Azure Monitor Baseline Alerts
Download AlertsGlossaryGitHubGitHub IssuesToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

Alerts Details

To download specific alerts for the AMBA-ALZ pattern, click the Download icon (highlighted in red below) in the top right corner of the page.

Alert-Details Download icon

For details on which policy alert rules are included in the AMBA-ALZ pattern, visit the Policy-Initiatives page.

The provided resources, metric alerts, and configurations are intended as a starting point to address key monitoring questions such as “What should we monitor in Azure?” and “What alert settings should we use?”. These settings cover the most common components of an Azure Landing Zone. However, we recommend customizing these settings to better suit your specific monitoring needs and Azure usage.

If you have suggestions for additional resources to include, open an Issue on this page with the Azure resource provider and settings you would like to see implemented. While we cannot guarantee implementation, we will carefully consider all suggestions. Alternatively, if you wish to contribute directly, follow the steps in the Contributor Guide.

AMBA-ALZ Pattern Metric Alerts Settings

The values for Aggregation, Operator, Threshold, WindowSize, Frequency, and Severity are based on field experience and customer implementations. Alerts are derived from Microsoft public guidance where available (indicated by ‘Yes’ in the Verified column) and practical application experience where public guidance is not available (indicated by ‘No’ in the Verified column). Links to Product Group guidance are provided in the References column. Where no guidance is available, a link to the metric description on learn.microsoft.com is included.

The Scope column indicates where alerts are scoped as described in Introduction to deploying the AMBA-ALZ Pattern.

Only a limited number of resources support metric alert rules scoped at the subscription level, and these metric alerts apply only to resources deployed within the same region. The Support for Multiple Resources column indicates which resources support metric alerts at the subscription level. For a comprehensive list of resources that support metric alert rules at the subscription level, click here.

The table is designed to minimize horizontal scrolling, but it contains substantial information. We recommend clicking on the specific alert name to directly access the JSON definition of the alert.
Alert NameComponentMetricAggregationOperatorThresholdWindowFrequencySeverityScopeSupport for Multiple ResourcesVerifiedReferences
Deploy Automation Account TotalJob AlertMicrosoft.Automation/automationAccountsTotalJobAverageGreaterThan0PT5MPT1M2ResourceNoNAzure Automation Azure Monitor Metrics
Deploy KeyVault Availability AlertMicrosoft.KeyVault/vaultsAvailabilityAverageLessThan90PT5MPT1M1ResourceYesYMonitoring KeyVault Reference Monitoring Microsoft.KeyVault/vaults KeyVault Insights Overview
Deploy KeyVault Capacity AlertMicrosoft.KeyVault/vaultsSaturationShoeboxAverageGreaterThan75PT5MPT1M1ResourceYesYMonitoring KeyVault Reference Monitoring Microsoft.KeyVault/vaults KeyVault Insights Overview
Deploy KeyVault Latency AlertMicrosoft.KeyVault/vaultsServiceApiLatencyAverageGreaterThan1000PT5MPT5M3ResourceYesYMonitoring KeyVault Reference Monitoring Microsoft.KeyVault/vaults KeyVault Insights Overview
Deploy KeyVault Requests AlertMicrosoft.KeyVault/vaultsServiceApiResultAverageGreaterThandynamicPT5MPT5M2ResourceYesYMonitoring KeyVault Reference Monitoring Microsoft.KeyVault/vaults KeyVault Insights Overview
Deploy Azure Application Gateway BackendLastByteResponseTime AlertMicrosoft.Network/applicationGatewaysBackendLastByteResponseTimeTotalGreaterThandynamicPT5MPT1M2ResourceNoNMonitoring Azure Application Gateway data reference Metrics for Application Gateway Monitoring Azure Application Gateway
Deploy AFW FirewallHealth AlertMicrosoft.Network/azureFirewallsFirewallHealthAverageLessThan90PT5MPT1M0ResourceNoNOverview of Azure Firewall logs and metrics
Deploy AFW SNATPortUtilization AlertMicrosoft.Network/azureFirewallsSNATPortUtilizationAverageGreaterThan80PT5MPT1M1ResourceNoNOverview of Azure Firewall logs and metrics
Deploy ExpressRoute Circuits ARP Availability AlertMicrosoft.Network/expressRouteCircuitsArpAvailabilityAverageLessThan90PT5MPT1M0ResourceNoYMonitor ExpressRoute Alerts ExpressRoute KQL Queries
Deploy ExpressRoute Circuits BGP Availability AlertMicrosoft.Network/expressRouteCircuitsBgpAvailabilityAverageLessThan90PT5MPT1M0ResourceNoYMonitor ExpressRoute Alerts ExpressRoute KQL Queries
Deploy ExpressRoute Circuits QosDropBitsInPerSecond AlertMicrosoft.Network/expressRouteCircuitsQosDropBitsInPerSecondAverageGreaterThandynamicPT5MPT5M2ResourceNoNMonitor ExpressRoute Alerts ExpressRoute KQL Queries
Deploy ExpressRoute Circuits QosDropBitsOutPerSecond AlertMicrosoft.Network/expressRouteCircuitsQosDropBitsOutPerSecondAverageGreaterThandynamicPT5MPT5M2ResourceNoNMonitor ExpressRoute Alerts ExpressRoute KQL Queries
Deploy ERG ExpressRoute Bits In AlertMicrosoft.Network/expressRouteGatewaysERGatewayConnectionBitsInPerSecondAverageLessThan1PT5MPT5M0ResourceNoNExpressRoute Monitoring Metrics Alerts for ExpressRoute Gateways
Deploy ERG ExpressRoute Bits Out AlertMicrosoft.Network/expressRouteGatewaysERGatewayConnectionBitsOutPerSecondAverageLessThan1PT5MPT5M0ResourceNoNExpressRoute Monitoring Metrics Alerts for ExpressRoute Gateways
Deploy ERG ExpressRoute CPU Utilization AlertMicrosoft.Network/expressRouteGatewaysExpressRouteGatewayCpuUtilizationAverageGreaterThan80PT5MPT1M1ResourceNoYExpressRoute Monitoring Metrics Alerts for ExpressRoute Gateways
Deploy ER Direct Connection BitsInPerSecond AlertMicrosoft.Network/expressRoutePortsPortBitsInPerSecondAverageLessThan1PT5MPT5M0ResourceNoN
Deploy ER Direct Connection BitsOutPerSecond AlertMicrosoft.Network/expressRoutePortsPortBitsOutPerSecondAverageLessThan1PT5MPT5M0ResourceNoN
Deploy ER Direct LineProtocol AlertMicrosoft.Network/expressRoutePortsLineProtocolAverageLessThan0.9PT5MPT5M0ResourceNoN
Deploy ER Direct RxLightLevel High AlertMicrosoft.Network/expressRoutePortsRxLightLevelAverageGreaterThan0PT5MPT5M1ResourceNoN
Deploy ER Direct RxLightLevel Low AlertMicrosoft.Network/expressRoutePortsRxLightLevelAverageLessThan-10PT5MPT5M1ResourceNoN
Deploy ER Direct TxLightLevel High AlertMicrosoft.Network/expressRoutePortsTxLightLevelAverageGreaterThan0PT5MPT5M1ResourceNoN
Deploy ER Direct TxLightLevel Low AlertMicrosoft.Network/expressRoutePortsTxLightLevelAverageLessThan-10PT5MPT5M1ResourceNoN
Deploy ALB Data Path Availability AlertMicrosoft.Network/loadBalancersVipAvailabilityAverageLessThan90PT5MPT1M0ResourceNoYAzure Monitor supported metrics by resource type - Azure Load Balancer Azure Load Balancer Multi-Demensional-Metrics Is The Data Path Up and Available for My Load-Balancer
Deploy ALB Global Backend Availability AlertMicrosoft.Network/loadBalancersGlobalBackendAvailabilityAverageLessThan90PT5MPT1M0ResourceNoNAzure Monitor supported metrics by resource type - Azure Load Balancer
Deploy ALB Health Probe Status AlertMicrosoft.Network/loadBalancersDipAvailabilityAverageLessThan90PT5MPT1M0ResourceNoYAzure Monitor supported metrics by resource type - Azure Load Balancer Are Backend Instances for my Load-Balancer Responding to Probes
Deploy ALB Used SNAT Ports AlertMicrosoft.Network/loadBalancersUsedSNATPortsAverageGreaterThan900PT5MPT1M1ResourceNoYAzure Monitor supported metrics by resource type - Azure Load Balancer Load-Balancer Alerts Check My SNAT Port Usage and Allocation
Deploy PDNSZ Capacity Utilization AlertMicrosoft.Network/privateDnsZonesVirtualNetworkLinkCapacityUtilizationMaximumGreaterThanOrEqual80PT1HPT1H2ResourceNoNPrivate DNS Alert Metrics
Deploy PDNSZ Query Volume AlertMicrosoft.Network/privateDnsZonesQueryVolumeTotalGreaterThanOrEqual500PT1HPT1H4ResourceNoNPrivate DNS Alert Metrics
Deploy PDNSZ Record Set Capacity AlertMicrosoft.Network/privateDnsZonesRecordSetCapacityUtilizationMaximumGreaterThanOrEqual80PT1HPT1H2ResourceNoNPrivate DNS Alert Metrics
Deploy PDNSZ Registration Capacity Utilization AlertMicrosoft.Network/privateDnsZonesVirtualNetworkWithRegistrationCapacityUtilizationMaximumGreaterThanOrEqual80PT1HPT1H2ResourceNoNPrivate DNS Alert Metrics
Deploy PIP Bytes in DDoS Attack AlertMicrosoft.Network/publicIPAddressesBytesInDDoSMaximumGreaterThan8000000PT5MPT5M4ResourceNoNMonitor Public IP Addresses Public IP Addresses Supported Metrics
Deploy PIP DDoS Attack AlertMicrosoft.Network/publicIPAddressesIfUnderDDoSAttackMaximumGreaterThan0PT5MPT5M1ResourceNoYMonitor Public IP Addresses Public IP Addresses Supported Metrics
Deploy PIP Packets in DDoS Attack AlertMicrosoft.Network/publicIPAddressesPacketsInDDoSTotalGreaterThanOrEqual40000PT5MPT5M4ResourceNoNMonitor Public IP Addresses Public IP Addresses Supported Metrics
Deploy PIP VIP Availability AlertMicrosoft.Network/publicIPAddressesVipAvailabilityAverageLessThan90PT5MPT1M1ResourceNoNMonitor Public IP Addresses Public IP Addresses Supported Metrics
Deploy VNetG Tunnel Bandwidth AlertMicrosoft.Network/virtualNetworkGatewaysTunnelAverageBandwidthAverageLessThan1PT5MPT1M0ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Tunnel Egress AlertMicrosoft.Network/virtualNetworkGatewaysTunnelEgressBytesAverageLessThan1PT5MPT5M0ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Egress Packet Drop Count AlertMicrosoft.Network/virtualNetworkGatewaysTunnelEgressPacketDropCountAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Egress Packet Drop Mismatch AlertMicrosoft.Network/virtualNetworkGatewaysTunnelEgressPacketDropTSMismatchAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG ExpressRoute Bits Per Second AlertMicrosoft.Network/virtualNetworkGatewaysExpressRouteGatewayBitsPerSecondAverageLessThan1PT5MPT1M0ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG ExpressRoute CPU Utilization AlertMicrosoft.Network/virtualNetworkGatewaysExpressRouteGatewayCpuUtilizationAverageGreaterThan80PT5MPT1M1ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Tunnel Ingress AlertMicrosoft.Network/virtualNetworkGatewaysTunnelIngressBytesAverageLessThan1PT5MPT5M0ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Ingress Packet Drop Count AlertMicrosoft.Network/virtualNetworkGatewaysTunnelIngressPacketDropCountAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNetG Egress Packet Drop Mismatch AlertMicrosoft.Network/virtualNetworkGatewaysTunnelIngressPacketDropTSMismatchAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/virtualnetworkgateways
Deploy VNet DDoS Attack AlertMicrosoft.Network/virtualNetworksIfUnderDDoSAttackMaximumGreaterThan0PT5MPT1M1ResourceNoNSupported metrics for Microsoft.Network/virtualNetworks
Deploy VPNG Bandwidth Utilization AlertMicrosoft.Network/vpnGatewaysTunnelAverageBandwidthAverageLessThan1PT5MPT1M0ResourceNoNActivity Log Service Notifications Best practices for setting up service health alerts
Deploy VPNG BGP Peer Status AlertMicrosoft.Network/vpnGatewaysBgpPeerStatusTotalLessThan1PT5MPT1M0ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VPNG Egress AlertMicrosoft.Network/vpnGatewaysTunnelEgressBytesAverageLessThan1PT5MPT5M0ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VPNG Egress Packet Drop Count AlertMicrosoft.Network/vpnGatewaysTunnelEgressPacketDropCountAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VPNG Egress Packet Drop Mismatch AlertMicrosoft.Network/vpnGatewaysTunnelEgressPacketDropTSMismatchAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VPNG Ingress AlertMicrosoft.Network/vpnGatewaysTunnelIngressBytesAverageLessThan1PT5MPT5M0ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VNetG Ingress Packet Drop Count AlertMicrosoft.Network/vpnGatewaysTunnelIngressPacketDropCountAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy VPNG Ingress Packet Drop Mismatch AlertMicrosoft.Network/vpnGatewaysTunnelIngressPacketDropTSMismatchAverageGreaterThandynamicPT5MPT5M3ResourceNoNSupported metrics for microsoft.network/vpngateways
Deploy SA Availability AlertMicrosoft.Storage/storageAccountsAvailabilityAverageLessThan100PT5MPT5M1ResourceNoYMonitoring Availability Supported metrics for Microsoft.Storage/storageAccounts
Deploy SA Throttling AlertMicrosoft.Storage/storageAccounts/fileServicesTransactionsTotalGreaterThanOrEqual1PT15MPT5M2ResourceNoNHigh latency, low throughput, or low IOPS

1 For more details on why the availability alert thresholds are lower than 100% in this solution when the product group documentation recommends 100%, see the FAQ.

AMBA-ALZ Pattern Activity Log Alerts

Activity Log Resource Health

Refer to the following sections to quickly identify any Service Health issues with an Azure resource. This will save you time troubleshooting and allow you to focus on communicating with your user base or incorporating these alerts into your business continuity actions (remediations).

Alert Policy NameAlert NametargetScopeCategoryProperties.causeProperties.currentHealthStatusScopeVerifiedReferences
Deploy Resource Health Unhealthy AlertResourceHealthUnhealthyAlertmanagementGroupResourceHealth
[
  "PlatoformInitiated",
  "UserInitiated"
]
[
  "Degraded",
  "Unavailable"
]
SubscriptionNResource Health Best practices for setting up service health alerts

Service Health Alerts

Alert Policy NameAlert NamePolicyScopeCategoryProperties.incidentTypeScopeDocumentedReferences
Deploy Service Health Advisory AlertServiceHealthAdvisoryEventmanagementGroupServiceHealthActionRequiredSubscriptionYesActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Service Health Incident AlertServiceHealthIncidentmanagementGroupServiceHealthIncidentSubscriptionYesActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Service Health Maintenance AlertServiceHealthPlannedMaintenancemanagementGroupServiceHealthMaintenanceSubscriptionYesActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Service Health Security Advisory AlertServiceHealthSecurityIncidentmanagementGroupServiceHealthSecuritySubscriptionYesActivity Log Service Notifications Best practices for setting up service health alerts

Activity Log Administrative

The table below lists several operational Activity Log alerts designed to notify your team when specific resources are deleted.

While there is no specific guidance per resource type, the provided information offers general advice on alerting for the deletion of particular resources. This list may expand in the future, and you are encouraged to create your own alerts following the pattern used for these Activity Log alerts.

Alert Policy NameAlert NamePolicyScopecategoryoperationNamestatusScopeDocumentedReferences
Deploy Activity Log Key Vault Delete AlertActivityKeyVaultDeletemanagementGroupAdministrativeMicrosoft.KeyVault/vaults/delete[succeeded]SubscriptionNoActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Activity Log Azure Firewall Delete AlertActivityAzureFirewallDeletemanagementGroupAdministrativeMicrosoft.Network/azureFirewalls/delete[succeeded]ResourceNoActivity Log Service Notifications Best practices for setting up service health alerts
Policy to Deploy Activity Log NSG Delete AlertActivityNSGDeletemanagementGroupAdministrativeMicrosoft.Network/networkSecurityGroups/delete[succeeded]ResourceNoActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Activity Log Route Table Update AlertActivityUDRUpdatemanagementGroupAdministrativeMicrosoft.Network/routeTables/routes/write[succeeded]ResourceNoActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Activity Log VPN Gateway Delete AlertActivityVPNGatewayDeletemanagementGroupAdministrativeMicrosoft.Network/vpnGateways/delete[succeeded]SubscriptionNo
Deploy Activity Log LA Workspace Delete AlertActivityLAWorkspaceDeletemanagementGroupAdministrativeMicrosoft.OperationalInsights/workspaces/delete[succeeded]SubscriptionNoActivity Log Service Notifications Best practices for setting up service health alerts
Deploy Activity Log LA Workspace Regenerate Key AlertActivityLAWorkspaceRegenKeymanagementGroupAdministrativeMicrosoft.OperationalInsights/workspaces/regeneratesharedkey/action[succeeded]SubscriptionNoActivity Log Service Notifications Best practices for setting up service health alerts

VM Insights Log Alerts

Once VM Insights is enabled in your environment, the following alert rules can be configured via the Baseline Alerts framework.

N/A: Not applicable, not used in the query or used as a parameter.

Alert NameComponentAggregationOperatorThresholdWindowSizeFrequencyResolveTimeFailingPeriodsDimensionsSeverityQueryVerifiedReferences
Deploy VM Data Disk Read Latency AlertCompute/virtualMachinesAverageGreaterThan25PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "ReadLatencyMs"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk !in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated,15m), Computer, _ResourceId, Disk
NMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Data Disk Free Space Percentage AlertCompute/virtualMachinesAverageLessThan10PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk"and Name == "FreeSpacePercentage"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk !in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated,15m), Computer, _ResourceId, Disk
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Data Disk Write Latency AlertCompute/virtualMachinesAverageGreaterThan25PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "WriteLatencyMs"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk !in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated,15m), Computer, _ResourceId, Disk
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Nework Read (bytes/sec) AlertCompute/virtualMachinesAverageGreaterThan10000000PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "Network" and Name == "ReadBytesPerSecond"
| extend NetworkInterface=tostring(todynamic(Tags)["vm.azm.ms/networkDeviceId"])
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Nework Write (bytes/sec) AlertCompute/virtualMachinesAverageGreaterThan10000000PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "Network" and Name == "WriteBytesPerSecond"
| extend NetworkInterface=tostring(todynamic(Tags)["vm.azm.ms/networkDeviceId"])
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM OS Disk Read Latency AlertCompute/virtualMachinesAverageGreaterThan25PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "ReadLatencyMs"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk
NMonitor virtual machines with Azure Monitor: Alerts
Deploy VM OS Disk Free Space Percentage AlertCompute/virtualMachinesAverageLessThan10PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "FreeSpacePercentage"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM OS Disk Write Latency AlertCompute/virtualMachinesAverageGreaterThan25PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  },
  {
    "name": "Disk",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "WriteLatencyMs"
| extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"])
| where Disk in ('C:','/')
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk
NMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Processor Utilization Percentage AlertCompute/virtualMachinesAverageGreaterThan85PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "Processor" and Name == "UtilizationPercentage"
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId
YMonitor virtual machines with Azure Monitor: Alerts
Deploy VM Available Memory Percentage AlertCompute/virtualMachinesAverageLessThan10PT15MPT5M0:10:00
{
  "minFailingPeriodsToAlert": 1,
  "numberOfEvaluationPeriods": 1
}
[
  {
    "name": "Computer",
    "operator": "Include",
    "values": [
      "*"
    ]
  }
]
2
InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "Memory" and Name == "AvailableMB"
| extend TotalMemory = toreal(todynamic(Tags)["vm.azm.ms/memorySizeMB"])
| extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0
| summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId
YMonitor virtual machines with Azure Monitor: Alerts

Recovery Vault Alerts

The following policy disables the classic alerts available in Azure Backup and enables the Azure Monitor alerts.

Security Alerts and Job Failure alerts are summarized in the “Using Backup Center” documentation.

PolicyNameComponentCategoryScopeSupport for Multiple ResourcesVerifiedReferences
Deploy RV Backup Health Monitoring AlertsMicrosoft.RecoveryServices/VaultsMicrosoft.RecoveryServices/vaults/monitoringSettings.classicAlertSettings.alertsForCriticalOperationsResourceNoYAzure Monitor Alerts for Azure Backup
Move to Azure Monitor Alerts