Enhancements to Azure Monitor Baseline Alerts for Azure Landing Zones

Introduction

 

Welcome to our latest blog post where we dive into a number of exciting new key updates, highlight the new portal accelerator, and explain how to begin using it with just a few easy steps.

 

Azure Monitor Baseline Alerts offers a robust solution with recommended alert rules for Azure services. These best-practice rules can be deployed via ARM and Bicep templates or as Azure Policy definitions. Additionally, there are a growing list of patterns within AMBA offering guidance and deployment methods for monitoring different scenarios like the Azure Landing Zones pattern.

 

As cloud technologies evolve, so do the tools and frameworks that support effective management and monitoring of these environments. We have recently introduced several exciting updates to Azure Monitor Baseline Alerts (AMBA) for Azure Landing Zones (ALZ). These updates are designed to provide a more modular, flexible, and comprehensive monitoring experience.

 

Updated ALZ Portal Accelerator

 

In tandem with the new AMBA features, the ALZ Portal Accelerator has also been updated. This includes integration of the latest AMBA capabilities, providing a seamless and cohesive monitoring setup experience. The updated accelerator ensures that users have access to the most recent tools and features, enhancing the overall efficiency and effectiveness of their monitoring strategies.

 

• The ALZ portal accelerator is designed for initial setup of Azure Landing Zones in a new environment where Email, ARM Roles and Webhooks can be selected as part of the initial deployment
• AMBA ALZ pattern now also supports Logic Apps, Functions or Event Hubs as well as 'Bring your own Action Group' however, this requires these resources to be deployed prior to deployment. 
  • When planning to deploy AMBA with these settings, first disable AMBA within the ALZ portal accelerator. Then, configure the required resources for your Logic App, Function, or Event Hub, and afterwards, use the AMBA portal accelerator to complete the deployment (read the following section to learn more).

 

Introducing the AMBA Portal Accelerator (Preview)

 

We are thrilled to introduce the Azure Monitor Baseline Alerts Accelerator, now available in preview! The new deployment method is accessible directly through the Azure Portal UI, providing a user-friendly interface that guides you through the setup process. This means you can deploy alerts faster and with greater confidence. It simplifies the process of setting up baseline alerts, expediting customers to increase their Observability maturity within their Azure environment with minimal effort or expertise. This ensures that you are promptly notified of critical metrics and log anomalies that could indicate potential issues with your Azure workloads.

 

How to get started

 

To begin using the AMBA Portal Accelerator click the Deploy to Azure button below. Please refer to the detailed deployment instructions for further guidance. Deploy via the Azure Portal (Preview) | Azure Monitor Baseline Alerts

 

Screenshot of Azure Landing Zone portal Accelerator

 

 

Modular Approach to AMBA ALZ Policy Initiatives

 

To allow us to provide more flexibility for future growth we are transitioning from a single Landing Zone policy initiative and instead we are adopting a modular approach by splitting the Landing Zone initiative into the following distinct components (initiatives):

 

• Key Management
• Load Balancing
• Network Changes
• Recovery Services
• Storage
• VM
• Web

 

This flexibility and customization, enabling organizations to pick and modify components as needed without being confined to a uniform solution.

 

For more details please visit: Policy Initiatives | Azure Monitor Baseline Alerts

 

Monitoring for Arc-enabled Servers

 

We have introduced Hybrid support with new policies for monitoring Arc-enabled servers, expanding the capabilities and reach of Azure Monitor. These Azure policies ensure that Arc-enabled servers are continuously monitored, providing insights and alerts that help maintain the health and performance of hybrid and multi-cloud environments.

 

Enhanced conditions for auditing and correcting configuration drift

 

We are implementing extra checks to enhance detailed auditing of the AMBA-controlled configuration. This will help detect if modifications have occurred and will provide greater assurance to centralized teams that workloads adhere to the baseline configuration.

 

To better detect and remediate configuration drift, the Existence Condition in the Azure policies has been updated. The following parameters have been added:

 

Static Alerts:

 

• EvaluationFrequency
• WindowSize
• Threshold*
• Severity
• Operator
• autoMitigate

 

* We understand that the threshold shouldn't always be rigidly set, permitting individual workloads to vary from central baseline guidelines without being marked as non-compliant. Refer to the overrides in the next section for more details.

 

Dynamic Alerts:

 

• alertSensitivity
• numberOfEvaluationPeriods
• minFailingPeriodsToAlert

 

These parameters help us more effectively detect changes in alert rules while also making it easier to deploy configuration updates for timely detection and response.

 

Threshold Override

 

In the case that individual workloads require a different threshold profile for their workload metrics and log alerts we are introducing the Threshold Override feature. This feature lets both new and existing customers adjust these thresholds for specific resources. We've introduced a tag with a specific name and value that is used to override the default alert threshold.

 

Learn more: Alert Threshold Override | Azure Monitor Baseline Alerts

 

Bring Your Own Action Group and Alert Processing Rules

 

To assist existing Azure customers, you can now use your own Action Groups and Alert Processing Rules. This capability provides greater adaptability and facilitates seamless integration with current monitoring and notification setups.

 

Learn more: Bring Your Own Notifications | Azure Monitor Baseline Alerts

 

Enhanced Action Group Capabilities

 

Action Groups have been enhanced to offer more choices for notifications and actions. The new options include:

 

• Email Azure Resource Manager Role
• Azure Function
• Event Hubs
• Logic App
• Webhook

 

These enhancements provide more ways to integrate alert responses with existing workflows and automation processes, ensuring timely and effective action.

 

New Alert Rules

 

To further expand monitoring capabilities, new alert rules have been added for the following services:

 

• Front Door
• Front Door Classic
• Traffic Manager
• App Service
• Azure Key Vault Managed HSM
• Daily Cap threshold alert on a Log Analytics workspace

 

We are currently developing the Azure policies for following alert rules, which will be added in the near future.

 

• Built-in Alerts for Azure Site Recovery
• Azure Monitor Ingestion limit alert
• Application Insight Throttling alert
• ActivityLog Alert for deleting Application Insight

 

These new alert rules enable more comprehensive monitoring of critical Azure services, ensuring that issues are detected and addressed promptly.

 

Other changes

 

• Suppression Alert Processing Rule: A new suppression Alert Processing Rule has been added, deployed as part of the notification assets policy. This rule permits the silencing of alerts under certain circumstances, such as during maintenance windows.
• Decoupled the action group deployment from the Service Health Initiative: The primary Action Group and Alert Processing Rule have now been implemented via a specific initiative called “Notification Assets.” Meanwhile, a secondary action group focused on Service Health continues to be integrated within the Service Health initiative.
• Custom tags and values to disable monitoring: The updated feature lets you specify both a tag name and a list of values. For example, if you have an "Environment" tag with values like "Production," "Development," or "Sandbox," you can deploy alerts only for "Production" resources by disabling monitoring for those tagged as "Development" and "Sandbox."

 

Next steps

To benefit from these latest features see the following guidance to update your environment. 

 

- Update to a new release: https://aka.ms/amba/alz/update

 

For further information see the following links:

 

- Latest on AMBA for ALZ: https://aka.ms/amba/alz/whatsnew

 - Learn more: https://aka.ms/alz/amba 

 - Get started: https://aka.ms/amba/alz/deploy 

 

Thank you to everyone that has provided feedback that has influenced the features that were released in this announcement. If you have any further feedback please the following link.

 

- Feedback: https://aka.ms/amba/issues