0
0
Azurecloud~7 mins

Alerts and action groups in Azure - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Sometimes things go wrong with your cloud resources. Alerts help you know when a problem happens. Action groups tell Azure what to do when an alert fires, like sending an email or calling a phone number.
When you want to get notified if a virtual machine stops working.
When you need to send a text message if your website is down.
When you want to automatically run a script after a storage account hits a limit.
When you want to alert your team by email if CPU usage is too high.
When you want to group multiple notification methods together for easy reuse.
Config File - alert-rule.json
alert-rule.json
{
  "location": "global",
  "properties": {
    "description": "Alert when CPU usage is over 80%",
    "severity": 2,
    "enabled": true,
    "scopes": [
      "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Compute/virtualMachines/example-vm"
    ],
    "evaluationFrequency": "PT1M",
    "windowSize": "PT5M",
    "criteria": {
      "allOf": [
        {
          "metricName": "Percentage CPU",
          "metricNamespace": "Microsoft.Compute/virtualMachines",
          "operator": "GreaterThan",
          "threshold": 80,
          "timeAggregation": "Average",
          "criterionType": "StaticThresholdCriterion"
        }
      ]
    },
    "autoMitigate": true,
    "actions": [
      {
        "actionGroupId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/microsoft.insights/actionGroups/example-actiongroup"
      }
    ]
  }
}

This JSON defines an alert rule in Azure Monitor.

  • location: Set to global because alerts are not region-specific.
  • description: Explains what the alert does.
  • severity: Level 2 means medium importance.
  • scopes: The resource to watch, here a virtual machine.
  • evaluationFrequency and windowSize: How often and over what time the metric is checked.
  • criteria: The condition to trigger the alert, here CPU over 80% average.
  • autoMitigate: Automatically resolve alert if condition clears.
  • actions: The action group to notify when alert fires.
Commands
Create an action group named example-actiongroup that sends an email to admin@example.com when triggered.
Terminal
az monitor action-group create --resource-group example-rg --name example-actiongroup --short-name exag --email-receivers name=Admin email=admin@example.com
Expected OutputExpected
{ "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/microsoft.insights/actionGroups/example-actiongroup", "location": "global", "name": "example-actiongroup", "resourceGroup": "example-rg", "shortName": "exag", "type": "microsoft.insights/actionGroups" }
--resource-group - Specifies the resource group where the action group is created
--name - Names the action group
--email-receivers - Defines who receives email notifications
Create an alert named high-cpu-alert that watches the example VM's CPU and triggers if average CPU is over 80% in 5 minutes, checking every minute, sending notifications via the action group.
Terminal
az monitor metrics alert create --name high-cpu-alert --resource-group example-rg --scopes /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Compute/virtualMachines/example-vm --condition "avg Percentage CPU > 80" --description "Alert when CPU usage is over 80%" --action /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/microsoft.insights/actionGroups/example-actiongroup --window-size 5m --evaluation-frequency 1m --severity 2
Expected OutputExpected
Created metric alert 'high-cpu-alert' in resource group 'example-rg'
--scopes - Specifies the resource to monitor
--condition - Defines the metric condition to trigger the alert
--action - Links the alert to an action group for notifications
Check the details of the alert to confirm it was created correctly.
Terminal
az monitor metrics alert show --name high-cpu-alert --resource-group example-rg
Expected OutputExpected
{ "name": "high-cpu-alert", "resourceGroup": "example-rg", "description": "Alert when CPU usage is over 80%", "severity": 2, "enabled": true, "scopes": [ "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Compute/virtualMachines/example-vm" ], "criteria": { "allOf": [ { "metricName": "Percentage CPU", "operator": "GreaterThan", "threshold": 80 } ] }, "actions": [ { "actionGroupId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/microsoft.insights/actionGroups/example-actiongroup" } ] }
--name - Specifies the alert name to show
--resource-group - Specifies the resource group of the alert
Key Concept

If you remember nothing else from this pattern, remember: alerts watch your resources and action groups tell Azure how to notify or respond when something needs attention.

Common Mistakes
Not linking an alert to an action group
The alert triggers but no notification or action happens, so you don't know about the problem.
Always specify an action group when creating an alert to ensure notifications are sent.
Using incorrect resource IDs in scopes or action group IDs
Azure cannot find the resource or action group, so the alert or notification fails silently.
Copy the full resource ID exactly from Azure portal or CLI to avoid typos.
Setting evaluation frequency or window size too large or too small
Too large delays alerting; too small causes noisy alerts.
Choose evaluation frequency and window size that balance timely alerts and noise, like 1 minute frequency and 5 minutes window.
Summary
Create an action group to define who and how to notify when an alert fires.
Create a metric alert that watches a resource's metric and triggers based on a condition.
Verify the alert details to ensure it is set up correctly and linked to the action group.