft.KeyVault/vaultsSaturationShoeboxAverageGreaterThan75PT5MPT1M1ResourceYesYMonitoring KeyVault Reference Monitoring Microsoft.KeyVault/vaults KeyVault Insights Overview
Deploy KeyVault Latency AlertMicrosoft.KeyVault/vaultsServiceApiLatencyAverageGreaterThan1000PT5MPT5M3ResourceYesYMonitoring KeyVault Reference Monitoring Microsoft.KeyVault/vaults KeyVault Insights Overview
Deploy KeyVault Requests AlertMicrosoft.KeyVault/vaultsServiceApiResultAverageGreaterThandynamicPT5MPT5M2ResourceYesYMonitoring KeyVault Reference Monitoring Microsoft.KeyVault/vaults KeyVault Insights Overview
Deploy Azure Application Gateway BackendLastByteResponseTime AlertMicrosoft.Network/applicationGatewaysBackendLastByteResponseTimeTotalGreaterThandynamicPT5MPT1M2ResourceNoNMonitoring Azure Application Gateway data reference Metrics for Application Gateway Monitoring Azure Application Gateway
Deploy AFW FirewallHealth AlertMicrosoft.Network/azureFirewallsFirewallHealthAverageLessThan90PT5MPT1M0ResourceNoNOverview of Azure Firewall logs and metrics
Deploy AFW SNATPortUtilization AlertMicrosoft.Network/azureFirewallsSNATPortUtilizationAverageGreaterThan80PT5MPT1M1ResourceNoNOverview of Azure Firewall logs and metrics
Deploy ExpressRoute Circuits ARP Availability AlertMicrosoft.Network/expressRouteCircuitsArpAvailabilityAverageLessThan90PT5MPT1M0ResourceNoYMonitor ExpressRoute Alerts ExpressRoute KQL Queries
Deploy ExpressRoute Circuits BGP Availability AlertMicrosoft.Network/expressRouteCircuitsBgpAvailabilityAverageLessThan90PT5MPT1M0ResourceNoYMonitor ExpressRoute Alerts ExpressRoute KQL Queries
Deploy ExpressRoute Circuits QosDropBitsInPerSecond AlertMicrosoft.Network/expressRouteCircuitsQosDropBitsInPerSecondAverageGreaterThandynamicPT5MPT5M2ResourceNoNMonitor ExpressRoute Alerts ExpressRoute KQL Queries
Deploy ExpressRoute Circuits QosDropBitsOutPerSecond AlertMicrosoft.Network/expressRouteCircuitsQosDropBitsOutPerSecondAverageGreaterThandynamicPT5MPT5M2ResourceNoNMonitor ExpressRoute Alerts ExpressRoute KQL Queries
Deploy ERG ExpressRoute Bits In AlertMicrosoft.Network/expressRouteGatewaysERGatewayConnectionBitsInPerSecondAverageLessThan1PT5MPT5M0ResourceNoNExpressRoute Monitoring Metrics Alerts for ExpressRoute Gateways
Deploy ERG ExpressRoute Bits Out AlertMicrosoft.Network/expressRouteGatewaysERGatewayConnectionBitsOutPerSecondAverageLessThan1PT5MPT5M0ResourceNoNExpressRoute Monitoring Metrics Alerts for ExpressRoute Gateways
Deploy ERG ExpressRoute CPU Utilization AlertMicrosoft.Network/expressRouteGatewaysExpressRouteGatewayCpuUtilizationAverageGreaterThan80PT5MPT1M1ResourceNoYExpressRoute Monitoring Metrics Alerts for ExpressRoute Gateways
Deploy ER Direct Connection BitsInPerSecond AlertMicrosoft.Network/expressRoutePortsPortBitsInPerSecondAverageLessThan1PT5MPT5M0ResourceNoN
Deploy ER Direct Connection BitsOutPerSecond AlertMicrosoft.Network/expressRoutePortsPortBitsOutPerSecondAverageLessThan1PT5MPT5M0ResourceNoN
Deploy ER Direct LineProtocol AlertMicrosoft.Network/expressRoutePortsLineProtocolAverageLessThan0.9PT5MPT5M0ResourceNoN
Deploy ER Direct RxLightLevel High AlertMicrosoft.Network/expressRoutePortsRxLightLevelAverageGreaterThan0PT5MPT5M1ResourceNoN
Deploy ER Direct RxLightLevel Low AlertMicrosoft.Network/expressRoutePortsRxLightLevelAverageLessThan-10PT5MPT5M1ResourceNoN
Deploy ER Direct TxLightLevel High AlertMicrosoft.Network/expressRoutePortsTxLightLevelAverageGreaterThan0PT5MPT5M1ResourceNoN
Deploy ER Direct TxLightLevel Low AlertMicrosoft.Network/expressRoutePortsTxLightLevelAverageLessThan-10PT5MPT5M1ResourceNoN
Deploy ALB Data Path Availability AlertMicrosoft.Network/loadBalancersVipAvailabilityAverageLessThan90PT5MPT1M0ResourceNoYAzure Monitor supported metrics by resource type - Azure Load Balancer Azure Load Balancer Multi-Demensional-Metrics Is The Data Path Up and Available for My Load-Balancer
Deploy ALB Global Backend Availability AlertMicrosoft.Network/loadBalancersGlobalBackendAvailabilityAverageLessThan90PT5MPT1M0ResourceNoNAzure Monitor supported metrics by resource type - Azure Load Balancer
Deploy ALB Health Probe Status AlertMicrosoft.Network/loadBalancersDipAvailabilityAverageLessThan90PT5MPT1M0ResourceNoYAzure Monitor supported metrics by resource type - Azure Load Balancer Are Backend Instances for my Load-Balancer Responding to Probes
Deploy ALB Used SNAT Ports AlertMicrosoft.Network/loadBalancersUsedSNATPortsAverageGreaterThan900PT5MPT1M1ResourceNoYAzure Monitor supported metrics by resource type - Azure Load Balancer Load-Balancer Alerts Check My SNAT Port Usage and Allocation
Deploy PDNSZ Capacity Utilization AlertMicrosoft.Network/privateDnsZonesVirtualNetworkLinkCapacityUtilizationMaximumGreaterThanOrEqual80PT1HPT1H2ResourceNoNPrivate DNS Alert Metrics
Deploy PDNSZ Query Volume AlertMicrosoft.Network/privateDnsZonesQueryVolumeTotalGreaterThanOrEqual500PT1HPT1H4ResourceNoNPrivate DNS Alert Metrics
Deploy PDNSZ Record Set Capacity AlertMicrosoft.Network/privateDnsZonesRecordSetCapacityUtilizationMaximumGreaterThanOrEqual80PT1HPT1H2ResourceNoNPrivate DNS Alert Metrics
Deploy PDNSZ Registration Capacity Utilization AlertMicrosoft.Network/privateDnsZonesVirtualNetworkWithRegistrationCapacityUtilizationMaximumGreaterThanOrEqual80PT1HPT1H2ResourceNoNPrivate DNS Alert Metrics
Deploy PIP Bytes in DDoS Attack AlertMicrosoft.Network/publicIPAddressesBytesInDDoSMaximumGreaterThan8000000PT5MPT5M4ResourceNoNMonitor Public IP Addresses Public IP Addresses Supported Metrics
Deploy PIP DDoS Attack AlertMicrosoft.Network/publicIPAddressesIfUnderDDoSAttackMaximumGreaterThan0PT5MPT5M1ResourceNoYMonitor Public IP Addresses Public IP Addresses Supported Metrics
Deploy PIP Packets in DDoS Attack AlertMicrosoft.Network/publicIPAddressesPacketsInDDoSTotalGreaterThanOrEqual40000PT5MPT5M4ResourceNoNMonitor Public IP Addresses Public IP Addresses Supported Metrics
Deploy PIP VIP Availability AlertMicrosoft.Network/publicIPAddressesVipAvailabilityAverageLessThan90PT5MPT1M1ResourceNoNMonitor Public IP Addresses Public IP Addresses Supported Metrics
Deploy VNetG Tunnel Bandwidth AlertMicrosoft.Network/virtualNetworkGatewaysTunnelAverageBandwidthAverageLessThan1PT5MPT1M0ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Tunnel Egress AlertMicrosoft.Network/virtualNetworkGatewaysTunnelEgressBytesAverageLessThan1PT5MPT5M0ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Egress Packet Drop Count AlertMicrosoft.Network/virtualNetworkGatewaysTunnelEgressPacketDropCountAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Egress Packet Drop Mismatch AlertMicrosoft.Network/virtualNetworkGatewaysTunnelEgressPacketDropTSMismatchAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG ExpressRoute Bits Per Second AlertMicrosoft.Network/virtualNetworkGatewaysExpressRouteGatewayBitsPerSecondAverageLessThan1PT5MPT1M0ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG ExpressRoute CPU Utilization AlertMicrosoft.Network/virtualNetworkGatewaysExpressRouteGatewayCpuUtilizationAverageGreaterThan80PT5MPT1M1ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Tunnel Ingress AlertMicrosoft.Network/virtualNetworkGatewaysTunnelIngressBytesAverageLessThan1PT5MPT5M0ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Ingress Packet Drop Count AlertMicrosoft.Network/virtualNetworkGatewaysTunnelIngressPacketDropCountAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Egress Packet Drop Mismatch AlertMicrosoft.Network/virtualNetworkGatewaysTunnelIngressPacketDropTSMismatchAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNet DDoS Attack AlertMicrosoft.Network/virtualNetworksIfUnderDDoSAttackMaximumGreaterThan0PT5MPT1M1ResourceNoNSupported metrics for Microsoft.Network/virtualNetworks
Deploy VPNG Bandwidth Utilization AlertMicrosoft.Network/vpnGatewaysTunnelAverageBandwidthAverageLessThan1PT5MPT1M0ResourceNoNActivity Log Service Notifications Best practices for setting up service health alerts
Deploy VPNG BGP Peer Status AlertMicrosoft.Network/vpnGatewaysBgpPeerStatusTotalLessThan1PT5MPT1M0ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VPNG Egress AlertMicrosoft.Network/vpnGatewaysTunnelEgressBytesAverageLessThan1PT5MPT5M0ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VPNG Egress Packet Drop Count AlertMicrosoft.Network/vpnGatewaysTunnelEgressPacketDropCountAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VPNG Egress Packet Drop Mismatch AlertMicrosoft.Network/vpnGatewaysTunnelEgressPacketDropTSMismatchAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VPNG Ingress AlertMicrosoft.Network/vpnGatewaysTunnelIngressBytesAverageLessThan1PT5MPT5M0ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VNetG Ingress Packet Drop Count AlertMicrosoft.Network/vpnGatewaysTunnelIngressPacketDropCountAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VPNG Ingress Packet Drop Mismatch AlertMicrosoft.Network/vpnGatewaysTunnelIngressPacketDropTSMismatchAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy SA Availability AlertMicrosoft.Storage/storageAccountsAvailabilityAverageLessThan100PT5MPT5M1ResourceNoYMonitoring Availability Supported metrics for Microsoft.Storage/storageAccounts
Deploy SA Throttling AlertMicrosoft.Storage/storageAccounts/fileServicesTransactionsTotalGreaterThanOrEqual1PT15MPT5M2ResourceNoNHigh latency, low throughput, or low IOPS

1 See “Why are the availability alert thresholds lower than 100% in this solution when the product group documention recommends 100%?” in the FAQ for more details.

Azure Landing Zone Activity Log Alerts

Azure Landing Zone Activity Log Resource Health

Use the following two sections to quickly know when there’s a Service Health issue with an Azure resource, saving you the effort of further troubleshooting and allow you to focus on communicating to your user base and/or use these alerts as part of your business continuity actions (remediations).

Alert Policy NameAlert NametargetScopeCategoryProperties.causeProperties.currentHealthStatusScopeVerifiedReferences
Deploy Resource Health Unhealthy AlertResourceHealthUnhealthyAlertmanagementGroupResourceHealth
[
  "PlatoformInitiated",
  "UserInitiated"
]
[
  "Degraded",
  "Unavailable"
]
SubscriptionNResource Health Best practices for setting up service health alerts

Azure Landing Zone Service Health Alerts

Alert Policy NameAlert NamePolicyScopeCategoryProperties.incidentTypeScopeDocumentedReferences
Deploy Service Health Advisory AlertServiceHealthAdvisoryEventmanagementGroupServiceHealthActionRequiredSubscriptionYesActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Service Health Incident AlertServiceHealthIncidentmanagementGroupServiceHealthIncidentSubscriptionYesActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Service Health Maintenance AlertServiceHealthPlannedMaintenancemanagementGroupServiceHealthMaintenanceSubscriptionYesActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Service Health Security Advisory AlertServiceHealthSecurityIncidentmanagementGroupServiceHealthSecuritySubscriptionYesActivity Log Service Notifications Best practices for setting up service health alerts

Azure Landing Zone Activity Log Administrative

The following table lists a number of operational Activity Log alerts to alert your team when certain resources have been deleted.

There isn’t any per resource type guidance so what’s been provided is some general guidance on alerting on the deletion of specific resources, the list may grow in the future and of course you can create your own following the pattern used for these Activity Log alerts.

Alert Policy NameAlert NamePolicyScopecategoryoperationNamestatusScopeDocumentedReferences
Deploy Activity Log Key Vault Delete AlertActivityKeyVaultDeletemanagementGroupAdministrativeMicrosoft.KeyVault/vaults/delete[succeeded]SubscriptionNoActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Activity Log Azure Firewall Delete AlertActivityAzureFirewallDeletemanagementGroupAdministrativeMicrosoft.Network/azureFirewalls/delete[succeeded]ResourceNoActivity Log Service Notifications Best practices for setting up service health alerts
Policy to Deploy Activity Log NSG Delete AlertActivityNSGDeletemanagementGroupAdministrativeMicrosoft.Network/networkSecurityGroups/delete[succeeded]ResourceNoActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Activity Log Route Table Update AlertActivityUDRUpdatemanagementGroupAdministrativeMicrosoft.Network/routeTables/routes/write[succeeded]ResourceNoActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Activity Log VPN Gateway Delete AlertActivityVPNGatewayDeletemanagementGroupAdministrativeMicrosoft.Network/vpnGateways/delete[succeeded]SubscriptionNo
Deploy Activity Log LA Workspace Delete AlertActivityLAWorkspaceDeletemanagementGroupAdministrativeMicrosoft.OperationalInsights/workspaces/delete[succeeded]SubscriptionNoActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Activity Log LA Workspace Regenerate Key AlertActivityLAWorkspaceRegenKeymanagementGroupAdministrativeMicrosoft.OperationalInsights/workspaces/regeneratesharedkey/action[succeeded]SubscriptionNoActivity Log Service Notifications Best practices for setting up service health alerts

VM Insights Log Alerts

Once VM Insights has been enabled in your environment, the following alert rules can be configured for use via the Baseline Alerts framework.

N/A: Not applicable, not used in the query or used as a parameter.

Alert NameComponentAggregationOperatorThresholdWindowSizeFrequencyResolveTimeFailingPeriodsDimensionsSeverityQueryVerifiedReferences
Deploy VM Data Disk Read Latency AlertCompute/virtualMachinesAverageGreaterThan25PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "ReadLatencyMs"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk !in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated,15m), Computer, _ResourceId, Disk
NMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Data Disk Free Space Percentage AlertCompute/virtualMachinesAverageLessThan10PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk"and Name == "FreeSpacePercentage"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk !in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated,15m), Computer, _ResourceId, Disk
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Data Disk Write Latency AlertCompute/virtualMachinesAverageGreaterThan25PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "WriteLatencyMs"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk !in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated,15m), Computer, _ResourceId, Disk
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Nework Read (bytes/sec) AlertCompute/virtualMachinesAverageGreaterThan10000000PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "Network" and Name == "ReadBytesPerSecond"
| extend NetworkInterface=tostring(todynamic(Tags)["vm.azm.ms/networkDeviceId"])
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Nework Write (bytes/sec) AlertCompute/virtualMachinesAverageGreaterThan10000000PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "Network" and Name == "WriteBytesPerSecond"
| extend NetworkInterface=tostring(todynamic(Tags)["vm.azm.ms/networkDeviceId"])
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM OS Disk Read Latency AlertCompute/virtualMachinesAverageGreaterThan25PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "ReadLatencyMs"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk
NMonitor virtual machines with Azure Monitor: Alerts
Deploy VM OS Disk Free Space Percentage AlertCompute/virtualMachinesAverageLessThan10PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "FreeSpacePercentage"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM OS Disk Write Latency AlertCompute/virtualMachinesAverageGreaterThan25PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "WriteLatencyMs"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk
NMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Processor Utilization Percentage AlertCompute/virtualMachinesAverageGreaterThan85PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "Processor" and Name == "UtilizationPercentage"
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Available Memory Percentage AlertCompute/virtualMachinesAverageLessThan10PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "Memory" and Name == "AvailableMB"
| extend TotalMemory = toreal(todynamic(Tags)["vm.azm.ms/memorySizeMB"])
| extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0
| summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId
YMonitor virtual machines with Azure Monitor: Alerts

Recovery Vault Alerts

The following policy disables the classic alerts that are available in Azure Backup and enables the Azure Monitor alerts.

Security Alerts and Job Failure alerts are summarized in the “Using Backup Center” documentation.

PolicyNameComponentCategoryScopeSupport for Multiple ResourcesVerifiedReferences
Deploy RV Backup Health Monitoring AlertsMicrosoft.RecoveryServices/VaultsMicrosoft.RecoveryServices/vaults/monitoringSettings.classicAlertSettings.alertsForCriticalOperationsResourceNoYAzure Monitor Alerts for Azure Backup
Move to Azure Monitor Alerts