Removal of Azure Policy aliases for Microsoft.Insights/alertRules

As Azure continues to evolve, certain resource types and features are periodically deprecated to make way for more efficient and advanced solutions. This was the case for Azure Monitor classic alerts (resource type microsoft.Insights/alertRules). View the announcement and retirement documentation for more details about this deprecation and migration paths. This blog post will explore the implications of this deprecation and what it means for your Azure Policy environment.

What is Changing?

The Microsoft.Insights/alertRules resource type was deprecated, and as a result, the associated aliases will be removed. The full list of affected aliases is attached as a PDF in this blog post. The removal of these aliases has a few key impacts:

1. Policy Evaluation: Any policy rule with conditions referencing these aliases will be considered non-applicable, so these policies will no longer be evaluated. Most often, this should have little to no impact on your Azure environment because these aliases are typically used in policies targeting only Microsoft.Insights/alertRules resource types, which have already been removed during deprecation. However, there is a small risk when these aliases are used in policies that also target other resource types, because the policy will not be evaluated against those types.
2. Policy Definition Changes: Any attempt to modify a policy definition that references these removed aliases will be blocked. Since the aliases will no longer be valid, you will need to update your policy definitions to remove or replace references to these aliases.
3. Built-in Policies: There is one built-in policy definition which uses Microsoft.Insights/alertRules aliases. This built-in policy and all its versions will also be deprecated. This means that you will need to review and update any assignments of this built-in policy in your environment to ensure they do not rely on the removed aliases.
   1. Name: Metric alert rules should be configured on Batch accounts
   2. ID: /providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7) 

Steps to Mitigate the Impact

To minimize disruption and maintain compliance, consider the following steps:

1. Identify Affected Policies: Use Azure Policy tools to identify any custom or built-in policies that reference the Microsoft.Insights/alertRules aliases. This will help you understand the scope of the impact and prioritize updates.
2. Update Policy Definitions: Modify your policy definitions to remove or replace references to the deprecated aliases. Ensure that your updated policies continue to enforce the desired governance rules without relying on the deprecated resource type
3. Test and Validate: After updating your policies, thoroughly test them to ensure they function as expected. Validate that your policies still enforce compliance and that no unintended consequences arise from the changes.
4. Monitor for Updates: Stay informed about further updates and deprecations in Azure Policy. Regularly review the Azure Policy documentation and announcements to keep your environment up to date