I recently had a customer requirement for creating Azure Service Health Alerts. The way access was provided in Azure, meant that only specific users had access to their respective Resource Groups. We also did not want these users to receive alerts for all Resources in the Subscription [Default scope for Service Health Alerts].
Process Description:
This led to the creation of a PowerShell Script that will cycle through each Resource Group and create Service Health Alerts for all Contributors or Owners.
Script Explanation
*Please only run this script in PowerShell 7 and above as I am using the -Parallel switch
- Breaking the script into a few different sections, we will start by connecting to Azure and getting a list of all subscriptions
- Then we will kick off a few Parallel processes to speed things up. These jobs will change context for each subscription and then find all resource groups
- Now we will find all Contributors on the resource group. If there are none we will look for Owners. We are only looking for objects that have a SignInName as we will need that for our email address assignment.
- By using the ARM Template for Health Alerts we can create a deployment with some parameters which I am randomizing the numbers for.
- If we take a closer look at the ARM Template one of the original problems were that this could only be assigned to the subscription().id scope
But by added two new parameters and modifying the scope I could get it to apply on ResourceGroup Level
Running the Script
- Simply grab the PowerShell from my GitHub Repo and save it into a PS1 file.
- Launch a PowerShell 7 or newer session, change directory to your ps1 file and run.
- The PowerShell session will launch an Azure Window to Authenticate you
You might see some warnings as I am not hiding any errors.
On Success you should see the ARM Template deployed.
We can confirm the deployment ran by looking in the deployments section of the resource group
Also if we go into Service Heath and click on Health Alerts we will see all our newly created alerts.
Find a copy of my code
The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts or Power BI Dashboards are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts or Power BI Dashboards be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
Updated Aug 26, 2022
Version 1.0wernerrall
Joined January 31, 2020
Core Infrastructure and Security Blog
Follow this blog board to get notified when there's new activity