Quickstart: Create activity log alerts on service notifications using an ARM template

This article shows you how to set up activity log alerts for service health notifications by using an Azure Resource Manager template (ARM template).

An Azure Resource Manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. You describe your intended deployment without writing the sequence of programming commands to create the deployment.

Service health notifications are stored in the Azure activity log. Given the possibly large volume of information stored in the activity log, there is a separate user interface to make it easier to view and set up alerts on service health notifications.

You can receive an alert when Azure sends service health notifications to your Azure subscription. You can configure the alert based on:

• The class of service health notification (Service issues, Planned maintenance, Health advisories).
• The subscription affected.
• The service(s) affected.
• The region(s) affected.

Note

Service health notifications does not send an alert regarding resource health events.

You also can configure who the alert should be sent to:

• Select an existing action group.
• Create a new action group (that can be used for future alerts).

To learn more about action groups, see Create and manage action groups.

Prerequisites

• If you don't have an Azure subscription, create a free account before you begin.
• To run the commands from your local computer, install Azure CLI or the Azure PowerShell modules. For more information, see Install the Azure CLI and Install Azure PowerShell.

Review the template

The following template creates an action group with an email target and enables all service health notifications for the target subscription. Save this template as CreateServiceHealthAlert.json.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "actionGroups_name": {
      "type": "string",
      "defaultValue": "SubHealth"
    },
    "activityLogAlerts_name": {
      "type": "string",
      "defaultValue": "ServiceHealthActivityLogAlert"
    },
    "emailAddress": {
      "type": "string"
    }
  },
  "variables": {
    "alertScope": "[format('/subscriptions/{0}', subscription().subscriptionId)]"
  },
  "resources": [
    {
      "type": "microsoft.insights/actionGroups",
      "apiVersion": "2019-06-01",
      "name": "[parameters('actionGroups_name')]",
      "location": "Global",
      "properties": {
        "groupShortName": "[parameters('actionGroups_name')]",
        "enabled": true,
        "emailReceivers": [
          {
            "name": "[parameters('actionGroups_name')]",
            "emailAddress": "[parameters('emailAddress')]"
          }
        ],
        "smsReceivers": [],
        "webhookReceivers": []
      }
    },
    {
      "type": "microsoft.insights/activityLogAlerts",
      "apiVersion": "2017-04-01",
      "name": "[parameters('activityLogAlerts_name')]",
      "location": "Global",
      "properties": {
        "scopes": [
          "[variables('alertScope')]"
        ],
        "condition": {
          "allOf": [
            {
              "field": "category",
              "equals": "ServiceHealth"
            },
            {
              "field": "properties.incidentType",
              "equals": "Incident"
            }
          ]
        },
        "actions": {
          "actionGroups": [
            {
              "actionGroupId": "[resourceId('microsoft.insights/actionGroups', parameters('actionGroups_name'))]",
              "webhookProperties": {}
            }
          ]
        },
        "enabled": true
      },
      "dependsOn": [
        "[resourceId('microsoft.insights/actionGroups', parameters('actionGroups_name'))]"
      ]
    }
  ]
}

The template defines two resources:

• Microsoft.Insights/actionGroups
• Microsoft.Insights/activityLogAlerts

Deploy the template

Deploy the template using any standard method for deploying an ARM template such as the following examples using CLI and PowerShell. Replace the sample values for Resource Group and emailAddress with appropriate values for your environment.

CLI

az login
az deployment group create --name CreateServiceHealthAlert --resource-group my-resource-group --template-file CreateServiceHealthAlert.json --parameters emailAddress='user@contoso.com'

PowerShell

Connect-AzAccount
Select-AzSubscription -SubscriptionName my-subscription
New-AzResourceGroupDeployment -Name CreateServiceHealthAlert -ResourceGroupName my-resource-group -TemplateFile CreateServiceHealthAlert.json -emailAddress user@contoso.com

Validate the deployment

Verify that the workspace has been created using one of the following commands. Replace the sample values for Resource Group with the value you used above.

CLI

az monitor activity-log alert show --resource-group my-resource-group --name ServiceHealthActivityLogAlert

PowerShell

Get-AzActivityLogAlert -ResourceGroupName my-resource-group -Name ServiceHealthActivityLogAlert

Clean up resources

If you plan to continue working with subsequent quickstarts and tutorials, you might want to leave these resources in place. When no longer needed, delete the resource group, which deletes the alert rule and the related resources. To delete the resource group by using Azure CLI or Azure PowerShell

CLI

az group delete --name my-resource-group

PowerShell

Remove-AzResourceGroup -Name my-resource-group

Next steps

• Learn about best practices for setting up Azure Service Health alerts.
• Learn how to setup mobile push notifications for Azure Service Health.
• Learn how to configure webhook notifications for existing problem management systems.
• Learn about service health notifications.
• Learn about notification rate limiting.
• Review the activity log alert webhook schema.
• Get an overview of activity log alerts, and learn how to receive alerts.
• Learn more about action groups.