Azure Management Pack supports Log Search and Activity Log Alerts

Published May 09 2019 02:44 AM 5,603 Views

Introduction to Azure Management Pack

If you are a SCOM lover and wants to monitor both your on-prem resources and Azure resources through SCOM, then this blog post can help you. System Center has a management pack called Azure Management Pack (Download link here) which is designed for our SCOM customers to enable monitoring of hybrid scenarios.

Azure Management pack not only helps you to monitor health state but also shows alerts and alert description of monitored Azure resources in SCOM. Besides this you can also see performance metrics and configure alerts in SCOM on this metrics for various service types in Azure.


Supported Types for monitoring:

Azure Management pack supports many service types as virtual machines, data factory, application insights, storage accounts etc. I would recommend you go through Azure Management pack guide to see the complete list.


New feature in Azure Management Pack v1.7.0.0

In this blog post we will discuss about the new capability which enables “SQR and Active Log alert” in Azure management pack. Azure provides a unified alert experience and you can configure alerts on both metrics and logs. (Read here for more details) . Azure Management pack now supports this unified alert experience and all types of alerts configured on data resources can be seen in SCOM through Azure MP.





Steps to see SQR and Activity Log alerts in SCOM

 Now that we know Azure MP can show Azure alerts in SCOM console, let’s see how easy it is to configure Azure MP and see alerts in SCOM console. Hope you are still with me :)


1. Configure SQR in Azure portal

Example: For this blog I have configured an availability test and I am pinging my website from 16 different location every 5 minutes. As you can see in the image blow, query returns 16 results for our availability test every 5 minutes.

Since I want to check availability of my website after every 5 minutes, I have chosen to configure query rule which will execute at regular interval. Alert Logic is defined for a threshold value less than 16. Any time query returns less than 16 results, I know that my website is unreachable from one of the 16 location and a new alert is generated in portal for this. We will receive an alert post 10:25 as we received only 15 responses.

Graph showing the result of availability testGraph showing the result of availability test


2.  Configure Activity Log Alert in Azure Portal

Example: For this blog post we will configure an activity log alert on a virtual machine. Any time our admin tries to run a command on a virtual machine and receives an error, we will get an alert in portal and SCOM. We will name this alert as "Run Command on DemoVM1" and choose signal type activity log.


Activity log alertActivity log alert

3.  Configure Azure Management pack and see these alerts in SCOM

{Steps to follow at the Server where you have imported Azure MP}

I will recommend going through Azure MP guide for the detailed steps to configure Azure MP. We will quickly go through the steps required here.

  • Import Azure Management pack from the DLC link above.
  • Connect to Azure subscription via Administration tab in SCOM console.
  • Under Authoring in SCOM console, select Add Monitoring Wizard.
  • As mentioned in wizard select your subscription, then create a new MP to store monitored service types.
  • Under Service Types, we will select scheduledqueryrules and activitylogalerts for monitoring.
  • Complete the wizard.
  • Open Monitoring tab in SCOM console. In the left pane you will see Microsoft Azure.
  • Under Microsoft Azure, open Service State and wait for the alerts to be loaded from Azure. This may take some time depending on how many alerts are present under your subscription.
  • Under Service state you can see health state of your configured alerts. Green shows that alert is enabled but nor fired, while red shows that the alert is fired in portal.
  • If you open the Alert, you can find Alert description. Alert description contains useful information as subscription, resource group, service type, threshold values, alert name etc. so you get an idea on what object the alert is fired and why is it fired.


  • Service Types discovered for your subscriptionService Types discovered for your subscription


  • Alert health state in SCOM consoleAlert health state in SCOM console


  • Alert description for SQR based alertAlert description for SQR based alert

"Schedule Query rules and Activity Log alerts are implemented as monitor in SCOM console to avoid Alert Storm. SCOM will increase the alert count for these alerts but will not generate a new alert every time like Azure portal."


Support of HTML5 Dashboards for Azure Management pack:

You can choose to create custom widget in web console and see all the alerts, performance data in the web console. Leave in comments if you want us to write a blog on that.



Hope this blog post will give you an idea on how easy it is to see alerts in SCOM console. As any other alert, you can integrate your ticketing and incident management system for alerts raised by Azure management pack and get notified from SCOM for any alerts raised in Azure portal.



We eagerly wait to hear from you so we can improve our product. You can reach out to us through SCOM User voice and through comments on our blog posts.


Note: We also release CTP version of Azure Management pack (~3 months) to collect feedback from our customers and request them to try the new version. Hope you would be able to try our next CTP release.


Thanks for reading this post and hopefully this will help you.


Neha Garg

Product Manager, System Center





Version history
Last update:
‎May 09 2019 02:46 AM
Updated by: