Enhancements to Azure Monitor Baseline Alerts for Azure Landing Zones

introduction

Welcome to our latest blog post, where we dive deep into several exciting new major updates, highlight our new Portal Accelerator, and explain how to get started using it in just a few simple steps.

Azure Monitor Criteria Alerts Provides a robust solution with recommended alert rules for Azure services. These best practice rules can be deployed via ARM and Bicep templates or as Azure Policy definitions. There is also a growing list of patterns within AMBA that provide guidance and deployment methods for monitoring a variety of scenarios, such as the Azure Landing Zones pattern.

As cloud technologies evolve, so do the tools and frameworks that support effective management and monitoring of these environments. We recently introduced some exciting updates to Azure Monitor Baseline Alerts (AMBA) for Azure Landing Zones (ALZ). These updates are designed to provide a more modular, flexible, and comprehensive monitoring experience.

Updated ALZ Portal Accelerator

Along with the new AMBA features, the ALZ Portal Accelerator has also been updated. It integrates the latest AMBA features to provide a seamless and cohesive monitoring setup experience. The updated Accelerator ensures that users have access to the latest tools and features, improving the overall efficiency and effectiveness of their monitoring strategy.

• that ALZ Portal Accelerator Designed for initial setup of Azure Landing Zones in a new environment. email, eight role and Webhook You can choose to be part of the initial distribution
• AMBA ALZ pattern is now also supported. Logic App, function or Event Hub furthermore ‘Bring your own action group’ However, this requires deploying these resources before deployment.
  • If you plan to deploy AMBA with these settings, first disable AMBA within the ALZ Portal Accelerator. Then, configure the required resources for your Logic App, Function, or Event Hub, and then complete the deployment using the AMBA Portal Accelerator (see the following sections for more information).

Introducing the AMBA Portal Accelerator (Preview)

We are excited to announce the Azure Monitor Baseline Alerts Accelerator, now available in preview! The new deployment method is accessible directly through the Azure Portal UI and provides a user-friendly interface that guides you through the setup process. This means you can deploy alerts faster and with more confidence. It simplifies the baseline alert setup process, allowing customers to increase the maturity of observability within their Azure environment with minimal effort or expertise. This allows you to be notified immediately of critical metrics and log anomalies that could indicate potential issues with your Azure workloads.

How to get started

To use the AMBA Portal Accelerator, click the Deploy to Azure button below. For detailed instructions, see Detailed Deployment Instructions. Deploy via Azure Portal (Preview) | Azure Monitor Baseline Alerts

Screenshot of the Azure Landing Zone Portal Accelerator

A modular approach to AMBA ALZ policy initiatives

To provide greater flexibility for future growth, we are transitioning from a single Landing Zone policy initiative and instead adopting a modular approach by breaking the Landing Zone initiative into the following individual components (initiatives):

• Key Management
• Load Balancing
• Change network
• Recovery Service
• save
• VM
• knitting

This flexibility and customizability allows organizations to select and modify components as needed, rather than being limited to a one-size-fits-all solution.

For more information, please visit: Policy Initiatives | Azure Monitor Baseline Alerts

Arc Support Server Monitoring

We’ve expanded the capabilities and scope of Azure Monitor by introducing Hybrid Support with new policies to monitor Arc-enabled servers. These Azure policies ensure that Arc-enabled servers are continuously monitored, providing insights and alerts to help you maintain the health and performance of your hybrid and multi-cloud environments.

Improved conditions for auditing and correcting configuration drift

We are implementing additional checks to enhance the granular auditability of AMBA control configurations. This will help detect if modifications have occurred and provide centralized teams with greater confidence that workloads are compliant with baseline configurations.

The Existence Condition in Azure Policy has been updated to better detect and correct configuration drift. The following parameters have been added:

Static notification:

• Evaluation Frequency
• Window size
• maximum*
• Severity
• operator
• Automatic relief

* Please understand that thresholds should always be set so strictly that individual workloads are not marked as noncompliant even if they deviate from the central baseline guidelines. See Overrides in the next section for more information.

Dynamic Notifications:

• Warning sensitivity
• Number of evaluation periods
• Minimum failure period warning

These parameters help us detect changes to alert rules more effectively, making it easier to deploy configuration updates to detect and respond in a timely manner.

Threshold Override

Introducing threshold override capability when individual workloads require different threshold profiles for workload metrics and log alerts. This capability allows both new and existing customers to adjust these thresholds for specific resources. We have introduced tags with specific names and values ​​that are used to override the default alert thresholds.

Learn more: Override alert thresholds | Azure Monitor baseline alerts

Import your own workgroup and notification processing rules

To support existing Azure customers, you can now use your own action groups and alert processing rules. This provides greater adaptability and facilitates seamless integration with your current monitoring and alerting setup.

Learn more: Bring Your Own Notifications | Azure Monitor Baseline Alerts

Enhanced Action Group Capabilities

Workgroups have been improved to give you more choices for notifications and tasks. New options include:

• Email for Azure Resource Manager Roles
• Azure Functions
• Event Hub
• Logic App
• Webhook

These improvements provide more ways to integrate alert responses into existing workflows and automation processes, ensuring timely and effective action.

New warning rules

To further expand monitoring capabilities, new notification rules have been added for the following services:

• Main gate
• Front Door Classic
• Traffic Manager
• App Service
• Azure Key Vault Managed HSM
• Daily upper threshold notifications in Log Analytics workspaces

We are currently developing Azure policies to follow alert rules and these will be added in the near future.

• Built-in notifications for Azure Site Recovery
• Azure Monitor Collection Limit Warning
• Application Insight Throttling alerts
• ActivityLog notification for Application Insight deletion

These new alert rules allow you to monitor critical Azure services more comprehensively so issues can be detected and resolved immediately.

Other changes

• Suppression notification processing rules: A new suppression notification handling rule has been added, deployed as part of the Notification Asset Policy. This rule allows for notifications to be silenced in certain situations, such as during maintenance periods.
• Separate workgroup deployments in the Service Health Initiative: The primary action group and notification handling rules are now implemented through a specific initiative called “Notification Assets”, while the secondary action group focused on service health continues to be integrated into the service health initiative.
• Custom tags and values ​​to disable monitoring: The updated functionality allows you to specify both a tag name and a list of values. For example, if you have an “Environment” tag with values ​​like “Production”, “Development”, or “Sandbox”, you can disable monitoring for resources tagged with “Development” and “Sandbox”, and only distribute notifications for “Production” resources.

Next Steps

To take advantage of these latest features, please update your environment by following these instructions:

🚀 – Update to new releases: https://aka.ms/amba/alz/update

For more information, please see the following links:

👉 – Latest news from AMBA for ALZ: https://aka.ms/amba/alz/whatsnew

💭 – Learn more: https://aka.ms/alz/amba

🛫 – Getting started: https://aka.ms/amba/alz/deploy

Thank you to everyone who provided feedback that influenced the features released in this announcement. If you have any additional feedback, please let us know at the following link:

💬 – Feedback: https://aka.ms/amba/issues