1 min read
Azure Monitor Alerts and Action Groups
I wrote “Azure Monitor Alerts and Action Groups” to share practical, production-minded guidance on this topic.
Alert Types
- Metric Alerts: CPU > 80% for 5 minutes
- Log Alerts: Error count > 100 in last hour
- Activity Log Alerts: VM stopped, deployment failed
- Smart Alerts: AI-detected anomalies
Creating a Metric Alert
az monitor metrics alert create \
--name "High CPU Alert" \
--resource-group myResourceGroup \
--scopes /subscriptions/.../Microsoft.Compute/virtualMachines/myVM \
--condition "avg Percentage CPU > 80" \
--window-size 5m \
--evaluation-frequency 1m \
--action /subscriptions/.../actionGroups/myActionGroup
Log Alert with KQL
az monitor scheduled-query create \
--name "Error Rate Alert" \
--resource-group myResourceGroup \
--scopes /subscriptions/.../Microsoft.OperationalInsights/workspaces/myWorkspace \
--condition "count 'requests | where resultCode >= 500' > 100" \
--condition-query "requests | where resultCode >= 500 | summarize count()" \
--window-size 60 \
--evaluation-frequency 5 \
--action /subscriptions/.../actionGroups/myActionGroup
Action Groups
{
"emailReceivers": [
{"name": "oncall", "emailAddress": "oncall@company.com"}
],
"smsReceivers": [
{"name": "emergency", "countryCode": "61", "phoneNumber": "400000000"}
],
"webhookReceivers": [
{"name": "pagerduty", "serviceUri": "https://events.pagerduty.com/..."}
],
"azureFunctionReceivers": [
{
"name": "auto-remediate",
"functionAppResourceId": "/subscriptions/.../sites/myfunction",
"functionName": "HandleAlert"
}
]
}
Best Practices
- Start with severity levels (Sev 0-4)
- Route to appropriate teams based on severity
- Include runbook links in alert description
- Suppress during maintenance windows
- Auto-remediate when possible
Alerts should be actionable. If you can’t do anything about it, it’s noise.\n\n## Takeaways\n\nAdd a concise, personal takeaway and recommended next steps here.\n