Azure Monitor Baseline Alerts (Preview)
Published Tuesday, May 2, 2023
Overview
As we continue to evolve the Azure landing zone (ALZ) product, if you follow the ALZ community calls or read the whats-new monthly releases you will see we are continuously enhancing documentation and architecture to accommodate changes to the Azure platform.
Over the past few months, we have been working behind the scenes and with a few select customers to develop a solution to help more easily accelerate and adopt Azure Monitor as part of onboarding to Azure or Enhancing your existing Azure / ALZ investment. Working alongside the Azure Monitor product group we have identified a number of opportunities:
- Azure Monitor Baseline Alerts (this post)
- Azure Monitor Alert Management
- Azure Monitor Visualization and Dashboards
- Azure Monitor Optimization (Cost)
We recognize for ALZ today whilst we provide and enforce policies that send diagnostic logs to a central Log Analytics workspace, we need to do more to help our customers with their observability journey and maturity.
Based on the themes we identified above we have been working hard to build out a solution starting with Azure Monitor Baseline Alerts. Whilst we encourage all new and existing Azure customers to align to Azure landing zone architecure, we appreciate that this may not be possible in the short term and therefore have also provided brownfield scenario's that customers may be more familiar with to allow you to benefit from the solution.
What does the Baseline Alerts solution include?
The solution is located in GitHub https://aka.ms/alz/monitor/repo and contains a list of recommended Azure Monitor metric and activity log alert rules for the Azure Infrastructure platform. We've worked to collate these alert rules into a single location with recommended values such as threshold. A full list of the alert details can be found here.
Each of the alert rules documented have been compiled into Azure Policy definitions and these have then been packaged into logical Policy Initiatives based on the ALZ management group structure Management groups - Cloud Adoption Framework | Microsoft Learn as demonstrated below.
As previously mentioned, we have also provided guidance for customers who do not have a management group structure aligned to ALZ and more details can be found in the deployment guide DeploymentGuide ยท Azure/alz-monitor Wiki (github.com).
The baseline alerts solution is a framework built on Azure Policy that is extensible and flexible to allow you to choose which alert rules you wish to deploy, ability to change the thresholds to suit and provides the ability to disable alerts (once deployed) should you wish to do so. You can also build additional alert rule policies and add these to the initiatives if you require additional alerts not included as part of the baseline solution (see contribution guide if you want to us to consider these for inclusion in the baseline solution).
There are numerous ways to deploy the baseline solution and we have catered for a few of these including for automation GitHub action (ADO sample on its way), manually via CLI or PowerShell. We deploy using Bicep and also provide ARM templates in JSON format for the policies and initiatives if you wanted to cherry pick policies to use and deploy manually.
As we move from preview, we'll be moving the repo into the ALZ repo and working to include the solution as part of the default ALZ deployments via Portal, Bicep and Terraform reference implementations. We'll also continue to make sure this can be modularized, so customers not aligned to ALZ continue to be able to leverage the baseline solution.
Call to Action
As titled the solution is in preview, please do make sure you test this in your dev / test environments to make sure you are comfortable with the solution and how it works. We'll continue to make changes as we receive great feedback and will be updating the what's new page as we provide updates. If you have any feedback we'd love to hear from you, please use the Issues in the GitHub repo to provide details.
