Policy Initiatives
OverviewService Health InitiativeNotification Assets InitiativeConnectivity Initiative - Part #1Connectivity Initiative - Part #2Management InitiativeIdentity InitiativeAzure VM InitiativeHybrid VM InitiativeKey Management InitiativeLoad Balancing InitiativeNetwork Changes InitiativeRecovery Services InitiativeStorage InitiativeWeb InitiativeLanding Zone Initiative (Deprecated)
This document details the AMBA-ALZ pattern Azure policy initiatives used for deploying the AMBA-ALZ baselines. For references on individual alerts/policies, refer to Alert Details.
This initiative is intended for relevant policy assignment service health alerts in ALZ. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern, this will assign to the alz intermediate root management group structure in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Service Health Action Group | Deploy_ServiceHealth_ActionGroups | ALZ_ServiceHealth_ActionGroups | Deploy-ServiceHealth-ActionGroups.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Resource Health Unhealthy Alert | Deploy_activitylog_ResourceHealth_Unhealthy_Alert | ALZ_ResHlthUnhealthy | Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Service Health Advisory Alert | Deploy_activitylog_ServiceHealth_HealthAdvisory | ALZ_SvcHlthAdvisory | Deploy-ActivityLog-ServiceHealth-Health.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Service Health Incident Alert | Deploy_activitylog_ServiceHealth_Incident | ALZ_SvcHlthIncident | Deploy-ActivityLog-ServiceHealth-Incident.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Service Health Maintenance Alert | Deploy_activitylog_ServiceHealth_Maintenance | ALZ_SvcHlthMaintenance | Deploy-ActivityLog-ServiceHealth-Maintenance.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Service Health Security Advisory Alert | Deploy_activitylog_ServiceHealth_SecurityAdvisory | ALZ_svcHlthSecAdvisory | Deploy-ActivityLog-ServiceHealth-Security.json | disabled |
This initiative is intended for relevant policy assignment to notification in AMBA-ALZ. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern, this will assign to the alz intermediate root management group structure in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Notification Assets | Deploy_AlertProcessing_Rule | ALZ_AlertProcessing_Rule | Deploy-AlertProcessingRule-Deploy.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Notification Suppression Assets | Deploy_Suppression_AlertProcessing_Rule | ALZ_Suppression_AlertProcessing_Rule | Deploy-AlertProcessingRule-Suppression.json | deployIfNotExists |
This initiative is intended for relevant policy assignment to networking components in ALZ. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern, this will assign policies to the alz-platform-connectivity management group structure in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ExpressRoute Circuits QosDropBitsInPerSecond Alert | Deploy_ERCIR_QosDropBitsInPerSecond_Alert | ALZ_ERCIRQoSDropBitsinPerSec | Deploy-ERCIR-QOSDropsBitsIn-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ExpressRoute Circuits QosDropBitsOutPerSecond Alert | Deploy_ERCIR_QosDropBitsOutPerSecond_Alert | ALZ_ERCIRQoSDropBitsoutPerSec | Deploy-ERCIR-QOSDropsBitsOut-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VPNG BGP Peer Status Alert | Deploy_VPNGw_BGPPeerStatus_Alert | ALZ_VPNGwBGPPeerStatus | Deploy-VPNG-BGPPeerStatus-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNetG ExpressRoute CPU Utilization Alert | Deploy_VnetGw_ExpressRouteCpuUtil_Alert | ALZ_VnetGwERCpuUtil | Deploy-VNETG-ERGCPUUtilization-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNetG Tunnel Bandwidth Alert | Deploy_VnetGw_TunnelBandwidth_Alert | ALZ_VnetGwTunnelBW | Deploy-VNETG-BandwidthUtilization-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNetG Tunnel Egress Alert | Deploy_VnetGw_TunnelEgress_Alert | ALZ_VnetGwTunnelEgress | Deploy-VNETG-Egress-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNetG Tunnel Ingress Alert | Deploy_VnetGw_TunnelIngress_Alert | ALZ_VnetGwTunnelIngress | Deploy-VNETG-Ingress-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VPNG Bandwidth Utilization Alert | Deploy_VPNGw_BandwidthUtil_Alert | ALZ_VPNGWBandWidthUtil | Deploy-VPNG-BandwidthUtilization-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VPNG Egress Alert | Deploy_VPNGw_Egress_Alert | ALZ_VPNGWEgress | Deploy-VPNG-Egress-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VPNG Egress Packet Drop Count Alert | Deploy_VPNGw_TunnelEgressPacketDropCount_Alert | ALZ_VPNGWTunnelEgressPacketDropCount | Deploy-VPNG-EgressPacketDropCount-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VPNG Egress Packet Drop Mismatch Alert | Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert | ALZ_VPNGWTunnelEgressPacketDropMismatch | Deploy-VPNG-EgressPacketDropMismatch-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VPNG Ingress Alert | Deploy_VPNGw_Ingress_Alert | ALZ_VPNGWIngress | Deploy-VPNG-Ingress-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VPNG Ingress Packet Drop Count Alert | Deploy_VPNGw_TunnelIngressPacketDropCount_Alert | ALZ_VPNGWTunnelIngressPacketDropCount | Deploy-VPNG-IngressPacketDropCount-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VPNG Ingress Packet Drop Mismatch Alert | Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert | ALZ_VPNGWTunnelIngressPacketDropMismatch | Deploy-VPNG-IngressPacketDropMismatch-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PDNSZ Capacity Utilization Alert | Deploy_PDNSZ_CapacityUtil_Alert | ALZ_PDNSZCapacityUtil | Deploy-PDNSZ-CapacityUtilization-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PDNSZ Query Volume Alert | Deploy_PDNSZ_QueryVolume_Alert | ALZ_PDNSZQueryVolume | Deploy-PDNSZ-QueryVolume-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PDNSZ Record Set Capacity Alert | Deploy_PDNSZ_RecordSetCapacity_Alert | ALZ_PDNSZRecordSetCapacity | Deploy-PDNSZ-RecordSetCapacity-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PDNSZ Registration Capacity Utilization Alert | Deploy_DNSZ_RegistrationCapacityUtil_Alert | ALZ_PDNSZRegistrationCapacityUtil | Deploy-PDNSZ-RegistrationCapacityUtilization-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ERG ExpressRoute Bits In Alert | Deploy_ERGw_ExpressRouteBitsIn_Alert | ALZ_ERGwExpressRouteBitsIn | Deploy-ERG-BitsInPerSecond-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ERG ExpressRoute Bits Out Alert | Deploy_ERGw_ExpressRouteBitsOut_Alert | ALZ_ERGwExpressRouteBitsOut | Deploy-ERG-BitsOutPerSecond-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ERG ExpressRoute CPU Utilization Alert | Deploy_ERGw_ExpressRouteCpuUtil_Alert | ALZ_ERGwExpressRouteCpuUtil | Deploy-ERG-CPUUtilization-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNetG Egress Packet Drop Count Alert | Deploy_VnetGw_TunnelEgressPacketDropCount_Alert | ALZ_VnetGwTunnelEgressPacketDropCount | Deploy-VNETG-EgressPacketDropCount-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNetG Egress Packet Drop Mismatch Alert | Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert | ALZ_VnetGwTunnelEgressPacketDropMismatch | Deploy-VNETG-EgressPacketDropMismatch-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNetG ExpressRoute Bits Per Second Alert | Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert | ALZ_VnetGwExpressRouteBitsPerSecond | Deploy-VNETG-ERGBitsPerSecond-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNetG Ingress Packet Drop Mismatch Alert | Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert | ALZ_VnetGwTunnelIngressPacketDropMismatch | Deploy-VNETG-IngressPacketDropMismatch-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNetG Ingress Packet Drop Count Alert | Deploy_VnetGw_TunnelIngressPacketDropCount_Alert | ALZ_VnetGwTunnelIngressPacketDropCount | Deploy-VNETG-IngressPacketDropCount-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ExpressRoute Circuits Bgp Availability Alert | Deploy_ERCIR_BgpAvailability_Alert | ALZ_ERCIRBgpAvailability | Deploy-ERCIR-BGPAvailability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ExpressRoute Circuits Arp Availability Alert | Deploy_ERCIR_ArpAvailability_Alert | ALZ_ERCIRArpAvailability | Deploy-ERCIR-ARPAvailability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AFW SNATPortUtilization Alert | Deploy_AFW_SNATPortUtilization_Alert | ALZ_AFWSNATPortUtilization | Deploy-AFW-SNATPortUtilization-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP Bytes in DDoS Attack Alert | Deploy_PublicIp_BytesInDDoSAttack_Alert | ALZ_PIPBytesInDDoSEvaluationFrequency | Deploy-PIP-BytesInDDOSAttack-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP DDoS Attack Alert | Deploy_PublicIp_DDoSAttack_Alert | ALZ_PIPDDoSAttack | Deploy-PIP-DDOSAttack-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP Packets in DDoS Attack Alert | Deploy_PublicIp_PacketsInDDoSAttack_Alert | ALZ_PIPPacketsInDDoS | Deploy-PIP-PacketsInDDOS-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP VIP Availability Alert | Deploy_PublicIp_VIPAvailability_Alert | ALZ_PIPVIPAvailability | Deploy-PIP-VIPAvailability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNet DDoS Attack Alert | Deploy_VNET_DDoSAttack_Alert | ALZ_VNETDDOSAttack | Deploy-VNET-DDOSAttack-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AFW FirewallHealth Alert | Deploy_AFW_FirewallHealth_Alert | ALZ_FirewallHealth | Deploy-AFW-FirewallHealth-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Azure FireWall Delete Alert | Deploy_activitylog_Firewall_Delete | ALZ_activityFWDelete | Deploy-ActivityLog-AzureFirewall-Del.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log NSG Delete Alert | Deploy_activitylog_NSG_Delete | ALZ_activityNSGDelete | Deploy-ActivityLog-NSG-Del.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Route Table Update Alert | Deploy_activitylog_RouteTable_Update | ALZ_activityUDRUpdate | Deploy-ActivityLog-RouteTable-Update.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Route Table Delete Alert | Deploy_activitylog_RouteTable_Delete | ALZ_activityUDRDelete | Deploy-ActivityLog-RouteTable-Delete.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Routes Delete Alert | Deploy_activitylog_RouteTable_Routes_Delete | ALZ_activityUDRRoutesDelete | Deploy-ActivityLog-RouteTable-Routes-Delete.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log VPN Gateway Delete Alert | Deploy_activitylog_VPNGateway_Delete | ALZ_activityVPNGWDelete | Deploy-ActivityLog-VPNG-Del.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Data Path Availability Alert | Deploy_ALB_DataPathAvailability_Alert | ALZ_LBDataPathAvailability | Deploy-LB-DatapathAvailability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Global Backend Availability Alert | Deploy_ALB_GlobalBackendAvailability_Alert | ALZ_LBGlobalBackendAvailability | Deploy-LB-GlobalBackendAvailability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Health Probe Status Alert | Deploy_ALB_HealthProbeStatus_Alert | ALZ_LBHealthProbeStatus | Deploy-LB-HealthProbeStatus-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Used SNAT Ports Alert | Deploy_ALB_UsedSNATPorts_Alert | ALZ_LBUsedSNATPorts | Deploy-LB-UsedSNATPorts-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ER Direct ExpressRoute Bits In Alert | Deploy_ERP_ExpressRouteBitsIn_Alert | ALZ_ERPBitsInPerSecond | Deploy-ERP-BitsInPerSecond-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ER Direct ExpressRoute Bits Out Alert | Deploy_ERP_ExpressRouteBitsOut_Alert | ALZ_ERPBitsOutPerSecond | Deploy-ERP-BitsOutPerSecond-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ER Direct ExpressRoute LineProtocol Alert | Deploy_ERP_ExpressRoutLineProtocol_Alert | ALZ_ERPLineProtocol | Deploy-ERP-LineProtocol-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ER Direct ExpressRoute RxLightLevel High Alert | Deploy_ERP_ExpressRoutRxLightLevel_Alert | ALZ_ERPRxLightLevelHigh | Deploy-ERP-RxLightLevelHigh-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ER Direct ExpressRoute RxLightLevel Low Alert | Deploy_ERP_ExpressRoutRxLightLevellow_Alert | ALZ_ERPRxLightLevelLow | Deploy-ERP-RxLightLevelLow-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ER Direct ExpressRoute TxLightLevel High Alert | Deploy_ERP_ExpressRoutTxLightLevell_Alert | ALZ_ERPTxLightLevelHigh | Deploy-ERP-TxLightLevelHigh-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ER Direct ExpressRoute TxLightLevel Low Alert | Deploy_ERP_ExpressRoutTxLightLevellow_Alert | ALZ_ERPTxLightLevelLow | Deploy-ERP-TxLightLevelLow-Alert.json | disabled |
This second part of the initiative is intended for relevant policy assignment to networking components in ALZ. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern, this will assign policies to the alz-platform-connectivity management group structure in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - P2S Bandwidth Alert | Deploy-P2SVPNGateways-P2SBandwidth-Alert | ALZ_P2SVPNGatewaysP2SBandwidth | Deploy-p2svpngateways-P2SBandwidth-Alert.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - User Vpn Route Count Alert | Deploy-P2SVPNGateways-P2SConnectionCount-Alert | ALZ_P2SVPNGatewaysP2SConnectionCount | Deploy-p2svpngateways-P2SConnectionCount-Alert.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - User Vpn Route Count Alert | Deploy-P2SVPNGateways-UserVpnRouteCount-Alert | ALZ_P2SVPNGatewaysUserVpnRouteCount | Deploy-p2svpngateways-UserVpnRouteCount-Alert.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Virtual Hubs Bgp Peer Status Alert | Deploy-VirtualHubs-BgpPeerStatus-Alert | ALZ_VirtualHubsBgpPeerStatus | Deploy-VirtualHubs-BgpPeerStatus-Alert.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Count Of Routes Learned From Peer Alert | Deploy-VirtualHubs-CountOfRoutesLearnedFromPeer-Alert | ALZ_VirtualHubsCountOfRoutesLearnedFromPeer | Deploy-VirtualHubs-CountOfRoutesLearnedFromPeer-Alert.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Virtual Hubs Count Of Routes Advertised To Peer Alert | Deploy-VirtualHubs-CountOfRoutesAdvertisedToPeer-Alert | ALZ_VirtualHubsCountOfRoutesAdvertisedToPeer | Deploy-VirtualHubs-CountOfRoutesAdvertisedToPeer-Alert.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Spoke VM Utilization Alert | Deploy-VirtualHubs-SpokeVMUtilization-Alert | ALZ_VirtualHubsSpokeVMUtilization | Deploy-VirtualHubs-SpokeVMUtilization-Alert.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Routing Infrastructure Units Alert | Deploy-VirtualHubs-RoutingInfrastructureUnits-Alert | ALZ_VirtualHubsRoutingInfrastructureUnits | Deploy-VirtualHubs-RoutingInfrastructureUnits-Alert.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Virtual Hub Data Processed Alert | Deploy-VirtualHubs-VirtualHubDataProcessed-Alert | ALZ_VirtualHubsVirtualHubDataProcessed | Deploy-VirtualHubs-VirtualHubDataProcessed-Alert.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AFW ApplicationRuleHit Alert | Deploy_AFW_ApplicationRuleHit_Alert | ALZ_AFWApplicationRuleHit | Deploy-AFW-ApplicationRuleHit-Alert.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Express Route Gateway Active Flows Alert | Deploy_ERGw_ExpressRouteGatewayActiveFlows_Alert | ALZ_ERGwExpressRouteGatewayActiveFlows | Deploy-ERG-ExpressRouteGatewayActiveFlows-Alert.json | disabled |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AFW NetworkRuleHit Alert | Deploy_AFW_NetworkRuleHit_Alert | ALZ_AFWNetworkRuleHit | Deploy-AFW-NetworkRuleHit-Alert.json | deployIfNotExists |
This initiative is intended for relevant policy assignment to management components in AMBA-ALZ. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern, this will assign policies to the alz-platform-management group structure in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log LA Workspace Delete Alert | Deploy_activitylog_LAWorkspace_Delete | ALZ_activityLAWDelete | Deploy-ActivityLog-LAWorkspace-Del.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log LA Workspace Regenerate Key Alert | Deploy_activitylog_LAWorkspace_KeyRegen | ALZ_activityLAWKeyRegen | Deploy-ActivityLog-LAWorkspace-KeyRegen.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - LA Workspace Daily Cap Limit Reached Alert | Deploy_LAWorkspace_DailyCapLimitReached_Alert | ALZ_LAWorkspaceDailyCapLimitReached | Deploy-LAWorkspace-DailyCapLimitReached-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Automation Account TotalJob Alert | Deploy_AA_TotalJob_Alert | ALZ_AATotalJob | Deploy-AA-TotalJob-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - RV Backup Health Monitoring Alerts | Deploy_RecoveryVault_BackupHealthMonitor_Alert | ALZ_RVBackupHealth | Modify-RSV-BackupHealth-Alert.json | modify |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - RV ASR Health Monitoring Alerts | Deploy_RecoveryVault_ASRHealthMonitor_Alert | ALZ_RVASRHealthMonitor | Modify-RSV-ASRHealth-Alert.json | modify |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - SA Availability Alert | Deploy_StorageAccount_Availability_Alert | ALZ_StorageAccountAvailability | Deploy-SA-Availability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Storage Account Delete Alert | Deploy_activitylog_StorageAccount_Delete | ALZ_activitySADelete | Deploy-ActivityLog-SA-Delete-Alert.json | deployIfNotExists |
This initiative is intended for relevant policy assignment to identity components in ALZ. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern, this will assign policies to the alz-platform-identity management group structure in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Requests Alert | Deploy_KeyVault_Requests_Alert | ALZ_KVRequest | Deploy-KV-Requests-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Availability Alert | Deploy_KeyVault_Availability_Alert | ALZ_KvAvailability | Deploy-KV-Availability-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Latency Alert | Deploy_KeyVault_Latency_Alert | ALZ_KvLatencyAvailability | Deploy-KV-Latency-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Capacity Alert | Deploy_KeyVault_Capacity_Alert | ALZ_KVCapacity | Deploy-KV-Capacity-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Key Vault Delete Alert | Deploy_activitylog_KeyVault_Delete | ALZ_activityKVDelete | Deploy-ActivityLog-KeyVault-Del.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Managed HSMs Availability Alert | Deploy_ManagedHSMs_Availability_Alert | ALZ_ManagedHSMsAvailability | Deploy-HSMs-Availability-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Managed HSMs Latency Alert | Deploy_ManagedHSMs_Latency_Alert | ALZ_ManagedHSMsLatencyAvailability | Deploy-HSMs-Latency-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Managed HSMs Delete Alert | Deploy_ActivityLog_ManagedHSMs_Delete | ALZ_activityManagedHSMsDelete | Deploy-ActivityLog-HSMs-Del.json | deployIfNotExists |
This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern this will be assigned to the Landing Zones management group in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM HeartBeat Alert | Deploy_VM_HeartBeat_Alert | ALZ_VMHeartBeatRG | Deploy-VM-HeartBeat-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Network Read Alert | Deploy_VM_NetworkIn_Alert | ALZ_VMNetworkIn | Deploy-VM-NetworkIn-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Network Write Alert | Deploy_VM_NetworkOut_Alert | ALZ_VMNetworkOut | Deploy-VM-NetworkOut-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM OS Disk Read Latency Alert | Deploy_VM_OSDiskreadLatency_Alert | ALZ_VMOSDiskReadLatency | Deploy-VM-OSDiskReadLatency-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM OS Disk Write Latency Alert | Deploy_VM_OSDiskwriteLatency_Alert | ALZ_VMOSDiskWriteLatency | Deploy-VM-OSDiskWriteLatency-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM OS Disk Space Alert | Deploy_VM_OSDiskSpace_Alert | ALZ_VMOSDiskSpace | Deploy-VM-OSDiskSpace-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM CPU Alert | Deploy_VM_CPU_Alert | ALZ_VMPercentCPU | Deploy-VM-PercentCPU-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Memory Alert | Deploy_VM_Memory_Alert | ALZ_VMPercentMemory | Deploy-VM-PercentMemory-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Data Disk Space Alert | Deploy_VM_dataDiskSpace_Alert | ALZ_VMDataDiskSpace | Deploy-VM-DataDiskSpace-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Data Disk Read Latency Alert | Deploy_VM_dataDiskReadLatency_Alert | ALZ_VMDataDiskReadLatency | Deploy-VM-DataDiskReadLatency-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Data Disk Write Latency Alert | Deploy_VM_dataDiskWriteLatency_Alert | ALZ_VMDataDiskWriteLatency | Deploy-VM-DataDiskWriteLatency-Alert.json | deployIfNotExists |
This initiative is intended for relevant policy assignment to Hybrid VM alerts in AMBA-ALZ. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern, this will be assigned to the ‘alz’ intermediate root management group structure in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM HeartBeat Alert | Deploy_Hybrid_VM_HeartBeat_Alert | ALZ_HybridVMHeartBeatRG | Deploy-Hybrid-VM-HeartBeat-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM Network Read Alert | Deploy_Hybrid_VM_NetworkIn_Alert | ALZ_HybridVMNetworkIn | Deploy-Hybrid-VM-NetworkIn-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM Network Write Alert | Deploy_Hybrid_VM_NetworkOut_Alert | ALZ_HybridVMNetworkOut | Deploy-Hybrid-VM-NetworkOut-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM OS Disk Read Latency Alert | Deploy_Hybrid_VM_OSDiskreadLatency_Alert | ALZ_HybridVMOSDiskReadLatency | Deploy-Hybrid-VM-OSDiskReadLatency-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM OS Disk Write Latency Alert | Deploy_Hybrid_VM_OSDiskwriteLatency_Alert | ALZ_HybridVMOSDiskWriteLatency | Deploy-Hybrid-VM-OSDiskWriteLatency-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM OS Disk Space Alert | Deploy_Hybrid_VM_OSDiskSpace_Alert | ALZ_HybridVMOSDiskSpace | Deploy-Hybrid-VM-OSDiskSpace-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM CPU Alert | Deploy_Hybrid_VM_CPU_Alert | ALZ_HybridVMPercentCPU | Deploy-Hybrid-VM-PercentCPU-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM Memory Alert | Deploy_Hybrid_VM_Memory_Alert | ALZ_HybridVMPercentMemory | Deploy-Hybrid-VM-PercentMemory-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM Data Disk Space Alert | Deploy_Hybrid_VM_dataDiskSpace_Alert | ALZ_HybridVMDataDiskSpace | Deploy-Hybrid-VM-DataDiskSpace-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM Data Disk Read Latency Alert | Deploy_Hybrid_VM_dataDiskReadLatency_Alert | ALZ_HybridVMDataDiskReadLatency | Deploy-Hybrid-VM-DataDiskReadLatency-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM Data Disk Write Latency Alert | Deploy_Hybrid_VM_dataDiskWriteLatency_Alert | ALZ_HybridVMDataDiskWriteLatency | Deploy-Hybrid-VM-DataDiskWriteLatency-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Hybrid VM Disconnected Alert | Deploy_Hybrid_VM_Disconnected_Alert | ALZ_HybridVMDisconnected | Deploy-Hybrid-VM-Disconnected-Alert.json | deployIfNotExists |
This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern this will be assigned to the Landing Zones management group in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Requests Alert | Deploy_KeyVault_Requests_Alert | ALZ_KVRequest | Deploy-KV-Requests-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Availability Alert | Deploy_KeyVault_Availability_Alert | ALZ_KvAvailability | Deploy-KV-Availability-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Latency Alert | Deploy_KeyVault_Latency_Alert | ALZ_KvLatencyAvailability | Deploy-KV-Latency-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Capacity Alert | Deploy_KeyVault_Capacity_Alert | ALZ_KVCapacity | Deploy-KV-Capacity-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Key Vault Delete Alert | Deploy_activitylog_KeyVault_Delete | ALZ_activityKVDelete | Deploy-ActivityLog-KeyVault-Del.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Managed HSMs Availability Alert | Deploy_ManagedHSMs_Availability_Alert | ALZ_ManagedHSMsAvailability | Deploy-HSMs-Availability-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Managed HSMs Latency Alert | Deploy_ManagedHSMs_Latency_Alert | ALZ_ManagedHSMsLatencyAvailability | Deploy-HSMs-Latency-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Managed HSMs Delete Alert | Deploy_ActivityLog_ManagedHSMs_Delete | ALZ_activityManagedHSMsDelete | Deploy-ActivityLog-HSMs-Del.json | deployIfNotExists |
This initiative deploys Azure Monitor Baseline Alerts to monitor Load Balancing Services such as Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern this will be assigned to the Landing Zones management group in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP Bytes in DDoS Attack Alert | Deploy_PublicIp_BytesInDDoSAttack_Alert | ALZ_PIPBytesInDDoS | Deploy-PIP-BytesInDDOSAttack-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP DDoS Attack Alert | Deploy_PublicIp_DDoSAttack_Alert | ALZ_PIPDDoSAttack | Deploy-PIP-DDOSAttack-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP Packets in DDoS Attack Alert | Deploy_PublicIp_PacketsInDDoSAttack_Alert | ALZ_PIPPacketsInDDoS | Deploy-PIP-PacketsInDDOS-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP VIP Availability Alert | Deploy_PublicIp_VIPAvailability_Alert | ALZ_PIPVIPAvailability | Deploy-PIP-VIPAvailability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNet DDoS Attack Alert | Deploy_VNET_DDoSAttack_Alert | ALZ_VNETDDOSAttack | Deploy-VNET-DDOSAttack-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW ApplicationGatewayTotalTime Alert | Deploy_AG_ApplicationGatewayTotalTime_Alert | ALZ_AGWTotalTime | Deploy-AGW-ApplicationGatewayTotalTime-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW BackendLastByteResponseTime Alert | Deploy_AG_BackendLastByteResponseTime_Alert | ALZ_AGWBackendLastByteResponseTime | Deploy-AGW-BackendLastByteResponseTime-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW Capacity Units Alert | Deploy_AG_CapacityUnits_Alert | ALZ_AGWCapacityUnits | Deploy-AGW-CapacityUnits-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW Compute Units Alert | Deploy_AG_ComputeUnits_Alert | ALZ_AGWComputeUnits | Deploy-AGW-ComputeUnits-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW CPU Utilization Alert | Deploy_AG_CPUUtilization_Alert | ALZ_AGWCPUUtilization | Deploy-AGW-CPUUtil-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW FailedRequests Alert | Deploy_AG_FailedRequests_Alert | ALZ_AGWFailedRequests | Deploy-AGW-FailedRequests-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW ResponseStatus Alert | Deploy_AG_ResponseStatus_Alert | ALZ_AGWResponseStatus | Deploy-AGW-ResponseStatus-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW Unhealthy Host Count Alert | Deploy_AG_UnhealthyHostCount_Alert | ALZ_AGWUnhealthyHostCount | Deploy-AGW-UnhealthyHostCount-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Data Path Availability Alert | Deploy_ALB_DataPathAvailability_Alert | ALZ_LBDataPathAvailability | Deploy-LB-DatapathAvailability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Global Backend Availability Alert | Deploy_ALB_GlobalBackendAvailability_Alert | ALZ_LBGlobalBackendAvailability | Deploy-LB-GlobalBackendAvailability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Health Probe Status Alert | Deploy_ALB_HealthProbeStatus_Alert | ALZ_LBHealthProbeStatus | Deploy-LB-HealthProbeStatus-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Used SNAT Ports Alert | Deploy_ALB_UsedSNATPorts_Alert | ALZ_LBUsedSNATPorts | Deploy-LB-UsedSNATPorts-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - FrontDoor CDN Profile Origin Health Percentage Alert | Deploy_FrontDoorCDN_OriginHealthPercentage_Alert | ALZ_CDNPOriginHealthPercentage | Deploy-CDNP-OriginHealthPercentage-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - FrontDoor CDN Profile Origin Latency Alert | Deploy_FrontDoorCDN_OriginLatency_Alert | ALZ_CDNPOriginLatency | Deploy-CDNP-OriginLatency-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - FrontDoor CDN Profile Percentage4XX Alert | Deploy_FrontDoorCDN_Percentage4XX_Alert | ALZ_CDNPPercentage4XX | Deploy-CDNP-Percentage4XX-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - FrontDoor CDN Profile Percentage5XX Alert | Deploy_FrontDoorCDN_Percentage5XX_Alert | ALZ_CDNPPercentage5XX | Deploy-CDNP-Percentage5XX-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Traffic Manager Endpoint Health Alert | Deploy_TM_EndpointHealth_Alert | ALZ_TMEndpointHealth | Deploy-TM-EndpointHealth-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Frontdoor Backend Health Percentage Alert | Deploy_FD_BackendHealth_Alert | ALZ_FDBackendHealth | Deploy-FD-BackendHealth-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Frontdoor Backend Request Latency Alert | Deploy_FD_BackendRequestLatency_Alert | ALZ_FDBackendRequestLatency | Deploy-FD-BackendRequestLatency-Alert.json | disabled |
This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern this will be assigned to the Landing Zones management group in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log NSG Delete Alert | Deploy_activitylog_NSG_Delete | ALZ_activityNSGDelete | Deploy-ActivityLog-NSG-Del.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Routes Delete Alert | Deploy_activitylog_RouteTable_Routes_Delete | ALZ_activityUDRRoutesDelete | Deploy-ActivityLog-RouteTable-Routes-Delete.json | deployIfNotExists |
| [Preview]: Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Route Table Delete Alert | Deploy_activitylog_RouteTable_Delete | ALZ_activityUDRDelete | Deploy-ActivityLog-RouteTable-Delete.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Route Table Update Alert | Deploy_activitylog_RouteTable_Update | ALZ_activityUDRUpdate | Deploy-ActivityLog-RouteTable-Update.json | deployIfNotExists |
This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern this will be assigned to the Landing Zones management group in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - RV Backup Health Monitoring Alerts | Deploy_RecoveryVault_BackupHealthMonitor_Alert | ALZ_RVBackupHealthMonitor | Modify-RSV-BackupHealth-Alert.json | modify |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - RV ASR Health Monitoring Alerts | Deploy_RecoveryVault_ASRHealthMonitor_Alert | ALZ_RVASRHealthMonitor | Modify-RSV-ASRHealth-Alert.json | modify |
This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern this will be assigned to the Landing Zones management group in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - SA Availability Alert | Deploy_StorageAccount_Availability_Alert | ALZ_StorageAccountAvailability | Deploy-SA-Availability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Storage Account Delete Alert | Deploy_activitylog_StorageAccount_Delete | ALZ_activitySADelete | Deploy-ActivityLog-SA-Delete-Alert.json | deployIfNotExists |
This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services. It is intended for relevant policy assignment to a landing zone in the ALZ structure. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern this will be assigned to the Landing Zones management group in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - App Service Plan CPU Percentage Alert | Deploy_WSF_CPUPercentage_Alert | ALZ_WSFCPUPercentage | Deploy-WSF-CPUPercentage-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - App Service Plan Memory Percentage Alert | Deploy_WSF_MemoryPercentage_Alert | ALZ_WSFMemoryPercentage | Deploy-WSF-MemoryPercentage-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - App Service Plan Disk Queue Length Alert | Deploy_WSF_DiskQueueLength_Alert | ALZ_WSFDiskQueueLength | Deploy-WSF-DiskQueueLength-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - App Service Plan Http Queue Length Alert | Deploy_WSF_HttpQueueLength_Alert | ALZ_WSFHttpQueueLength | Deploy-WSF-HttpQueueLength-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Application Insights Throttling Limit Reached Alert | Deploy_AppInsightsThrottlingLimit_Alert | ALZ_AppInsightsThrottlingLimitReached_Alert | Deploy-AppInsightsThrottlingLimit-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Application Insights Delete Alert | Deploy_ActivityLog_AppInsights_Delete | ALZ_activityAppInsightsDelete | Deploy-ActivityLog-AppInsights-Del.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log LA Workspace Delete Alert | Deploy_activitylog_LAWorkspace_Delete | ALZ_activityLAWDelete | Deploy-ActivityLog-LAWorkspace-Del.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log LA Workspace Regenerate Key Alert | Deploy_activitylog_LAWorkspace_KeyRegen | ALZ_activityLAWKeyRegen | Deploy-ActivityLog-LAWorkspace-KeyRegen.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - LA Workspace Daily Cap Limit Reached Alert | Deploy_LAWorkspace_DailyCapLimitReached_Alert | ALZ_LAWorkspaceDailyCapLimitReached | Deploy-LAWorkspace-DailyCapLimitReached-Alert.json | deployIfNotExists |
This initiative has been DEPRECATED and the content is still included in the documentation for reference purpose only.
This initiative is intended for relevant policy assignment to a landing zone in the ALZ structure. Using the guidance provided in Introduction to deploying the AMBA-ALZ Pattern this will be assigned to the Landing Zones management group in the ALZ reference architecture. For details on the initiative policies and their default enablement state, refer to the table below.
| Policy Display Name | Policy Internal Name | Policy Reference ID | Policy code (JSON) | Default policy effect |
|---|---|---|---|---|
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Requests Alert | Deploy_KeyVault_Requests_Alert | ALZ_KVRequest | Deploy-KV-Requests-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Availability Alert | Deploy_KeyVault_Availability_Alert | ALZ_KvAvailability | Deploy-KV-Availability-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Latency Alert | Deploy_KeyVault_Latency_Alert | ALZ_KvLatencyAvailability | Deploy-KV-Latency-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Key Vault Capacity Alert | Deploy_KeyVault_Capacity_Alert | ALZ_KVCapacity | Deploy-KV-Capacity-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Key Vault Delete Alert | Deploy_activitylog_KeyVault_Delete | ALZ_activityKVDelete | Deploy-ActivityLog-KeyVault-Del.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - SA Availability Alert | Deploy_StorageAccount_Availability_Alert | ALZ_StorageAccountAvailability | Deploy-SA-Availability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Storage Account Delete Alert | Deploy_activitylog_StorageAccount_Delete | ALZ_activitySADelete | Deploy-ActivityLog-SA-Delete-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP Bytes in DDoS Attack Alert | Deploy_PublicIp_BytesInDDoSAttack_Alert | ALZ_PIPBytesInDDoS | Deploy-PIP-BytesInDDOSAttack-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP DDoS Attack Alert | Deploy_PublicIp_DDoSAttack_Alert | ALZ_PIPDDoSAttack | Deploy-PIP-DDOSAttack-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP Packets in DDoS Attack Alert | Deploy_PublicIp_PacketsInDDoSAttack_Alert | ALZ_PIPPacketsInDDoS | Deploy-PIP-PacketsInDDOS-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - PIP VIP Availability Alert | Deploy_PublicIp_VIPAvailability_Alert | ALZ_PIPVIPAvailability | Deploy-PIP-VIPAvailability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log NSG Delete Alert | Deploy_activitylog_NSG_Delete | ALZ_activityNSGDelete | Deploy-ActivityLog-NSG-Del.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Activity Log Route Table Update Alert | Deploy_activitylog_RouteTable_Update | ALZ_activityUDRUpdate | Deploy-ActivityLog-RouteTable-Update.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - RV Backup Health Monitoring Alerts | Deploy_RecoveryVault_BackupHealthMonitor_Alert | ALZ_RVBackupHealthMonitor | Modify-RSV-BackupHealth-Alert.json | modify |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - VNet DDoS Attack Alert | Deploy_VNET_DDoSAttack_Alert | ALZ_VNETDDOSAttack | Deploy-VNET-DDOSAttack-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM HeartBeat Alert | Deploy_VM_HeartBeat_Alert | ALZ_VMHeartBeatRG | Deploy-VM-HeartBeat-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Network Read Alert | Deploy_VM_NetworkIn_Alert | ALZ_VMNetworkIn | Deploy-VM-NetworkIn-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Network Write Alert | Deploy_VM_NetworkOut_Alert | ALZ_VMNetworkOut | Deploy-VM-NetworkOut-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM OS Disk Read Latency Alert | Deploy_VM_OSDiskreadLatency_Alert | ALZ_VMOSDiskReadLatency | Deploy-VM-OSDiskReadLatency-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM OS Disk Write Latency Alert | Deploy_VM_OSDiskwriteLatency_Alert | ALZ_VMOSDiskWriteLatency | Deploy-VM-OSDiskWriteLatency-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM OS Disk Space Alert | Deploy_VM_OSDiskSpace_Alert | ALZ_VMOSDiskSpace | Deploy-VM-OSDiskSpace-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM CPU Alert | Deploy_VM_CPU_Alert | ALZ_VMPercentCPU | Deploy-VM-PercentCPU-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Memory Alert | Deploy_VM_Memory_Alert | ALZ_VMPercentMemory | Deploy-VM-PercentMemory-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Data Disk Space Alert | Deploy_VM_dataDiskSpace_Alert | ALZ_VMDataDiskSpace | Deploy-VM-DataDiskSpace-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Data Disk Read Latency Alert | Deploy_VM_dataDiskReadLatency_Alert | ALZ_VMDataDiskReadLatency | Deploy-VM-DataDiskReadLatency-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Azure VM Data Disk Write Latency Alert | Deploy_VM_dataDiskWriteLatency_Alert | ALZ_VMDataDiskWriteLatency | Deploy-VM-DataDiskWriteLatency-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW ApplicationGatewayTotalTime Alert | Deploy_AG_ApplicationGatewayTotalTime_Alert | ALZ_AGWTotalTime | Deploy-AGW-ApplicationGatewayTotalTime-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW BackendLastByteResponseTime Alert | Deploy_AG_BackendLastByteResponseTime_Alert | ALZ_AGWBackendLastByteResponseTime | Deploy-AGW-BackendLastByteResponseTime-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW Capacity Units Alert | Deploy_AG_CapacityUnits_Alert | ALZ_AGWCapacityUnits | Deploy-AGW-CapacityUnits-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW Compute Units Alert | Deploy_AG_ComputeUnits_Alert | ALZ_AGWComputeUnits | Deploy-AGW-ComputeUnits-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW CPU Utilization Alert | Deploy_AG_CPUUtilization_Alert | ALZ_AGWCPUUtilization | Deploy-AGW-CPUUtil-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW FailedRequests Alert | Deploy_AG_FailedRequests_Alert | ALZ_AGWFailedRequests | Deploy-AGW-FailedRequests-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW ResponseStatus Alert | Deploy_AG_ResponseStatus_Alert | ALZ_AGWResponseStatus | Deploy-AGW-ResponseStatus-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - AGW Unhealthy Host Count Alert | Deploy_AG_UnhealthyHostCount_Alert | ALZ_AGWUnhealthyHostCount | Deploy-AGW-UnhealthyHostCount-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Data Path Availability Alert | Deploy_ALB_DataPathAvailability_Alert | ALZ_LBDataPathAvailability | Deploy-LB-DatapathAvailability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Global Backend Availability Alert | Deploy_ALB_GlobalBackendAvailability_Alert | ALZ_LBGlobalBackendAvailability | Deploy-LB-GlobalBackendAvailability-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Health Probe Status Alert | Deploy_ALB_HealthProbeStatus_Alert | ALZ_LBHealthProbeStatus | Deploy-LB-HealthProbeStatus-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - ALB Used SNAT Ports Alert | Deploy_ALB_UsedSNATPorts_Alert | ALZ_LBUsedSNATPorts | Deploy-LB-UsedSNATPorts-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - FrontDoor CDN Profile Origin Health Percentage Alert | Deploy_FrontDoorCDN_OriginHealthPercentage_Alert | ALZ_CDNPOriginHealthPercentage | Deploy-CDNP-OriginHealthPercentage-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - FrontDoor CDN Profile Origin Latency Alert | Deploy_FrontDoorCDN_OriginLatency_Alert | ALZ_CDNPOriginLatency | Deploy-CDNP-OriginLatency-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - FrontDoor CDN Profile Percentage4XX Alert | Deploy_FrontDoorCDN_Percentage4XX_Alert | ALZ_CDNPPercentage4XX | Deploy-CDNP-Percentage4XX-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - FrontDoor CDN Profile Percentage5XX Alert | Deploy_FrontDoorCDN_Percentage5XX_Alert | ALZ_CDNPPercentage5XX | Deploy-CDNP-Percentage5XX-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Traffic Manager Endpoint Health Alert | Deploy_TM_EndpointHealth_Alert | ALZ_TMEndpointHealth | Deploy-TM-EndpointHealth-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - App Service Plan CPU Percentage Alert | Deploy_WSF_CPUPercentage_Alert | ALZ_WSFCPUPercentage | Deploy-WSF-CPUPercentage-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - App Service Plan Memory Percentage Alert | Deploy_WSF_MemoryPercentage_Alert | ALZ_WSFMemoryPercentage | Deploy-WSF-MemoryPercentage-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - App Service Plan Disk Queue Length Alert | Deploy_WSF_DiskQueueLength_Alert | ALZ_WSFDiskQueueLength | Deploy-WSF-DiskQueueLength-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - App Service Plan Http Queue Length Alert | Deploy_WSF_HttpQueueLength_Alert | ALZ_WSFHttpQueueLength | Deploy-WSF-HttpQueueLength-Alert.json | deployIfNotExists |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Frontdoor Backend Health Percentage Alert | Deploy_FD_BackendHealth_Alert | ALZ_FDBackendHealth | Deploy-FD-BackendHealth-Alert.json | disabled |
| Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) - Frontdoor Backend Request Latency Alert | Deploy_FD_BackendRequestLatency_Alert | ALZ_FDBackendRequestLatency | Deploy-FD-BackendRequestLatency-Alert.json | disabled |