您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

在 Azure 门户中创建和管理器操作组Create and manage action groups in the Azure portal

操作组是由 Azure 订阅的所有者定义的通知首选项的集合。An action group is a collection of notification preferences defined by the owner of an Azure subscription. Azure Monitor 和服务运行状况警报使用操作组来通知用户某个警报已触发。Azure Monitor and Service Health alerts use action groups to notify users that an alert has been triggered. 各种警报可以使用相同的操作组或不同的操作组,具体取决于用户的要求。Various alerts may use the same action group or different action groups depending on the user's requirements. 可以在订阅中最多配置 2,000 个操作组。You may configure up to 2,000 action groups in a subscription.

本文演示如何在 Azure 门户中创建和管理操作组。This article shows you how to create and manage action groups in the Azure portal.

每个操作包含以下属性:Each action is made up of the following properties:

  • 类型:已执行的通知或操作。Type: The notification or action performed. 示例包括发送语音呼叫、短信、电子邮件,或者触发各种类型的自动化操作。Examples include sending a voice call, SMS, email; or triggering various types of automated actions. 请参阅本文下文中的“类型”。See types later in this article.
  • Name:操作组中的唯一标识符。Name: A unique identifier within the action group.
  • 详细信息:因“类型”而异的相应详细信息。Details: The corresponding details that vary by type.

有关如何使用 Azure 资源管理器模板以配置操作组的信息,请参阅操作组资源管理器模板For information on how to use Azure Resource Manager templates to configure action groups, see Action group Resource Manager templates.

使用 Azure 门户创建操作组Create an action group by using the Azure portal

  1. Azure 门户中,搜索并选择“监视”。In the Azure portal, search for and select Monitor. “监视”窗格将所有监视设置和数据合并到一个视图中。The Monitor pane consolidates all your monitoring settings and data in one view.

  2. 依次选择“警报”、“管理操作” 。Select Alerts, then select Manage actions.

    “管理操作”按钮

  3. 选择“添加操作组”,并在向导体验中填写相关字段。Select Add action group, and fill in the relevant fields in the wizard experience.

    “添加操作组”命令

配置基本操作组设置Configure basic action group settings

在“项目详细信息”下:Under Project details:

选择在其中保存操作组的“订阅”和“资源组” 。Select the Subscription and Resource group in which the action group is saved.

在“实例详细信息”下:Under Instance details:

  1. 输入“操作组名称”。Enter an Action group name.

  2. 输入“显示名称”。Enter a Display name. 使用此组发送通知时,显示名称被用来代替完整的操作组名称。The display name is used in place of a full action group name when notifications are sent using this group.

    “添加操作组”对话框

配置通知Configure notifications

  1. 单击“下一步:通知 >”按钮以移动到“通知”选项卡,或选择屏幕顶部的“通知”选项卡 。Click the Next: Notifications > button to move to the Notifications tab, or select the Notifications tab at the top of the screen.

  2. 定义触发警报时要发送的通知的列表。Define a list of notifications to send when an alert is triggered. 为每个通知提供以下信息:Provide the following for each notification:

    a.a. 通知类型:选择要发送的通知的类型。Notification type: Select the type of notification you want to send. 可用选项是:The available options are:

    • 向 Azure 资源管理器角色发送电子邮件 - 将电子邮件发送给分配有某些订阅级别 ARM 角色的用户。Email Azure Resource Manager Role - Send an email to users assigned to certain subscription-level ARM roles.
    • 电子邮件/短信/推送/语音 - 将这些通知类型发送给特定收件人。Email/SMS/Push/Voice - Send these notification types to specific recipients.

    b.b. 名称:输入通知的唯一名称。Name: Enter a unique name for the notification.

    c.c. 详细信息:根据所选的通知类型,输入电子邮件地址、电话号码等。Details: Based on the selected notification type, enter an email address, phone number, etc.

    d.d. 常见警报架构:可以选择启用常见警报架构,这可获得在 Azure Monitor 中的所有警报服务中具有单个可扩展和统一的警报有效负载的优势。Common alert schema: You can choose to enable the common alert schema, which provides the advantage of having a single extensible and unified alert payload across all the alert services in Azure Monitor.

    “通知”选项卡

配置操作Configure actions

  1. 单击“下一步:操作 >”按钮以移动到“操作”选项卡,或选择屏幕顶部的“操作”选项卡 。Click the Next: Actions > button to move to the Actions tab, or select the Actions tab at the top of the screen.

  2. 定义触发警报时要触发的操作的列表。Define a list of actions to trigger when an alert is triggered. 为每个操作提供以下内容:Provide the following for each action:

    a.a. 操作类型:选择自动化 Runbook、Azure 函数、ITSM、逻辑应用、安全 Webhook、webhook。Action type: Select Automation Runbook, Azure Function, ITSM, Logic App, Secure Webhook, Webhook.

    b.b. 名称:输入操作的唯一名称。Name: Enter a unique name for the action.

    c.c. 详细信息:根据操作类型,输入 webhook URI、Azure 应用、ITSM 连接或自动化 runbook。Details: Based on the action type, enter a webhook URI, Azure app, ITSM connection, or Automation runbook. 对于 ITSM 操作,另外指定 ITSM 工具需要的“工作项”和其他字段。For ITSM Action, additionally specify Work Item and other fields your ITSM tool requires.

    d.d. 常见警报架构:可以选择启用常见警报架构,这可获得在 Azure Monitor 中的所有警报服务中具有单个可扩展和统一的警报有效负载的优势。Common alert schema: You can choose to enable the common alert schema, which provides the advantage of having a single extensible and unified alert payload across all the alert services in Azure Monitor.

    “操作”选项卡

创建操作组Create the action group

  1. 如果你愿意,可以浏览“选项卡”设置。You can explore the Tags settings if you like. 这使你可将键/值对关联到操作组以进行分类,并且该功能可用于任何 Azure 资源。This lets you associate key/value pairs to the action group for your categorization and is a feature available for any Azure resource.

    “标记”选项卡

  2. 单击“查看 + 创建”以查看设置。Click Review + create to review the settings. 这将快速验证输入,确保已选择所有必填字段。This will do a quick validation of your inputs to make sure all the required fields are selected. 如果有问题,将在此处报告。If there are issues, they'll be reported here. 查看设置后,单击“创建”预配操作组。Once you've reviewed the settings, click Create to provision the action group.

    “查看 + 创建”选项卡

备注

当配置操作来通过电子邮件或短信通知某个人员时,该人员将收到确认,指出其已被添加到操作组。When you configure an action to notify a person by email or SMS, they receive a confirmation indicating they have been added to the action group.

管理操作组Manage your action groups

创建操作组后,可以通过从“监视”窗格中的“警报”登陆页面中选择“管理操作”来查看“操作组” 。After you create an action group, you can view Action groups by selecting Manage actions from the Alerts landing page in Monitor pane. 选择要管理的操作组:Select the action group you want to manage to:

  • 添加、编辑或删除操作。Add, edit, or remove actions.
  • 删除操作组。Delete the action group.

特定于操作的信息Action specific information

备注

请参阅针对监视的订阅服务限制,了解下面每个项的数值限制。See Subscription Service Limits for Monitoring for numeric limits on each of the items below.

自动化 RunbookAutomation Runbook

有关针对 Runbook 有效负载的限制,请参阅 Azure 订阅服务限制Refer to the Azure subscription service limits for limits on Runbook payloads.

操作组中的 Runbook 操作数可能有限。You may have a limited number of Runbook actions in an Action Group.

Azure 应用推送通知Azure app Push Notifications

操作组中的 Azure 应用操作数可能有限。You may have a limited number of Azure app actions in an Action Group.

电子邮件Email

将从以下电子邮件地址发送电子邮件。Emails will be sent from the following email addresses. 确保电子邮件筛选正确配置Ensure that your email filtering is configured appropriately

  • azure-noreply@microsoft.com
  • azureemail-noreply@microsoft.com
  • alerts-noreply@mail.windowsazure.com

操作组中的电子邮件操作数可能有限。You may have a limited number of email actions in an Action Group. 请参阅速率限制信息一文。See the rate limiting information article.

通过电子邮件发送 Azure 资源管理器角色Email Azure Resource Manager Role

向订阅角色的成员发送电子邮件。Send email to the members of the subscription's role. 电子邮件将仅发送给该角色的“Azure AD 用户”成员。Email will only be sent to Azure AD user members of the role. 不会将电子邮件发送到 Azure AD 组或服务主体。Email will not be sent to Azure AD groups or service principals.

通知电子邮件只发送到 主电子邮件 地址。A notification email is sent only to the primary email address.

操作组中的电子邮件操作数可能有限。You may have a limited number of email actions in an Action Group. 请参阅速率限制信息一文。See the rate limiting information article.

函数Function

调用 Azure Functions 中的现有 HTTP 触发器终结点。Calls an existing HTTP trigger endpoint in Azure Functions.

操作组中的函数操作数可能有限。You may have a limited number of Function actions in an Action Group.

ITSMITSM

ITSM 操作需要 ITSM 连接。ITSM Action requires an ITSM Connection. 了解如何创建 ITSM 连接Learn how to create an ITSM Connection.

操作组中的 ITSM 操作数可能有限。You may have a limited number of ITSM actions in an Action Group.

逻辑应用Logic App

操作组中的逻辑应用操作数可能有限。You may have a limited number of Logic App actions in an Action Group.

安全 WebhookSecure Webhook

操作组 Webhook 操作使你能够利用 Azure Active Directory 来保护操作组和受保护的 Web API(Webhook 终结点)之间的连接。The Action Groups Webhook action enables you to take advantage of Azure Active Directory to secure the connection between your action group and your protected web API (webhook endpoint). 下面介绍了利用此功能的整个工作流。The overall workflow for taking advantage of this functionality is described below. 有关 Azure AD 应用程序和服务主体的概述,请参阅 Microsoft 标识平台 (v2.0) 概述For an overview of Azure AD Applications and service principals, see Microsoft identity platform (v2.0) overview.

  1. 针对受保护的 Web API 创建 Azure AD 应用程序。Create an Azure AD Application for your protected web API. 请参阅受保护的 Web API:应用注册中的说明进行操作。See Protected web API: App registration.

  2. 启用操作组以使用 Azure AD 应用程序。Enable Action Groups to use your Azure AD Application.

    备注

    你必须是 Azure AD 应用程序管理员角色的成员才能执行此脚本。You must be a member of the Azure AD Application Administrator role to execute this script.

    • 修改 PowerShell 脚本的 Connect-AzureAD 调用以使用 Azure AD 租户 ID。Modify the PowerShell script's Connect-AzureAD call to use your Azure AD Tenant ID.
    • 修改 PowerShell 脚本的变量 $myAzureADApplicationObjectId,以便使用 Azure AD 应用程序的对象 ID。Modify the PowerShell script's variable $myAzureADApplicationObjectId to use the Object ID of your Azure AD Application.
    • 运行修改的脚本。Run the modified script.
  3. 配置操作组安全 Webhook 操作。Configure the Action Group Secure Webhook action.

    • 从脚本中复制值 $myApp.ObjectId,并将其输入到 Webhook 操作定义中的“应用程序对象 ID”字段。Copy the value $myApp.ObjectId from the script and enter it in the Application Object ID field in the Webhook action definition.

    保护 Webhook 操作

安全 Webhook PowerShell 脚本Secure Webhook PowerShell Script

Connect-AzureAD -TenantId "<provide your Azure AD tenant ID here>"
    
# This is your Azure AD Application's ObjectId. 
$myAzureADApplicationObjectId = "<the Object Id of your Azure AD Application>"
    
# This is the Action Groups Azure AD AppId
$actionGroupsAppId = "461e8683-5575-4561-ac7f-899cc907d62a"
    
# This is the name of the new role we will add to your Azure AD Application
$actionGroupRoleName = "ActionGroupsSecureWebhook"
    
# Create an application role of given name and description
Function CreateAppRole([string] $Name, [string] $Description)
{
    $appRole = New-Object Microsoft.Open.AzureAD.Model.AppRole
    $appRole.AllowedMemberTypes = New-Object System.Collections.Generic.List[string]
    $appRole.AllowedMemberTypes.Add("Application");
    $appRole.DisplayName = $Name
    $appRole.Id = New-Guid
    $appRole.IsEnabled = $true
    $appRole.Description = $Description
    $appRole.Value = $Name;
    return $appRole
}
    
# Get my Azure AD Application, it's roles and service principal
$myApp = Get-AzureADApplication -ObjectId $myAzureADApplicationObjectId
$myAppRoles = $myApp.AppRoles
$actionGroupsSP = Get-AzureADServicePrincipal -Filter ("appId eq '" + $actionGroupsAppId + "'")

Write-Host "App Roles before addition of new role.."
Write-Host $myAppRoles
    
# Create the role if it doesn't exist
if ($myAppRoles -match "ActionGroupsSecureWebhook")
{
    Write-Host "The Action Groups role is already defined.`n"
}
else
{
    $myServicePrincipal = Get-AzureADServicePrincipal -Filter ("appId eq '" + $myApp.AppId + "'")
    
    # Add our new role to the Azure AD Application
    $newRole = CreateAppRole -Name $actionGroupRoleName -Description "This is a role for Action Groups to join"
    $myAppRoles.Add($newRole)
    Set-AzureADApplication -ObjectId $myApp.ObjectId -AppRoles $myAppRoles
}
    
# Create the service principal if it doesn't exist
if ($actionGroupsSP -match "AzNS AAD Webhook")
{
    Write-Host "The Service principal is already defined.`n"
}
else
{
    # Create a service principal for the Action Groups Azure AD Application and add it to the role
    $actionGroupsSP = New-AzureADServicePrincipal -AppId $actionGroupsAppId
}
    
New-AzureADServiceAppRoleAssignment -Id $myApp.AppRoles[0].Id -ResourceId $myServicePrincipal.ObjectId -ObjectId $actionGroupsSP.ObjectId -PrincipalId $actionGroupsSP.ObjectId
    
Write-Host "My Azure AD Application ($myApp.ObjectId): " + $myApp.ObjectId
Write-Host "My Azure AD Application's Roles"
Write-Host $myApp.AppRoles

SMSSMS

有关其他重要信息,请参阅速率限制信息短信警报行为See the rate limiting information and SMS alert behavior for additional important information.

操作组中的短信操作数可能有限。You may have a limited number of SMS actions in an Action Group.

备注

如果在 Azure 门户操作组用户界面无法选择你的国家/地区代码,则表示你所在的国家/地区不支持短信。If the Azure portal action group user interface does not let you select your country/region code, then SMS is not supported for your country/region. 如果你的国家/地区代码不可用,则可以在用户之声投票以请求添加你的国家/地区。If your country/region code is not available, you can vote to have your country/region added at user voice. 此时,一个解决办法是使操作组向你所在国家/地区支持的第三方短信提供商调用 Webhook。In the meantime, a work around is to have your action group call a webhook to a third-party SMS provider with support in your country/region.

受支持国家/地区的定价在 Azure Monitor 定价页中列出。Pricing for supported countries/regions is listed in the Azure Monitor pricing page.

语音Voice

有关其他重要行为,请参阅速率限制信息一文。See the rate limiting information article for additional important behavior.

操作组中的语音操作数可能有限。You may have a limited number of Voice actions in an Action Group.

备注

如果在 Azure 门户操作组用户界面无法选择你的国家/地区代码,则表示你所在的国家/地区不支持语音呼叫。If the Azure portal action group user interface does not let you select your country/region code, then voice calls are not supported for your country/region. 如果你的国家/地区代码不可用,则可以在用户之声投票以请求添加你的国家/地区。If your country/region code is not available, you can vote to have your country/region added at user voice. 此时,一个解决办法是使操作组向你所在国家/地区支持的第三方语音呼叫提供商调用 Webhook。In the meantime, a work around is to have your action group call a webhook to a third-party voice call provider with support in your country/region.

受支持国家/地区的定价在 Azure Monitor 定价页中列出。Pricing for supported countries/regions is listed in the Azure Monitor pricing page.

WebhookWebhook

Webhook 使用以下规则进行处理Webhooks are processed using the following rules

  • 最多尝试三次 Webhook 调用。A webhook call is attempted a maximum of 3 times.
  • 如果在超时期限内未收到响应,或者返回以下 HTTP 状态代码之一,将重试此调用:408、429、503 或 504。The call will be retried if a response is not received within the timeout period or one of the following HTTP status codes is returned: 408, 429, 503 or 504.
  • 第一次调用将等待响应 10 秒。The first call will wait 10 seconds for a response.
  • 第二次和第三次尝试将等待响应 30 秒。The second and third attempts will wait 30 seconds for a response.
  • 三次尝试调用 Webhook 失败后,任何操作组在 15 分钟内都不会再调用该终结点。After the 3 attempts to call the webhook have failed no action group will call the endpoint for 15 minutes.

源 IP 地址范围Source IP address ranges

  • 13.72.19.23213.72.19.232
  • 13.106.57.18113.106.57.181
  • 13.106.54.313.106.54.3
  • 13.106.54.1913.106.54.19
  • 13.106.38.14213.106.38.142
  • 13.106.38.14813.106.38.148
  • 13.106.57.19613.106.57.196
  • 13.106.57.19713.106.57.197
  • 52.244.68.11752.244.68.117
  • 52.244.65.13752.244.65.137
  • 52.183.31.052.183.31.0
  • 52.184.145.16652.184.145.166
  • 51.4.138.19951.4.138.199
  • 51.5.148.8651.5.148.86
  • 51.5.149.1951.5.149.19

若要接收有关这些 IP 地址更改的更新,建议配置监视有关操作组服务的信息通知的服务运行状况警报。To receive updates about changes to these IP addresses, we recommend you configure a Service Health alert, which monitors for Informational notifications about the Action Groups service.

操作组中的 Webhook 操作数可能有限。You may have a limited number of Webhook actions in an Action Group.

服务标记Service Tag

服务标记代表给定 Azure 服务中的一组 IP 地址前缀。A service tag represents a group of IP address prefixes from a given Azure service. Microsoft 管理服务标记包含的地址前缀,并在地址发生更改时自动更新服务标记,从而最大程度地减少对操作组的网络安全规则的频繁更新的复杂性。Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules for an ActionGroup.

  1. 在 "Azure 服务的 Azure 门户" 下搜索 " 网络安全组"。In Azure portal under Azure Services search for Network Security Group.

  2. 单击 " 添加 " 并创建网络安全组。Click on Add and create a Network Security Group.

    1. 添加资源组名称,然后输入 " 实例详细信息"。Add the Resource Group Name and then enter Instance Details.
    2. 单击 " 查看 + 创建 ",然后单击 " 创建"。Click on Review + Create and then click Create.

    如何创建网络安全组的示例。

  3. 中转到 "资源组",然后单击已创建的 网络安全组Go to Resource Group and then click on Network Security Group you have created.

    1. 选择 " 入站安全规则"。Select Inbound Security Rules.
    2. 单击 " 添加"。Click on Add.

    有关如何添加服务标记的示例。

  4. 将在右侧窗格中打开一个新窗口。A new window will open in right pane.

    1. 选择源: 服务标记Select Source: Service Tag
    2. 源服务标记: 操作组Source Service Tag: ActionGroup
    3. 单击“添加”。Click Add.

    有关如何添加服务标记的示例。

使用操作组的 服务标记 有助于最大程度地降低频繁更新 IP 地址的复杂性。Using Service Tag for ActionGroup helps with minimizing the complexity of frequent updates to IP addresses.

后续步骤Next steps