Forum Discussion

mehtaparth09's avatar
mehtaparth09
Copper Contributor
Jan 18, 2021

How to get alert on mail when any new Azure service gets created by someone?

Hi,

 

I want to setup a mail at particular time in a day and it should collect all the Azure services which got created by someone in past 24 hours.

 

How can we achieve this?

  • ibnmbodji's avatar
    ibnmbodji
    Steel Contributor

     

     

    Hi this is what i've tested and it's working 

     

    Create an alerte rule 

    Scope : Select your subscription  

    Condition : Search for signal logic :  Create Deployment (Microsoft.Resources/deployments)

    The condition preview should be :   Whenever the Activity Log has an event with Category='Administrative', Signal name='Create Deployment (deployments)'

     

    Create an action group 

    Notification type : Select : Email/SMS message /Push/Voice and give your email 

     

    Create a resource : you should receive an email  like this 

     

    Activity log alert

    TEST

    Time

    January 19, 2021 19:20 UTC

    Category

    Administrative

    Operation name

    Microsoft.Resources/deployments/write

    Correlation ID

    d7f8e759-844b-4ee0-9d9f-c3910c0f3bdd

    Level

    Informational

    Resource ID

    /subscriptions/yoursubscribtionID/resourceGroups/YourResourceGroup/providers/Microsoft.Resources/deployments/Microsoft.StorageAccount-20210119201932

    Caller

    your email 

    Properties

    {"eventCategory":"Administrative","entity":"/subscriptions/Your subscription id /resourceGroups/YourResourceGroup/providers/Microsoft.Resources/deployments/Microsoft.StorageAccount-20210119201932","message":"Microsoft.Resources/deployments/write","hierarchy":"Your subscription id "}

     

     

    You need to acknowledge or close the alert to avoid getting notified again

     

     

  • I would set up two notifications. One like the "Create Deployment" image and a notification when a new resource group is created. Should then actually cover everything (per subscription). I hope this helps you? Kind regards, Tom Wechsler

    mehtaparth09 

    • ersameed's avatar
      ersameed
      Copper Contributor

      TomWechsler 

      I try this, It is too noisy. I am looking for a summarised alert from log analytics. 

       

      AzureActivity
      | where CategoryValue == "Administrative"
      | where OperationNameValue contains "MICROSOFT.RESOURCES/DEPLOYMENTS/WRITE" and ActivityStatusValue contains "Success"
      | project TimeGenerated, ResourceGroup, Caller, Properties

       

      But unable to take out the vault from "Resource" vault from "Properties".

       

      Regards,

      Sameed Shaikh

Resources