Enhancements to Azure Monitor Baseline Alerts for Azure Landing Zones
Introduction
Welcome to our latest blog post where we dive into a number of exciting new key updates, highlight the new portal accelerator, and explain how to begin using it with just a few easy steps.
Azure Monitor Baseline Alerts offers a robust solution with recommended alert rules for Azure services. These best-practice rules can be deployed via ARM and Bicep templates or as Azure Policy definitions. Additionally, there are a growing list of patterns within AMBA offering guidance and deployment methods for monitoring different scenarios like the Azure Landing Zones pattern.
As cloud technologies evolve, so do the tools and frameworks that support effective management and monitoring of these environments. We have recently introduced several exciting updates to Azure Monitor Baseline Alerts (AMBA) for Azure Landing Zones (ALZ). These updates are designed to provide a more modular, flexible, and comprehensive monitoring experience.
Updated ALZ Portal Accelerator
In tandem with the new AMBA features, the ALZ Portal Accelerator has also been updated. This includes integration of the latest AMBA capabilities, providing a seamless and cohesive monitoring setup experience. The updated accelerator ensures that users have access to the most recent tools and features, enhancing the overall efficiency and effectiveness of their monitoring strategies.
- The ALZ portal accelerator is designed for initial setup of Azure Landing Zones in a new environment where Email, ARM Roles and Webhooks can be selected as part of the initial deployment
- AMBA ALZ pattern now also supports Logic Apps, Functions or Event Hubs as well as 'Bring your own Action Group' however, this requires these resources to be deployed prior to deployment.
- When planning to deploy AMBA with these settings, first disable AMBA within the ALZ portal accelerator. Then, configure the required resources for your Logic App, Function, or Event Hub, and afterwards, use the AMBA portal accelerator to complete the deployment (read the following section to learn more).
Introducing the AMBA Portal Accelerator (Preview)
We are thrilled to introduce the Azure Monitor Baseline Alerts Accelerator, now available in preview! The new deployment method is accessible directly through the Azure Portal UI, providing a user-friendly interface that guides you through the setup process. This means you can deploy alerts faster and with greater confidence. It simplifies the process of setting up baseline alerts, expediting customers to increase their Observability maturity within their Azure environment with minimal effort or expertise. This ensures that you are promptly notified of critical metrics and log anomalies that could indicate potential issues with your Azure workloads.
How to get started
To begin using the AMBA Portal Accelerator click the Deploy to Azure button below. Please refer to the detailed deployment instructions for further guidance. Deploy via the Azure Portal (Preview) | Azure Monitor Baseline Alerts
Modular Approach to AMBA ALZ Policy Initiatives
To allow us to provide more flexibility for future growth we are transitioning from a single Landing Zone policy initiative and instead we are adopting a modular approach by splitting the Landing Zone initiative into the following distinct components (initiatives):
- Key Management
- Load Balancing
- Network Changes
- Recovery Services
- Storage
- VM
- Web
This flexibility and customization, enabling organizations to pick and modify components as needed without being confined to a uniform solution.
For more details please visit: Policy Initiatives | Azure Monitor Baseline Alerts
Monitoring for Arc-enabled Servers
We have introduced Hybrid support with new policies for monitoring Arc-enabled servers, expanding the capabilities and reach of Azure Monitor. These Azure policies ensure that Arc-enabled servers are continuously monitored, providing insights and alerts that help maintain the health and performance of hybrid and multi-cloud environments.
Enhanced conditions for auditing and correcting configuration drift
We are implementing extra checks to enhance detailed auditing of the AMBA-controlled configuration. This will help detect if modifications have occurred and will provide greater assurance to centralized teams that workloads adhere to the baseline configuration.
To better detect and remediate configuration drift, the Existence Condition in the Azure policies has been updated. The following parameters have been added:
Static Alerts:
- EvaluationFrequency
- WindowSize
- Threshold*
- Severity
- Operator
- autoMitigate
* We understand that the threshold shouldn't always be rigidly set, permitting individual workloads to vary from central baseline guidelines without being marked as non-compliant. Refer to the overrides in the next section for more details.
Dynamic Alerts:
- alertSensitivity
- numberOfEvaluationPeriods
- minFailingPeriodsToAlert
These parameters help us more effectively detect changes in alert rules while also making it easier to deploy configuration updates for timely detection and response.
Threshold Override
In the case that individual workloads require a different threshold profile for their workload metrics and log alerts we are introducing the Threshold Override feature. This feature lets both new and existing customers adjust these thresholds for specific resources. We've introduced a tag with a specific name and value that is used to override the default alert threshold.
Learn more: Alert Threshold Override | Azure Monitor Baseline Alerts
Bring Your Own Action Group and Alert Processing Rules
To assist existing Azure customers, you can now use your own Action Groups and Alert Processing Rules. This capability provides greater adaptability and facilitates seamless integration with current monitoring and notification setups.
Learn more: Bring Your Own Notifications | Azure Monitor Baseline Alerts
Enhanced Action Group Capabilities
Action Groups have been enhanced to offer more choices for notifications and actions. The new options include:
- Email Azure Resource Manager Role
- Azure Function
- Event Hubs
- Logic App
- Webhook
These enhancements provide more ways to integrate alert responses with existing workflows and automation processes, ensuring timely and effective action.
New Alert Rules
To further expand monitoring capabilities, new alert rules have been added for the following services:
- Front Door
- Front Door Classic
- Traffic Manager
- App Service
- Azure Key Vault Managed HSM
- Daily Cap threshold alert on a Log Analytics workspace
We are currently developing the Azure policies for following alert rules, which will be added in the near future.
- Built-in Alerts for Azure Site Recovery
- Azure Monitor Ingestion limit alert
- Application Insight Throttling alert
- ActivityLog Alert for deleting Application Insight
These new alert rules enable more comprehensive monitoring of critical Azure services, ensuring that issues are detected and addressed promptly.
Other changes
- Suppression Alert Processing Rule: A new suppression Alert Processing Rule has been added, deployed as part of the notification assets policy. This rule permits the silencing of alerts under certain circumstances, such as during maintenance windows.
- Decoupled the action group deployment from the Service Health Initiative: The primary Action Group and Alert Processing Rule have now been implemented via a specific initiative called “Notification Assets.” Meanwhile, a secondary action group focused on Service Health continues to be integrated within the Service Health initiative.
- Custom tags and values to disable monitoring: The updated feature lets you specify both a tag name and a list of values. For example, if you have an "Environment" tag with values like "Production," "Development," or "Sandbox," you can deploy alerts only for "Production" resources by disabling monitoring for those tagged as "Development" and "Sandbox."
Next steps
To benefit from these latest features see the following guidance to update your environment.
- Update to a new release: https://aka.ms/amba/alz/update
For further information see the following links:
- Latest on AMBA for ALZ: https://aka.ms/amba/alz/whatsnew
- Learn more: https://aka.ms/alz/amba
- Get started: https://aka.ms/amba/alz/deploy
Thank you to everyone that has provided feedback that has influenced the features that were released in this announcement. If you have any further feedback please the following link.
- Feedback: https://aka.ms/amba/issues
Published on:
Learn moreRelated posts
Azure Developer CLI (azd) – November 2024
This post announces the November release of the Azure Developer CLI (`azd`). The post Azure Developer CLI (azd) – November 2024 appeared...
Microsoft Purview | Information Protection: Auto-labeling for Microsoft Azure Storage and Azure SQL
Microsoft Purview | Information Protection will soon offer Auto-labeling for Microsoft Azure Storage and Azure SQL, providing automatic l...
5 Proven Benefits of Moving Legacy Platforms to Azure Databricks
With evolving data demands, many organizations are finding that legacy platforms like Teradata, Hadoop, and Exadata no longer meet their needs...
November Patches for Azure DevOps Server
Today we are releasing patches that impact our self-hosted product, Azure DevOps Server. We strongly encourage and recommend that all customer...
Elevate Your Skills with Azure Cosmos DB: Must-Attend Sessions at Ignite 2024
Calling all Azure Cosmos DB enthusiasts: Join us at Microsoft Ignite 2024 to learn all about how we’re empowering the next wave of AI innovati...
Query rewriting for RAG in Azure AI Search
Getting Started with Bicep: Simplifying Infrastructure as Code on Azure
Bicep is an Infrastructure as Code (IaC) language that allows you to declaratively define Azure resources, enabling automated and repeatable d...
How Azure AI Search powers RAG in ChatGPT and global scale apps
Millions of people use Azure AI Search every day without knowing it. You can enable your apps with the same search that enables retrieval-augm...