What´s new
For information on what’s new please refer to the Releases page.
To update your current deployment with the content from the latest release, please refer to the Update to new releases page.
- AMBA Portal Accelerator: We are thrilled to introduce the Azure Monitor Baseline Alerts Accelerator, now available in preview! The new deployment method is accessible directly through the Azure Portal UI, providing a user-friendly interface that guides you through the setup process. This means you can deploy alerts faster and with greater confidence. It simplifies the process of setting up baseline alerts, ensuring that you are promptly notified of critical metrics and log anomalies that could indicate potential issues with your Azure deployments. To begin using the AMBA Portal Accelerator click the Deploy to Azure button below. Please refer to the detailed deployment instructions for further guidance. Deploy via the Azure Portal (Preview)
- Modular approach to Initiatives: Recognizing the limitations of a monolithic approach, we have deprecated the former Landing Zone Initiative. The initiative was becoming too large and impractical. Instead, We have adopted a modular approach by splitting the initiative into the following distinct components. For more details please visit: Policy Initiatives
- Key Management
- Load Balancing
- Network Changes
- Recovery Services
- Storage
- VM
- Web
- Threshold Override: Some resources need thresholds different from the baseline set in the Policy Definition. The Alert Threshold Override feature lets both Greenfield and Brownfield customers adjust these thresholds for specific resources, before or after deployment. By using a tag with a specific name and value, you can override the default alert threshold. This custom threshold applies only to the tagged resources, replacing the global parameter value. This feature is available only for metrics and log alerts. Learn more: Alert Threshold Override
- Custom tags and values to disable monitoring: The updated feature lets you specify both a tag name and a list of values. For example, if you have an “Environment” tag with values like “Production,” “Development,” or “Sandbox,” you can deploy alerts only for “Production” resources by disabling monitoring for those tagged as “Development” and “Sandbox.”
- Added new alert rule for Azure Key Vault Managed HSM. This has been included in both the Identity and Key Mananagement initiatives.
- Added new Daily Cap threshold alert on a Log Analytics workspace. This alert has been added to the Management initiative.
- Added new Application Insight Throttling alert. Included in the Web initiative.
- Added new ActivityLog Alert for deleting Application Insight. Added to the Web initiative.
- Added the ability to change the Application Gateway dynamic alert sensitivity
- Deprecated the Landing Zone Initiative
- Fixed [#280]: AGW Compute Units Alert and AGW Unhealthy Host Count Alert remain non-compliant after successful remediation
- Fixed [#278]: Deploy VNetG ExpressRoute CPU Utilization Alert remediation fails
- Fixed [#284]: AMBA policy ALZ_ServiceHealth_ActionGroups Missing when remediating AMBA policies
- Fixed [#253]: Deploying AMBA, older version used in documentation
- Fixed [#261]: displayname VMLowOSDisk(Write/Read)LatencyAlert should be VMHighOSDisk(Write/Read)LatencyAlert
- Fixed [#260]: No treshold parameter for ALZ alerts ALZ_WSFMemoryPercentage, ALZ_WSFCPUPercentage.
- Fixed casing in metadata.
- Fixed casing in policies.
- Fixed default values for multiple parameters used in the VM and Hybrid initiatives.
- Added new policies for ExpressRoute Ports to Connectivity table. Policy Initiatives
- Documentation update about unsupported/unrecommended Tenant Root Group deployment. FAQ
- New guidance for bringing you own Managed Identity. Bring Your Own User Assigned Managed Identity
- Update the Policy Initiatives documentation to include the Policy Reference ID and update the Policy Name column to use the display name of all the policies. Policy Initiatives
- Automation: New workflow that automates the process of creating ARM templates for Azure Policies/ PolicySets. The workflow is triggered by a pull request event and uses a bicep build to generate the templates.
- Added new PIDs for different additional deployment methods. Refer to Telemetry for more information.
- Added new initiative to monitor Azure Arc-enabled Virtual Machines. Alerting-HybridVM
- Changes the value of field minFailingPeriodsToAlert and numberOfEvaluationPeriods in the existenceCondition for the above alerts from 2 to 4 to fix the compliance evaluation issue.
- Changes the value of timeAggregation to Average for both Deploy AGW BackendLastByteResponseTime and Deploy AGW ApplicationGatewayTotalTime policy definitions. Issue #194
- Fixing case sensitive parameters Issue #185
- Updated the Deploy only Service Health Alert documentation. Addresses issues with using json-strings in cloud shell.
- Updated Existence Condition to detect and remediate configuration drift. The following parameters were added to the Existence Condition of the policies:
- Static alerts: EvaluationFrequency, WindowSize, Threshold, Severity, Operator, autoMitigate
- Dynamic alerts: alertSensitivity, numberOfEvaluationPeriods, minFailingPeriodsToAlert
- Added a suppression Alert Processing Rule, deployed as part of the notification Assets policy. Refer to Temporarily disabling notifications for more details.
- Supplying an email address for the Action Group is no longer mandatory.
- Bring your own Action Group and/or Alert Processing Rules. This feature will allow brownfield customers to use existing Action Groups and Alert Processing Rules. Please refer to Bring Your Own Notifications (BYON) for more details.
- Fixed operator for
SNATPortUtilization
for Azure Firewall - Corrected the name for the Deploy Activity Log Storage Account Delete Policy
- Updated deployment documentation to use the latest approved release.
- Updated the Deploy only Service Health Alert documentation.
- Updated the AMBA-ALZ Diagrams to include the new notification assets initiative and Action group options. AMBA-Diagram
- The action group has been enhanced to allow more choices for notifications and actions
- Email Azure Resource Manager Role
- Azure Function
- Event Hubs
- Logic App
- Webhook
- The service health initiative no longer includes the deployment of the Alert Processing Rule policy. Service Health now has its own Action Group.
- Added the Notification Assets initiative, which deploys the Alert Processing Rule and the Action Group used by the Connectivity, Identity, Management and Landing zone initiatives.
- New policy for Policy for Storage Account Deletion. Issue #76
- Updating the remediation script to allow for a better experience while remediating the new action group for Service Health
- Fixed: unable to deploy via pipeline using ubuntu-latest. Issue #64
- Fixed the PIP VIP alert existence condition to only check for standard SKU. Issue #80
- Updated Deploy with GitHub Actions addressing Issue #102
- Updated guidance for AMA in Monitoring and Alerting documentation
- The Service Health Policy Set Definition now includes parameters to set the Policy Effect. With this you can choose which Server Health alert rules are deployed. Note that the default value for the parameters is “deployIfNotExists”. The parameter file has been updated.
- Added alert rules in the Landing Zone Policy Set Definition.
- Front door (Microsoft.Cdn/profiles)
- Front door classic (Microsoft.Network/frontdoors)
- Traffic Manager (Microsoft.Network/trafficmanagerprofiles)
- App Service (Microsoft.Web/serverfarms)
- Update path in sample-workflow Issue #30
- Update sample commands in Start-AMBARemediation.ps1 Pull #49
- Fixes to Role Assignment cleanup, cleanup script Issue #42
- Fixed VSCode template validation error Issue #43
- How to modify individual policies - How to modify individual policies
- Added guidance to only Server Health alert rules - Deploy only Service Health Alerts
- New documentation on updating to a new release - Update to new releases
- FAQ Updates - Frequently Asked Questions