Azure Monitor Baseline Alerts
Download AlertsGlossaryGitHubGitHub IssuesToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

What´s new

For information on what’s new please refer to the Releases page.

To update your current deployment with the content from the latest release, please refer to the Update to new releases page.

2024-11-01

New features

  • Added a new policy definition to audit/update Recovery Vault ASR Health Alerting to Azure monitor alerts.
  • Script consolidation: Remove-AMBADeployments.ps1, Remove-AMBANotificationAssets.ps1, Start-AMBACleanup.ps1, Start-AMBAOldArpCleanup.ps1 and Start-AMBAPolicyInitiativesAndAssignmentsCleanup.ps1 scripts have been consolidated into a single new one called Start-AMBA-ALZ-Maintenance.ps1 [#352: Consolidate maintenance scripts]. With this enhancement, it is now possible to remove alerts for resources which have been deletedf (orphaned alerts).

Bug fixes

  • Fixed [#323]: Ensure -WhatIf parameter is honored by all scripts commands and fix hybrid disconnected alert bug
  • Fixed [#342]: Github issue link and Management Subscription Id fix
  • Fixed [#346]: Update useCommonSchema to useCommonAlertSchema in Deploy_ServiceHealth_ActionGroups and Deploy_Suppression_AlertProcessing_Rule Policy Definitions
  • Fixed [#357]: Resolve the ExpressRoute QoS remediation issue
  • Fixed [#362]: Standardization on param usage for failingPeriods and evaluationPeriods
  • Fixed [#381]: Bugged Connectivity policy initiative + override tag name case consistency + tag override documentation update

Documentation updates

Tools

  • Automation:
    • Removed the previous workflow that automates the process of creating ARM templates for Azure Policies/ PolicySets because of a security issue.
    • New workflow to ensure policy updates and to verify the Bicep build has been run by the contributor.

2024-09-02

New features

  • AMBA Portal Accelerator: We are thrilled to introduce the Azure Monitor Baseline Alerts Accelerator, now available in preview! The new deployment method is accessible directly through the Azure Portal UI, providing a user-friendly interface that guides you through the setup process. This means you can deploy alerts faster and with greater confidence. It simplifies the process of setting up baseline alerts, ensuring that you are promptly notified of critical metrics and log anomalies that could indicate potential issues with your Azure deployments. To begin using the AMBA Portal Accelerator click the Deploy to Azure button below. Please refer to the detailed deployment instructions for further guidance. **Deploy via the Azure Portal (Preview)
  • Modular approach to Initiatives: Recognizing the limitations of a monolithic approach, we have deprecated the former Landing Zone Initiative. The initiative was becoming too large and impractical. Instead, We have adopted a modular approach by splitting the initiative into the following distinct components. For more details please visit: Policy Initiatives
    • Key Management
    • Load Balancing
    • Network Changes
    • Recovery Services
    • Storage
    • VM
    • Web
  • Threshold Override: Some resources need thresholds different from the baseline set in the Policy Definition. The Alert Threshold Override feature lets both Greenfield and Brownfield customers adjust these thresholds for specific resources, before or after deployment. By using a tag with a specific name and value, you can override the default alert threshold. This custom threshold applies only to the tagged resources, replacing the global parameter value. This feature is available only for metrics and log alerts. Learn more: Alert Threshold Override
  • Custom tags and values to disable monitoring: The updated feature lets you specify both a tag name and a list of values. For example, if you have an “Environment” tag with values like “Production,” “Development,” or “Sandbox,” you can deploy alerts only for “Production” resources by disabling monitoring for those tagged as “Development” and “Sandbox.”
  • Added new alert rule for Azure Key Vault Managed HSM. This has been included in both the Identity and Key Mananagement initiatives.
  • Added new Daily Cap threshold alert on a Log Analytics workspace. This alert has been added to the Management initiative.
  • Added new Application Insight Throttling alert. Included in the Web initiative.
  • Added new ActivityLog Alert for deleting Application Insight. Added to the Web initiative.
  • Added the ability to change the Application Gateway dynamic alert sensitivity
  • Deprecated the Landing Zone Initiative

Bug fixes

  • Fixed [#280]: AGW Compute Units Alert and AGW Unhealthy Host Count Alert remain non-compliant after successful remediation
  • Fixed [#278]: Deploy VNetG ExpressRoute CPU Utilization Alert remediation fails
  • Fixed [#284]: AMBA policy ALZ_ServiceHealth_ActionGroups Missing when remediating AMBA policies
  • Fixed [#253]: Deploying AMBA, older version used in documentation
  • Fixed [#261]: displayname VMLowOSDisk(Write/Read)LatencyAlert should be VMHighOSDisk(Write/Read)LatencyAlert
  • Fixed [#260]: No treshold parameter for ALZ alerts ALZ_WSFMemoryPercentage, ALZ_WSFCPUPercentage.
  • Fixed casing in metadata.
  • Fixed casing in policies.
  • Fixed default values for multiple parameters used in the VM and Hybrid initiatives.

Documentation updates

  • Added new policies for ExpressRoute Ports to Connectivity table. Policy Initiatives
  • Documentation update about unsupported/unrecommended Tenant Root Group deployment. FAQ
  • New guidance for bringing you own Managed Identity. Bring Your Own User Assigned Managed Identity
  • Update the Policy Initiatives documentation to include the Policy Reference ID and update the Policy Name column to use the display name of all the policies. Policy Initiatives

Tools

  • Automation: New workflow that automates the process of creating ARM templates for Azure Policies/ PolicySets. The workflow is triggered by a pull request event and uses a bicep build to generate the templates.

2024-06-05

New features

  • Added new PIDs for different additional deployment methods. Refer to Telemetry for more information.
  • Added new initiative to monitor Azure Arc-enabled Virtual Machines. Alerting-HybridVM

Bug fixes

  • Changes the value of field minFailingPeriodsToAlert and numberOfEvaluationPeriods in the existenceCondition for the above alerts from 2 to 4 to fix the compliance evaluation issue.
  • Changes the value of timeAggregation to Average for both Deploy AGW BackendLastByteResponseTime and Deploy AGW ApplicationGatewayTotalTime policy definitions. Issue #194
  • Fixing case sensitive parameters Issue #185

Documentation updates

  • Updated the Deploy only Service Health Alert documentation. Addresses issues with using json-strings in cloud shell.

2024-04-12

New features

  • Updated Existence Condition to detect and remediate configuration drift. The following parameters were added to the Existence Condition of the policies:
    • Static alerts: EvaluationFrequency, WindowSize, Threshold, Severity, Operator, autoMitigate
    • Dynamic alerts: alertSensitivity, numberOfEvaluationPeriods, minFailingPeriodsToAlert
  • Added a suppression Alert Processing Rule, deployed as part of the notification Assets policy. Refer to Temporarily disabling notifications for more details.
  • Supplying an email address for the Action Group is no longer mandatory.
  • Bring your own Action Group and/or Alert Processing Rules. This feature will allow brownfield customers to use existing Action Groups and Alert Processing Rules. Please refer to Bring Your Own Notifications (BYON) for more details.

Bug fixes

  • Fixed operator for SNATPortUtilization for Azure Firewall
  • Corrected the name for the Deploy Activity Log Storage Account Delete Policy

Documentation updates

  • Updated deployment documentation to use the latest approved release.
  • Updated the Deploy only Service Health Alert documentation.
  • Updated the AMBA-ALZ Diagrams to include the new notification assets initiative and Action group options. AMBA-Diagram

2024-03-01

New features

  • The action group has been enhanced to allow more choices for notifications and actions
    • Email Azure Resource Manager Role
    • Azure Function
    • Event Hubs
    • Logic App
    • Webhook
  • The service health initiative no longer includes the deployment of the Alert Processing Rule policy. Service Health now has its own Action Group.
  • Added the Notification Assets initiative, which deploys the Alert Processing Rule and the Action Group used by the Connectivity, Identity, Management and Landing zone initiatives.
  • New policy for Policy for Storage Account Deletion. Issue #76
  • Updating the remediation script to allow for a better experience while remediating the new action group for Service Health

Bug fixes

  • Fixed: unable to deploy via pipeline using ubuntu-latest. Issue #64
  • Fixed the PIP VIP alert existence condition to only check for standard SKU. Issue #80

Documentation updates

2023-11-14

New features

  • The Service Health Policy Set Definition now includes parameters to set the Policy Effect. With this you can choose which Server Health alert rules are deployed. Note that the default value for the parameters is “deployIfNotExists”. The parameter file has been updated.
  • Added alert rules in the Landing Zone Policy Set Definition.
    • Front door (Microsoft.Cdn/profiles)
    • Front door classic (Microsoft.Network/frontdoors)
    • Traffic Manager (Microsoft.Network/trafficmanagerprofiles)
    • App Service (Microsoft.Web/serverfarms)

Bug fixes

  • Update path in sample-workflow Issue #30
  • Update sample commands in Start-AMBARemediation.ps1 Pull #49
  • Fixes to Role Assignment cleanup, cleanup script Issue #42
  • Fixed VSCode template validation error Issue #43

Documentation updates