Azure Monitor Alerts
Azure Monitor Alerts provide proactive notifications when important conditions are detected in your monitoring data. They help you identify and resolve issues before users are impacted, improving availability and reliability.
Benefits of the Azure Monitor Alerts Experience
Azure Monitor Alerts offer several key advantages:
-
Improved notification system
All modern alerts use Action Groups, which are reusable collections of notifications and automated actions. -
Unified alert authoring experience
Create alerts for metrics, logs, and activity logs from a single interface across Azure Monitor, Log Analytics, and Application Insights. -
Centralized alert visibility
Log Analytics alerts are now visible directly in the Azure portal, instead of a separate experience. -
Clear separation of alerts and rules
-
Alert Rules define what triggers an alert
-
Fired Alerts represent instances when a rule is triggered
This separation simplifies both configuration and operations.
-
-
Improved workflow
The guided alert creation process makes it easier to discover and configure meaningful alerts.
Managing Alerts
Azure Monitor allows alerting on a wide range of monitoring data sources, including:
-
Metric values
-
Log search query results
-
Azure Activity Log events
-
Azure platform health signals
-
Website availability tests
Alert States
Alerts include a state to track progress during issue resolution. When alert criteria are met, a new alert is created with a New status.
Supported Alert States
| State | Description |
|---|---|
| New | The issue has been detected and not yet reviewed |
| Acknowledged | An administrator has reviewed the alert and is working on it |
| Closed | The issue has been resolved |
✔️ Important distinction
-
Alert State is set manually by a user
-
Monitor Condition is set automatically by Azure
When an alert fires, the monitor condition is Fired. When the underlying issue clears, it becomes Resolved. The alert state remains unchanged until a user updates it.
Alert Rules
Alerts are built using alert rules, which define when and how alerts are triggered. Alert rules can be enabled or disabled—alerts only fire when enabled.
Key Components of an Alert Rule
-
Target Resource
The Azure resource being monitored (e.g., VM, Storage Account, Log Analytics workspace, Application Insights). Some rules support multiple targets. -
Signal
The type of data evaluated, such as:-
Metrics
-
Activity Logs
-
Application Insights data
-
Log queries
-
-
Criteria
Logic applied to the signal, for example:-
CPU usage > 70%
-
Server response time > 4 ms
-
Log query result count > 100
-
-
Alert Name & Description
User-defined identifiers for clarity and management. -
Severity
Ranges from 0 (Critical) to 4 (Verbose). -
Action
The response triggered when the alert fires, defined using Action Groups.
Action Groups
An Action Group is a reusable collection of notifications and automated actions. Multiple alerts can share the same action group.
When users are added to an action group for email or SMS notifications, they receive a confirmation request.
Supported Action Types
-
Automation Runbooks
Execute predefined workflows for operational tasks. -
Azure Functions
Run serverless, event-driven code. -
Email Azure Resource Manager Role
Notify members of a specific Azure role (Azure AD users only). -
Email / SMS / Push / Voice Notifications
-
ITSM Integration
Create or update incidents in supported IT Service Management tools. -
Logic Apps
Automate workflows across Azure and external services. -
Webhooks
Send alerts to external systems via HTTP endpoints.
✔️ Always consult Azure documentation for current limits on the number of actions per action group.
