Azure Monitor Baseline Alerts
Download AlertsGlossaryGitHubGitHub IssuesToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

Policy Initiatives

Overview

This document details the ALZ-Monitor Azure policy initiatives leveraged for deploying the ALZ-Monitor baselines. For references on individual alerts/policies, refer to Alert Details.

Connectivity initiative

This initiative is intended for assignment of policies relevant to networking components in ALZ. With the guidance provided in Introduction to deploying the ALZ Pattern, this will assign to the alz-platform-connectivity management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, refer to the below table.

Policy NamePath to policy json filePolicy default effect
Deploy_ERCIR_QosDropBitsInPerSecond_Alertdeploy-ercir_qosdropsbitsin_alert.jsondeployIfNotExists
Deploy_ERCIR_QosDropBitsOutPerSecond_Alertdeploy-ercir_qosdropsbitsout_alert.jsondeployIfNotExists
Deploy_VPNGw_BGPPeerStatus_Alertdeploy-vpng_bgppeerstatus_alert.jsondeployIfNotExists
Deploy_VnetGw_ExpressRouteCpuUtil_Alertdeploy-vnetg_expressroutecpuutilization_alert.jsondeployIfNotExists
Deploy_VnetGw_TunnelBandwidth_Alertdeploy-vnetg_bandwidthutilization_alert.jsondeployIfNotExists
Deploy_VnetGw_TunnelEgress_Alertdeploy-vnetg_egress_alert.jsondisabled
Deploy_VnetGw_TunnelIngress_Alertdeploy-vnetg_ingress_alert.jsondisabled
Deploy_VPNGw_BandwidthUtil_Alertdeploy-vpng_bandwidthutilization_alert.jsondeployIfNotExists
Deploy_VPNGw_Egress_Alertdeploy-vpng_egress_alert.jsondisabled
Deploy_VPNGw_TunnelEgressPacketDropCount_Alertdeploy-vpng_egresspacketdropcount_alert.jsondeployIfNotExists
Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alertdeploy-vpng_egresspacketdropmismatch_alert.jsondeployIfNotExists
Deploy_VPNGw_Ingress_Alertdeploy-vpng_ingress_alert.jsondisabled
Deploy_VPNGw_TunnelIngressPacketDropCount_Alertdeploy-vpng_ingresspacketdropcount_alert.jsondeployIfNotExists
Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alertdeploy-vpng_ingresspacketdropmismatch_alert.jsondeployIfNotExists
Deploy_PDNSZ_CapacityUtil_Alertdeploy-pdnsz_capacityutilization_alert.jsondeployIfNotExists
Deploy_PDNSZ_QueryVolume_Alertdeploy-pdnsz_queryvolume_alert.jsondisabled
Deploy_PDNSZ_RecordSetCapacity_Alertdeploy-pdnsz_recordsetcapacity_alert.jsondeployIfNotExists
Deploy_DNSZ_RegistrationCapacityUtil_Alertdeploy-pdnsz_registrationcapacityutilization_alert.jsondeployIfNotExists
Deploy_ERGw_ExpressRouteBitsIn_Alertdeploy-erg_bitsinpersecond_alert.jsondisabled
Deploy_ERGw_ExpressRouteBitsOut_Alertdeploy-erg_bitsoutpersecond_alert.jsondisabled
Deploy_ERGw_ExpressRouteCpuUtil_Alertdeploy-erg_expressroutecpuutilization_alert.jsondeployIfNotExists
Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alertdeploy-vnetg_egresspacketdropmismatch_alert.jsondeployIfNotExists
Deploy_VnetGw_ExpressRouteBitsPerSecond_Alertdeploy-vnetg_expressroutebitspersecond_alert.jsondeployIfNotExists
Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alertdeploy-vnetg_ingresspacketdropmismatch_alert.jsondeployIfNotExists
Deploy_VnetGw_TunnelIngressPacketDropCount_Alertdeploy-vnetg_ingresspacketdropcount_alert.jsondeployIfNotExists
Deploy_ERCIR_BgpAvailability_Alertdeploy-ercir_bgpavailability_alert.jsondeployIfNotExists
Deploy_ERCIR_ArpAvailability_Alertdeploy-ercir_arpavailability_alert.jsondeployIfNotExists
Deploy_AFW_SNATPortUtilization_Alertdeploy-afw_snatportutilization_alert.jsondeployIfNotExists
Deploy_AFW_FirewallHealth_Alertdeploy-afw_firewallhealth_alertdeployIfNotExists
Deploy_PublicIp_BytesInDDoSAttack_Alertdeploy-pip_bytesinddosattack_alert.jsondisabled
Deploy_PublicIp_DDoSAttack_Alertdeploy-pip_ddosattack_alert.jsondeployIfNotExists
Deploy_PublicIp_PacketsInDDoSAttack_Alertdeploy-pip_packetsinddos_alert.jsondisabled
Deploy_PublicIp_VIPAvailability_Alertdeploy-pip_vipavailability_alert.jsondeployIfNotExists
Deploy_VNET_DDoSAttack_Alertdeploy-vnet_ddosattack_alert.jsondeployIfNotExists
Deploy_activitylog_Firewall_Deletedeploy-activitylog-AzureFirewall-Del.jsondeployIfNotExists
Deploy_activitylog_RouteTable_Updatedeploy-activitylog-RouteTable-Update.jsondeployIfNotExists
Deploy_activitylog_NSG_Deletedeploy-activitylog-NSG-Del.jsondeployIfNotExists
Deploy_activitylog_VPNGateway_Deletedeploy-activitylog-VPNGate-Del.jsondeployIfNotExists

Management initiative

This initiative is intended for assignment of policies relevant to management components in ALZ. With the guidance provided in Introduction to deploying the ALZ Pattern, this will assign to the alz-platform-management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, refer to the below table.

Policy NamePath to policy json filePolicy default effect
Deploy_AA_TotalJob_Alertdeploy-aa_totaljob_alert.jsondeployIfNotExists
Deploy_RecoveryVault_BackupHealth_Alertdeploy-rv_backuphealth_alert.jsonmodify
Deploy_StorageAccount_Availability_Alertdeploy-sa_availability_alert.jsondeployIfNotExists
Deploy_activitylog_StorageAccount_DeleteDeploy_activitylog_StorageAccount_Delete.jsondeployIfNotExists
Deploy_activitylog_LAWorkspace_Deletedeploy-activitylog-LAWorkspace-Del.jsondeployIfNotExists
Deploy_activitylog_LAWorkspace_KeyRegendeploy-activitylog-LAWorkspace-ReGen.jsondeployIfNotExists

Identity initiative

This initiative is intended for assignment of policies relevant to identity components in ALZ. With the guidance provided in Introduction to deploying the ALZ Pattern, this will assign to the alz-platform-identity management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, refer to the below table.

Policy NamePath to policy json filePolicy default effect
Deploy_KeyVault_Requests_Alertdeploy-kv_requests_alert.jsondisabled
Deploy_activitylog_StorageAccount_DeleteDeploy_activitylog_StorageAccount_Delete.jsondeployIfNotExists
Deploy_KeyVault_Availability_Alertdeploy-kv_availability_alert.jsondisabled
Deploy_KeyVault_Latency_Alertdeploy-kv_latency_alert.jsondisabled
Deploy_KeyVault_Capacity_Alertdeploy-kv_capacity_alert.jsondisabled
Deploy_activitylog_KeyVault_Deletedeploy-activitylog-KeyVault-Del.jsondeployIfNotExists

Landing Zone initiative

This initiative is intended for assignment of policies relevant to a landing zone in the ALZ structure. With the guidance provided in Introduction to deploying the ALZ Pattern this will be assigned to the Landing Zones management group in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, refer to the below table.

Policy NamePath to policy json filePolicy default effect
Deploy_StorageAccount_Availability_Alertdeploy-sa_availability_alert.jsondeployIfNotExists
Deploy_KeyVault_Requests_Alertdeploy-kv_requests_alert.jsondisabled
Deploy_KeyVault_Availability_Alertdeploy-kv_availability_alert.jsondeployIfNotExists-
Deploy_KeyVault_Latency_Alertdeploy-kv_latency_alert.jsondeployIfNotExists
Deploy_KeyVault_Capacity_Alertdeploy-kv_capacity_alert.jsondeployIfNotExists
Deploy_activitylog_KeyVault_Deletedeploy-activitylog-KeyVault-Del.jsondeployIfNotExists
Deploy_activitylog_RouteTable_Updatedeploy-activitylog-RouteTable-Update.jsondeployIfNotExists
Deploy_activitylog_NSG_Deletedeploy-activitylog-NSG-Del.jsondeployIfNotExists
Deploy_PublicIp_BytesInDDoSAttack_Alertdeploy-pip_bytesinddosattack_alert.jsondisabled
Deploy_PublicIp_DDoSAttack_Alertdeploy-pip_ddosattack_alert.jsondeployIfNotExists
Deploy_PublicIp_PacketsInDDoSAttack_Alertdeploy-pip_packetsinddos_alert.jsondisabled
Deploy_PublicIp_VIPAvailability_Alertdeploy-pip_vipavailability_alert.jsondeployIfNotExists
Deploy_VNET_DDoSAttack_Alertdeploy-vnet_ddosattack_alert.jsondeployIfNotExists
Deploy_RecoveryVault_BackupHealthMonitor_Alertdeploy-rv_backuphealth_monitor.jsonmodify
Deploy_VM_HeartBeat_Alertdeploy-vm-HeartBeat_alert.jsondeployIfNotExists
Deploy_VM_NetworkIn_Alertdeploy-vm-NetworkIn_alert.jsondeployIfNotExists
Deploy_VM_NetworkOut_Alertdeploy-vm-NetworkOut_alert.jsondeployIfNotExists
Deploy_VM_OSDiskreadLatency_Alertdeploy-vm-OSDiskreadLatency_alert.jsondeployIfNotExists
Deploy_VM_OSDiskwriteLatency_Alertdeploy-vm-OSDiskwriteLatency_alert.jsondeployIfNotExists
Deploy_VM_OSDiskSpace_Alertdeploy-vm-OSDiskSpace_alert.jsondeployIfNotExists
Deploy_VM_CPU_Alertdeploy-vm-PercentCPU_alert.jsondeployIfNotExists
Deploy_VM_Memory_Alertdeploy-vm-PercentMemory_alert.jsondeployIfNotExists
Deploy_VM_dataDiskSpace_Alertdeploy-vm-dataDiskSpace_alert.jsondeployIfNotExists
Deploy_VM_dataDiskReadLatency_Alertdeploy-vm-dataDiskreadLatency_alert.jsondeployIfNotExists
Deploy_VM_dataDiskWriteLatency_Alertdeploy-vm-dataDiskwriteLatency_alert.jsondeployIfNotExists

Service Health initiative

This initiative is intended for assignment of policies relevant to service health alerts in ALZ. With the guidance provided in Introduction to deploying the ALZ Pattern, this will assign to the alz intermediate root management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, refer to the below table.

Policy NamePath to policy json filePolicy default effect
Deploy_activitylog_ServiceHealth_SecurityAdvisorydeploy-activitylog-ServiceHealth-Security.jsondeployIfNotExists
Deploy_activitylog_ResourceHealth_Unhealthy_Alertdeploy-activitylog-ResourceHealth-UnHealthly-alert.jsondeployIfNotExists
Deploy_activitylog_ServiceHealth_HealthAdvisorydeploy-activitylog-ServiceHealth-Health.jsondeployIfNotExists
Deploy_activitylog_ServiceHealth_Incidentdeploy-activitylog-ServiceHealth-Incident.jsondeployIfNotExists
Deploy_activitylog_ServiceHealth_Maintenancedeploy-activitylog-ServiceHealth-Maintenance.jsondeployIfNotExists
Deploy_AlertProcessing_Ruledeploy-alertprocessingrule-deploy.jsondeployIfNotExists