BrunoGabrielli

39 Topics

Azure Monitor: How To Create Overrides for Log Search Alerts
Hello blog readers 😊 How many times have you found yourself in a situation where you created Azure Monitor alerts but the threshold you specified was not applicable to all the targeted resources? The side effects of this were: You were getting unnecessary alerts You were getting sort of false positives To fix the problem you had to create different alerts for different resources with different thresholds I faced this problem long time ago, and I blogged about a possible solution in the post called Azure Monitor: Use Dynamic Thresholds in Log Alerts. Despite that approach being effective, it did not completely resolve the problem. Unfortunately, it was not possible to query Azure resource graph back in April 2023, but nowadays it is 😊😊😊. Thanks to the ability to Create alerts with Azure Resource Graph and Log Analytics, it is now possible to query for the presence of resource tags that can be used to set a new threshold applied to the tagged resources specifically. Each and every resource can have tags and values so they will use specific thresholds. Isn’t this an override? NOTE: Some tables (like the InsightsMetrics table) include a Tag column that does not contain any resource tag. This column is used to store various additional information about the collected data, such as the mountId tag that contains the logical volume letter. Now that theory should be clear, let’s have a look at the practice taking a disk space alert. Normally you have an alert with a query similar to the one in the picture below: That is going to create an alert for disks with space below 10% Using my previous solution, you could have made the thresholds different based on the disk size but, as mentioned, this does not give you the ability to set a resource specific threshold. Hence, considering the theory explained above you need to add the Azure Resource Graph (ARG) to your query and join the above query with the ARG part before the threshold comparison. Talking about the ARG part, you need to decide the tag name you would like to use. I would recommend something easy and mnemonic like DiskSpaceThreshold. In this case, the ARG part of the query would be similar to: let overridenResource = (arg("").resources | where type =~ "Microsoft.Compute/virtualMachines" | project _ResourceId = tolower(id), tags | where tags contains "DiskSpaceOverride"); That part should be added at the top of your query: let overridenResource = (arg("").resources | where type =~ "Microsoft.Compute/virtualMachines" | project _ResourceId = tolower(id), tags | where tags contains "DiskSpaceOverride"); InsightsMetrics | where _ResourceId has "Microsoft.Compute/virtualMachines" | where Origin == "vm.azm.ms" | where Namespace == "LogicalDisk" and Name == "FreeSpacePercentage" | extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | where AggregatedValue < 10 | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue Now, you need to join the query results with the ARG part before the threshold comparison. This will change the query into the one below: let overridenResource = (arg("").resources | where type =~ "Microsoft.Compute/virtualMachines" | project _ResourceId = tolower(id), tags | where tags contains "DiskSpaceOverride"); InsightsMetrics | where _ResourceId has "Microsoft.Compute/virtualMachines" | where Origin == "vm.azm.ms" | where Namespace == "LogicalDisk" and Name == "FreeSpacePercentage" | extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 At this point, you need to read the tag value, if it exists, and use it as the new specific threshold. If the tag does not exist, you need to default the generic threshold. The following lines, added to the query will do the trick: | extend appliedThresholdString = iif(tags contains "DiskSpaceOverride", tostring(tags.["DiskSpaceOverride"]), "10") | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold Last but not least, project the query results. I am gonna suggest you add the appliedThreshold field to the project so you can see the real threshold applied to the resources: let overridenResource = (arg("").resources | where type =~ "Microsoft.Compute/virtualMachines" | project _ResourceId = tolower(id), tags | where tags contains "DiskSpaceOverride"); InsightsMetrics | where _ResourceId has "Microsoft.Compute/virtualMachines" | where Origin == "vm.azm.ms" | where Namespace == "LogicalDisk" and Name == "FreeSpacePercentage" | extend Disk=tostring(todynamic(Tags)["vm.azm.ms/mountId"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=leftouter overridenResource on _ResourceId | project-away _ResourceId1 | extend appliedThresholdString = iif(tags contains "DiskSpaceOverride", tostring(tags.["DiskSpaceOverride"]), "10") | extend appliedThreshold = toint(appliedThresholdString) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold How do you put that into action? Just tag the resources you need to override, run the query manually to check the results and then update your alerts using the same approach. For instance, I tagged my vm-Win-Demos-01 with the suggested tag name (DiskSpaceOverride) and a tag value of 90. This will apply the threshold of 90% of free disk space for this machine only Running the query, we just assembled, I will get these results: With clear evidence that the threshold applied to vm-Win-Demos-01 was 90 instead of 10 This method is much more flexible and gives granular control over the resources compared to the one I previously blogged on. Let me know if you like it 😊 … That’s all folks, thanks for reading through😊 Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without a warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
BrunoGabrielli
May 13, 2025 Place Core Infrastructure and Security Blog
610Views
2likes
2Comments
Azure Monitor: Gain Observability On Your DHCP Server
Need for observability on your DHCP servers? Azure Monitor can help you out. Just import the data and visualize it with workbooks or be proactive with alerts.
BrunoGabrielli
May 01, 2025 Place Core Infrastructure and Security Blog
5.4KViews
6likes
1Comment
Azure Monitor: Create Dedicated Clusters Using Any Commitment Tier
Looking for an easy way to create an Azure Monitor Logs Dedicated Cluster using any pricing tier? Here we go with a simple PowerShell script that can help you out.
BrunoGabrielli
Mar 28, 2025 Place Core Infrastructure and Security Blog
4.4KViews
7likes
0Comments
Azure Monitor: How To Get Alerts for Disconnected Arc Agents
Do you know that your hybrid machines are not connected to Azure and hence are not sending monitoring data? How come? Don’t you have an alert for it?
BrunoGabrielli
Mar 26, 2025 Place Core Infrastructure and Security Blog
7.7KViews
8likes
7Comments
Azure Monitor: Gain Observability Over Guest Users
Have you sent invitations to guest users and don't know about the status? Not sure if guest users are still active or can be removed? Do you want to check if guest users have App roles and group membership assigned? In this post, I provide one possible solution to answer the aforementioned questions.
BrunoGabrielli
Sep 23, 2024 Place Core Infrastructure and Security Blog
16KViews
6likes
15Comments
Azure Monitor: How To Stop Log-search Alerts for Specific Resources
How many times, while dealing with alerting configured at scale, you had the need of stopping the alerts for few resources or even for only one? Read through to see how this can be achieved for Log-based alerts.
BrunoGabrielli
Sep 06, 2024 Place Core Infrastructure and Security Blog
5.6KViews
4likes
2Comments
Azure Monitor: How To Use Managed Identity with Log Ingestion API
Do you want to use managed identities instead of App Registrations when uploading data through Log Ingestion API and don't know how to do it? Read through to get an initial understanding about how, why and when to use them.
BrunoGabrielli
Jul 25, 2024 Place Core Infrastructure and Security Blog
9KViews
2likes
7Comments
Azure Kubernetes Services - Start & Stop Your AKS Cluster on Schedule using Azure Automation
Hi everybody, here I am again to show you a possible way to start and stop your AKS cluster on schedule. Are you interested in spending diligently your money? Are you curious to find a way to align with Cost Optimization recommendation about shutting down unused virtual machine during non business hours or in dev/test environment on AKS? If your answer is 'Yes', then please read through.
BrunoGabrielli
Jul 11, 2024 Place Core Infrastructure and Security Blog
17KViews
3likes
1Comment
Azure Monitor - Alert Notification via Teams
Hi there, Bruno Gabrielli here again to talk about how to get alert notification using a Teams channel. Lots of customers are using Teams channel as notification mechanism in their alert management process. They find it very helpful because Teams can be used over mobile devices and browsers without relying on your company laptop.
BrunoGabrielli
Apr 22, 2024 Place Core Infrastructure and Security Blog
90KViews
11likes
25Comments
Azure Monitor: Manage Data Access for Your Log Analytics Workspace
Struggling with giving very specific access to Log Analytics data, whether they be Security or Monitoring data? Managing your access list through IAM on the workspace”, is not enough? Read ahead to discover how to better assign specific permission to specific data or, even more, to data coming from specific resource(s).
BrunoGabrielli
Nov 09, 2023 Place Core Infrastructure and Security Blog
7.3KViews
1like
2Comments

"}},"componentScriptGroups({\"componentId\":\"custom.widget.MicrosoftFooter\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageListTabs\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageListTabs-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1745505307000"}],"cachedText({\"lastModified\":\"1745505307000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1745505307000"}]},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Deleted","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"MMM dd yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US","es-ES"]},"repliesSortOrder":{"__typename":"InheritableStringSettingWithPossibleValues","key":"config.user_replies_sort_order","value":"DEFAULT","localValue":"DEFAULT","possibleValues":["DEFAULT","LIKES","PUBLISH_TIME","REVERSE_PUBLISH_TIME"]}},"deleted":false},"CachedAsset:pages-1747130321643":{"__typename":"CachedAsset","id":"pages-1747130321643","value":[{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"UserBlogPermissions.Page","type":"COMMUNITY","urlPath":"/c/user-blog-permissions/page","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"AllEvents","type":"CUSTOM","urlPath":"/Events","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"CommunityHub.Page","type":"CUSTOM","urlPath":"/Directory","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"AllBlogs.Page","type":"CUSTOM","urlPath":"/blogs","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1747130321643,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}","userBanned":"We're sorry, but you have been banned from using this site.","userBannedReason":"You have been banned for the following reason: {reason}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:theme:customTheme1-1747130321027":{"__typename":"CachedAsset","id":"theme:customTheme1-1747130321027","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["default"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"favicon-1730836283320.png","imageLastModified":"1730836286415","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"favicon-1730836271365.png","imageLastModified":"1730836274203","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1300px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_BROWSER","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"3px","borderRadius":"3px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"16px","paddingXHero":"60px","fontStyle":"NORMAL","fontWeight":"700","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-200)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-200)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"LIGHT","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.16)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.12)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-link-color)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","defaultMessageFontFamily":"var(--lia-bs-font-family-base)","forumColor":"#4099E2","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#148563","blogColor":"#1CBAA0","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#4C6B90","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#FF8000","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#D13A1F","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#333333","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#717171","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0069D4","secondary":"#333333","bodyText":"#1E1E1E","bodyBg":"#FFFFFF","info":"#409AE2","success":"#41C5AE","warning":"#FCC844","danger":"#BC341B","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#D3F5A4","#243A5E"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Segoe UI","fontStyle":"NORMAL","fontWeight":"400","h1FontSize":"34px","h2FontSize":"32px","h3FontSize":"28px","h4FontSize":"24px","h5FontSize":"20px","h6FontSize":"16px","lineHeight":"1.3","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":"","imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"40px","defaultMessageHeaderMarginBottom":"20px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"40px","specialMessageHeaderMarginBottom":"20px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Segoe UI","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.5","fontSizeBase":"16px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"14px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[{"source":"SERVER","name":"Segoe UI","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"},{"style":"NORMAL","weight":"300","__typename":"FontStyleData"},{"style":"NORMAL","weight":"600","__typename":"FontStyleData"},{"style":"NORMAL","weight":"700","__typename":"FontStyleData"},{"style":"ITALIC","weight":"400","__typename":"FontStyleData"}],"assetNames":["SegoeUI-normal-400.woff2","SegoeUI-normal-300.woff2","SegoeUI-normal-600.woff2","SegoeUI-normal-700.woff2","SegoeUI-italic-400.woff2"],"__typename":"CustomFont"},{"source":"SERVER","name":"MWF Fluent Icons","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"}],"assetNames":["MWFFluentIcons-normal-400.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1745505307000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1745505307000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1745505307000","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"Category:category:cis":{"__typename":"Category","id":"category:cis","entityType":"CATEGORY","displayId":"cis","nodeType":"category","depth":4,"title":"Core Infrastructure and Security","shortTitle":"Core Infrastructure and Security","parent":{"__ref":"Category:category:microsoft-security"}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top"},"Category:category:communities":{"__typename":"Category","id":"category:communities","displayId":"communities","nodeType":"category","depth":1,"parent":{"__ref":"Category:category:top"},"title":"Communities"},"Category:category:products-services":{"__typename":"Category","id":"category:products-services","displayId":"products-services","nodeType":"category","depth":2,"parent":{"__ref":"Category:category:communities"},"title":"Products"},"Category:category:microsoft-security":{"__typename":"Category","id":"category:microsoft-security","displayId":"microsoft-security","nodeType":"category","depth":3,"parent":{"__ref":"Category:category:products-services"},"title":"Microsoft Security","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:CoreInfrastructureandSecurityBlog":{"__typename":"Blog","id":"board:CoreInfrastructureandSecurityBlog","entityType":"BLOG","displayId":"CoreInfrastructureandSecurityBlog","nodeType":"board","depth":5,"conversationStyle":"BLOG","title":"Core Infrastructure and Security Blog","description":"","avatar":null,"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:cis"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:gxcuf89792"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:communities"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:products-services"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:microsoft-security"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:cis"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"boardPolicies":{"__typename":"BoardPolicies","canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}}},"theme":{"__ref":"Theme:customTheme1"},"shortTitle":"Core Infrastructure and Security Blog","tagPolicies":{"__typename":"TagPolicies","canSubscribeTagOnNode":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","args":[]}},"canManageTagDashboard":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","args":[]}}}},"CachedAsset:quilt:o365.prod:pages/tags/TagPage:board:CoreInfrastructureandSecurityBlog-1747130319064":{"__typename":"CachedAsset","id":"quilt:o365.prod:pages/tags/TagPage:board:CoreInfrastructureandSecurityBlog-1747130319064","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:quiltWrapper:o365.prod:Common:1747130258795":{"__typename":"CachedAsset","id":"quiltWrapper:o365.prod:Common:1747130258795","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"community.widget.navbarWidget","props":{"showUserName":true,"showRegisterLink":true,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"className":"QuiltComponent_lia-component-edit-mode__0nCcm","links":{"sideLinks":[],"mainLinks":[{"children":[],"linkType":"INTERNAL","id":"gxcuf89792","params":{},"routeName":"CommunityPage"},{"children":[],"linkType":"EXTERNAL","id":"external-link","url":"/Directory","target":"SELF"},{"children":[{"linkType":"INTERNAL","id":"microsoft365","params":{"categoryId":"microsoft365"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"windows","params":{"categoryId":"Windows"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-microsoft365-copilot-link","params":{"categoryId":"Microsoft365Copilot"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-teams","params":{"categoryId":"MicrosoftTeams"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-securityand-compliance","params":{"categoryId":"microsoft-security"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"azure","params":{"categoryId":"Azure"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-content_management-link","params":{"categoryId":"Content_Management"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"exchange","params":{"categoryId":"Exchange"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"windows-server","params":{"categoryId":"Windows-Server"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"outlook","params":{"categoryId":"Outlook"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-endpoint-manager","params":{"categoryId":"microsoftintune"},"routeName":"CategoryPage"},{"linkType":"EXTERNAL","id":"external-link-2","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"communities","url":"/","target":"BLANK"},{"children":[{"linkType":"INTERNAL","id":"a-i","params":{"categoryId":"AI"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"education-sector","params":{"categoryId":"EducationSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"partner-community","params":{"categoryId":"PartnerCommunity"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"i-t-ops-talk","params":{"categoryId":"ITOpsTalk"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"healthcare-and-life-sciences","params":{"categoryId":"HealthcareAndLifeSciences"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-mechanics","params":{"categoryId":"MicrosoftMechanics"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"public-sector","params":{"categoryId":"PublicSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"s-m-b","params":{"categoryId":"MicrosoftforNonprofits"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"io-t","params":{"categoryId":"IoT"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"startupsat-microsoft","params":{"categoryId":"StartupsatMicrosoft"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"driving-adoption","params":{"categoryId":"DrivingAdoption"},"routeName":"CategoryPage"},{"linkType":"EXTERNAL","id":"external-link-1","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"communities-1","url":"/","target":"SELF"},{"children":[],"linkType":"EXTERNAL","id":"external","url":"/Blogs","target":"SELF"},{"children":[],"linkType":"EXTERNAL","id":"external-1","url":"/Events","target":"SELF"},{"children":[{"linkType":"INTERNAL","id":"microsoft-learn-1","params":{"categoryId":"MicrosoftLearn"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-learn-blog","params":{"boardId":"MicrosoftLearnBlog","categoryId":"MicrosoftLearn"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"external-10","url":"https://learningroomdirectory.microsoft.com/","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-3","url":"https://docs.microsoft.com/learn/dynamics365/?WT.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-4","url":"https://docs.microsoft.com/learn/m365/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-5","url":"https://docs.microsoft.com/learn/topics/sci/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-6","url":"https://docs.microsoft.com/learn/powerplatform/?wt.mc_id=techcom_header-webpage-powerplatform","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-7","url":"https://docs.microsoft.com/learn/github/?wt.mc_id=techcom_header-webpage-github","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-8","url":"https://docs.microsoft.com/learn/teams/?wt.mc_id=techcom_header-webpage-teams","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-9","url":"https://docs.microsoft.com/learn/dotnet/?wt.mc_id=techcom_header-webpage-dotnet","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-2","url":"https://docs.microsoft.com/learn/azure/?WT.mc_id=techcom_header-webpage-m365","target":"BLANK"}],"linkType":"INTERNAL","id":"microsoft-learn","params":{"categoryId":"MicrosoftLearn"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"community-info-center","params":{"categoryId":"Community-Info-Center"},"routeName":"CategoryPage"}]},"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","controllerHighlightColor":"hsla(30, 100%, 50%)","linkFontWeight":"400","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkBoxShadowHover":"none","linkFontSize":"14px","backgroundOpacity":0.8,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","hamburgerColor":"var(--lia-nav-controller-icon-color)","linkTextBorderBottom":"none","brandLogoHeight":"30px","linkBgHoverColor":"transparent","linkLetterSpacing":"normal","collapseMenuDividerOpacity":0.16,"dropdownPaddingBottom":"15px","paddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"1px solid var(--lia-bs-border-color)","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","collapseMenuDividerBg":"var(--lia-nav-link-color)","linkColor":"var(--lia-bs-body-color)","linkJustifyContent":"flex-start","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","controllerTextColor":"var(--lia-nav-controller-icon-color)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-body-color)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid var(--lia-bs-body-color)","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","linkPaddingX":"10px","linkPaddingY":"5px","paddingTop":"15px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkBgColor":"transparent","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkDropdownPaddingY":"9px","controllerIconColor":"var(--lia-bs-body-color)","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"var(--lia-bs-body-color)"},"showSearchIcon":false,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"transparent","linkHighlightColor":"var(--lia-bs-primary)","visualEffects":{"showBottomBorder":true},"linkTextColor":"var(--lia-bs-gray-700)"},"__typename":"QuiltComponent"},{"id":"custom.widget.HeroBanner","props":{"widgetVisibility":"signedInOrAnonymous","usePageWidth":false,"useTitle":true,"cMax_items":3,"useBackground":false,"title":"","lazyLoad":false,"widgetChooser":"custom.widget.HeroBanner"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.MicrosoftFooter","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1745505307000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.HeroBanner-en-us-1747150702667":{"__typename":"CachedAsset","id":"component:custom.widget.HeroBanner-en-us-1747150702667","value":{"component":{"id":"custom.widget.HeroBanner","template":{"id":"HeroBanner","markupLanguage":"REACT","style":null,"texts":{"searchPlaceholderText":"Search this community","followActionText":"Follow","unfollowActionText":"Following","searchOnHoverText":"Please enter your search term(s) and then press return key to complete a search.","blogs.sidebar.pagetitle":"Latest Blogs | Microsoft Tech Community","followThisNode":"Follow this node","unfollowThisNode":"Unfollow this node"},"defaults":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.HeroBanner","form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"__typename":"Component","localOverride":false},"globalCss":null,"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"}},"localOverride":false},"CachedAsset:component:custom.widget.MicrosoftFooter-en-us-1747150702667":{"__typename":"CachedAsset","id":"component:custom.widget.MicrosoftFooter-en-us-1747150702667","value":{"component":{"id":"custom.widget.MicrosoftFooter","template":{"id":"MicrosoftFooter","markupLanguage":"HANDLEBARS","style":".context-uhf {\n min-width: 280px;\n font-size: 15px;\n box-sizing: border-box;\n -ms-text-size-adjust: 100%;\n -webkit-text-size-adjust: 100%;\n & *,\n & *:before,\n & *:after {\n box-sizing: inherit;\n }\n a.c-uhff-link {\n color: #616161;\n word-break: break-word;\n text-decoration: none;\n }\n &a:link,\n &a:focus,\n &a:hover,\n &a:active,\n &a:visited {\n text-decoration: none;\n color: inherit;\n }\n & div {\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\n }\n}\n.c-uhff {\n background: #f2f2f2;\n margin: -1.5625;\n width: auto;\n height: auto;\n}\n.c-uhff-nav {\n margin: 0 auto;\n max-width: calc(1600px + 10%);\n padding: 0 5%;\n box-sizing: inherit;\n &:before,\n &:after {\n content: ' ';\n display: table;\n clear: left;\n }\n @media only screen and (max-width: 1083px) {\n padding-left: 12px;\n }\n .c-heading-4 {\n color: #616161;\n word-break: break-word;\n font-size: 15px;\n line-height: 20px;\n padding: 36px 0 4px;\n font-weight: 600;\n }\n .c-uhff-nav-row {\n .c-uhff-nav-group {\n display: block;\n float: left;\n min-height: 1px;\n vertical-align: text-top;\n padding: 0 12px;\n width: 100%;\n zoom: 1;\n &:first-child {\n padding-left: 0;\n @media only screen and (max-width: 1083px) {\n padding-left: 12px;\n }\n }\n @media only screen and (min-width: 540px) and (max-width: 1082px) {\n width: 33.33333%;\n }\n @media only screen and (min-width: 1083px) {\n width: 16.6666666667%;\n }\n ul.c-list.f-bare {\n font-size: 11px;\n line-height: 16px;\n margin-top: 0;\n margin-bottom: 0;\n padding-left: 0;\n list-style-type: none;\n li {\n word-break: break-word;\n padding: 8px 0;\n margin: 0;\n }\n }\n }\n }\n}\n.c-uhff-base {\n background: #f2f2f2;\n margin: 0 auto;\n max-width: calc(1600px + 10%);\n padding: 30px 5% 16px;\n &:before,\n &:after {\n content: ' ';\n display: table;\n }\n &:after {\n clear: both;\n }\n a.c-uhff-ccpa {\n font-size: 11px;\n line-height: 16px;\n float: left;\n margin: 3px 0;\n }\n a.c-uhff-ccpa:hover {\n text-decoration: underline;\n }\n ul.c-list {\n font-size: 11px;\n line-height: 16px;\n float: right;\n margin: 3px 0;\n color: #616161;\n li {\n padding: 0 24px 4px 0;\n display: inline-block;\n }\n }\n .c-list.f-bare {\n padding-left: 0;\n list-style-type: none;\n }\n @media only screen and (max-width: 1083px) {\n display: flex;\n flex-wrap: wrap;\n padding: 30px 24px 16px;\n }\n}\n\n.social-share {\n position: fixed;\n top: 60%;\n transform: translateY(-50%);\n left: 0;\n z-index: 1000;\n}\n\n.sharing-options {\n list-style: none;\n padding: 0;\n margin: 0;\n display: block;\n flex-direction: column;\n background-color: white;\n width: 43px;\n border-radius: 0px 7px 7px 0px;\n}\n.linkedin-icon {\n border-top-right-radius: 7px;\n}\n.linkedin-icon:hover {\n border-radius: 0;\n}\n.social-share-rss-image {\n border-bottom-right-radius: 7px;\n}\n.social-share-rss-image:hover {\n border-radius: 0;\n}\n\n.social-link-footer {\n position: relative;\n display: block;\n margin: -2px 0;\n transition: all 0.2s ease;\n}\n.social-link-footer:hover .linkedin-icon {\n border-radius: 0;\n}\n.social-link-footer:hover .social-share-rss-image {\n border-radius: 0;\n}\n\n.social-link-footer img {\n width: 40px;\n height: auto;\n transition: filter 0.3s ease;\n}\n\n.social-share-list {\n width: 40px;\n}\n.social-share-rss-image {\n width: 40px;\n}\n\n.share-icon {\n border: 2px solid transparent;\n display: inline-block;\n position: relative;\n}\n\n.share-icon:hover {\n opacity: 1;\n border: 2px solid white;\n box-sizing: border-box;\n}\n\n.share-icon:hover .label {\n opacity: 1;\n visibility: visible;\n border: 2px solid white;\n box-sizing: border-box;\n border-left: none;\n}\n\n.label {\n position: absolute;\n left: 100%;\n white-space: nowrap;\n opacity: 0;\n visibility: hidden;\n transition: all 0.2s ease;\n color: white;\n border-radius: 0 10 0 10px;\n top: 50%;\n transform: translateY(-50%);\n height: 40px;\n border-radius: 0 6px 6px 0;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 20px 5px 20px 8px;\n margin-left: -1px;\n}\n.linkedin {\n background-color: #0474b4;\n}\n.facebook {\n background-color: #3c5c9c;\n}\n.twitter {\n background-color: white;\n color: black;\n}\n.reddit {\n background-color: #fc4404;\n}\n.mail {\n background-color: #848484;\n}\n.bluesky {\n background-color: white;\n color: black;\n}\n.rss {\n background-color: #ec7b1c;\n}\n#RSS {\n width: 40px;\n height: 40px;\n}\n\n@media (max-width: 991px) {\n .social-share {\n display: none;\n }\n}\n","texts":{"New tab":"What's New","New 1":"Surface Laptop Studio 2","New 2":"Surface Laptop Go 3","New 3":"Surface Pro 9","New 4":"Surface Laptop 5","New 5":"Surface Studio 2+","New 6":"Copilot in Windows","New 7":"Microsoft 365","New 8":"Windows 11 apps","Store tab":"Microsoft Store","Store 1":"Account Profile","Store 2":"Download Center","Store 3":"Microsoft Store Support","Store 4":"Returns","Store 5":"Order tracking","Store 6":"Certified Refurbished","Store 7":"Microsoft Store Promise","Store 8":"Flexible Payments","Education tab":"Education","Edu 1":"Microsoft in education","Edu 2":"Devices for education","Edu 3":"Microsoft Teams for Education","Edu 4":"Microsoft 365 Education","Edu 5":"How to buy for your school","Edu 6":"Educator Training and development","Edu 7":"Deals for students and parents","Edu 8":"Azure for students","Business tab":"Business","Bus 1":"Microsoft Cloud","Bus 2":"Microsoft Security","Bus 3":"Dynamics 365","Bus 4":"Microsoft 365","Bus 5":"Microsoft Power Platform","Bus 6":"Microsoft Teams","Bus 7":"Microsoft Industry","Bus 8":"Small Business","Developer tab":"Developer & IT","Dev 1":"Azure","Dev 2":"Developer Center","Dev 3":"Documentation","Dev 4":"Microsoft Learn","Dev 5":"Microsoft Tech Community","Dev 6":"Azure Marketplace","Dev 7":"AppSource","Dev 8":"Visual Studio","Company tab":"Company","Com 1":"Careers","Com 2":"About Microsoft","Com 3":"Company News","Com 4":"Privacy at Microsoft","Com 5":"Investors","Com 6":"Diversity and inclusion","Com 7":"Accessiblity","Com 8":"Sustainibility"},"defaults":{"config":{"applicablePages":[],"description":"The Microsoft Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.MicrosoftFooter","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"The Microsoft Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":{"css":".custom_widget_MicrosoftFooter_context-uhf_105bp_1 {\n min-width: 17.5rem;\n font-size: 0.9375rem;\n box-sizing: border-box;\n -ms-text-size-adjust: 100%;\n -webkit-text-size-adjust: 100%;\n & *,\n & *:before,\n & *:after {\n box-sizing: inherit;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-link_105bp_12 {\n color: #616161;\n word-break: break-word;\n text-decoration: none;\n }\n &a:link,\n &a:focus,\n &a:hover,\n &a:active,\n &a:visited {\n text-decoration: none;\n color: inherit;\n }\n & div {\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\n }\n}\n.custom_widget_MicrosoftFooter_c-uhff_105bp_12 {\n background: #f2f2f2;\n margin: -1.5625;\n width: auto;\n height: auto;\n}\n.custom_widget_MicrosoftFooter_c-uhff-nav_105bp_35 {\n margin: 0 auto;\n max-width: calc(100rem + 10%);\n padding: 0 5%;\n box-sizing: inherit;\n &:before,\n &:after {\n content: ' ';\n display: table;\n clear: left;\n }\n @media only screen and (max-width: 1083px) {\n padding-left: 0.75rem;\n }\n .custom_widget_MicrosoftFooter_c-heading-4_105bp_49 {\n color: #616161;\n word-break: break-word;\n font-size: 0.9375rem;\n line-height: 1.25rem;\n padding: 2.25rem 0 0.25rem;\n font-weight: 600;\n }\n .custom_widget_MicrosoftFooter_c-uhff-nav-row_105bp_57 {\n .custom_widget_MicrosoftFooter_c-uhff-nav-group_105bp_58 {\n display: block;\n float: left;\n min-height: 0.0625rem;\n vertical-align: text-top;\n padding: 0 0.75rem;\n width: 100%;\n zoom: 1;\n &:first-child {\n padding-left: 0;\n @media only screen and (max-width: 1083px) {\n padding-left: 0.75rem;\n }\n }\n @media only screen and (min-width: 540px) and (max-width: 1082px) {\n width: 33.33333%;\n }\n @media only screen and (min-width: 1083px) {\n width: 16.6666666667%;\n }\n ul.custom_widget_MicrosoftFooter_c-list_105bp_78.custom_widget_MicrosoftFooter_f-bare_105bp_78 {\n font-size: 0.6875rem;\n line-height: 1rem;\n margin-top: 0;\n margin-bottom: 0;\n padding-left: 0;\n list-style-type: none;\n li {\n word-break: break-word;\n padding: 0.5rem 0;\n margin: 0;\n }\n }\n }\n }\n}\n.custom_widget_MicrosoftFooter_c-uhff-base_105bp_94 {\n background: #f2f2f2;\n margin: 0 auto;\n max-width: calc(100rem + 10%);\n padding: 1.875rem 5% 1rem;\n &:before,\n &:after {\n content: ' ';\n display: table;\n }\n &:after {\n clear: both;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_105bp_107 {\n font-size: 0.6875rem;\n line-height: 1rem;\n float: left;\n margin: 0.1875rem 0;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_105bp_107:hover {\n text-decoration: underline;\n }\n ul.custom_widget_MicrosoftFooter_c-list_105bp_78 {\n font-size: 0.6875rem;\n line-height: 1rem;\n float: right;\n margin: 0.1875rem 0;\n color: #616161;\n li {\n padding: 0 1.5rem 0.25rem 0;\n display: inline-block;\n }\n }\n .custom_widget_MicrosoftFooter_c-list_105bp_78.custom_widget_MicrosoftFooter_f-bare_105bp_78 {\n padding-left: 0;\n list-style-type: none;\n }\n @media only screen and (max-width: 1083px) {\n display: flex;\n flex-wrap: wrap;\n padding: 1.875rem 1.5rem 1rem;\n }\n}\n.custom_widget_MicrosoftFooter_social-share_105bp_138 {\n position: fixed;\n top: 60%;\n transform: translateY(-50%);\n left: 0;\n z-index: 1000;\n}\n.custom_widget_MicrosoftFooter_sharing-options_105bp_146 {\n list-style: none;\n padding: 0;\n margin: 0;\n display: block;\n flex-direction: column;\n background-color: white;\n width: 2.6875rem;\n border-radius: 0 0.4375rem 0.4375rem 0;\n}\n.custom_widget_MicrosoftFooter_linkedin-icon_105bp_156 {\n border-top-right-radius: 7px;\n}\n.custom_widget_MicrosoftFooter_linkedin-icon_105bp_156:hover {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162 {\n border-bottom-right-radius: 7px;\n}\n.custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162:hover {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169 {\n position: relative;\n display: block;\n margin: -0.125rem 0;\n transition: all 0.2s ease;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169:hover .custom_widget_MicrosoftFooter_linkedin-icon_105bp_156 {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169:hover .custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162 {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169 img {\n width: 2.5rem;\n height: auto;\n transition: filter 0.3s ease;\n}\n.custom_widget_MicrosoftFooter_social-share-list_105bp_188 {\n width: 2.5rem;\n}\n.custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162 {\n width: 2.5rem;\n}\n.custom_widget_MicrosoftFooter_share-icon_105bp_195 {\n border: 2px solid transparent;\n display: inline-block;\n position: relative;\n}\n.custom_widget_MicrosoftFooter_share-icon_105bp_195:hover {\n opacity: 1;\n border: 2px solid white;\n box-sizing: border-box;\n}\n.custom_widget_MicrosoftFooter_share-icon_105bp_195:hover .custom_widget_MicrosoftFooter_label_105bp_207 {\n opacity: 1;\n visibility: visible;\n border: 2px solid white;\n box-sizing: border-box;\n border-left: none;\n}\n.custom_widget_MicrosoftFooter_label_105bp_207 {\n position: absolute;\n left: 100%;\n white-space: nowrap;\n opacity: 0;\n visibility: hidden;\n transition: all 0.2s ease;\n color: white;\n border-radius: 0 10 0 0.625rem;\n top: 50%;\n transform: translateY(-50%);\n height: 2.5rem;\n border-radius: 0 0.375rem 0.375rem 0;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 1.25rem 0.3125rem 1.25rem 0.5rem;\n margin-left: -0.0625rem;\n}\n.custom_widget_MicrosoftFooter_linkedin_105bp_156 {\n background-color: #0474b4;\n}\n.custom_widget_MicrosoftFooter_facebook_105bp_237 {\n background-color: #3c5c9c;\n}\n.custom_widget_MicrosoftFooter_twitter_105bp_240 {\n background-color: white;\n color: black;\n}\n.custom_widget_MicrosoftFooter_reddit_105bp_244 {\n background-color: #fc4404;\n}\n.custom_widget_MicrosoftFooter_mail_105bp_247 {\n background-color: #848484;\n}\n.custom_widget_MicrosoftFooter_bluesky_105bp_250 {\n background-color: white;\n color: black;\n}\n.custom_widget_MicrosoftFooter_rss_105bp_254 {\n background-color: #ec7b1c;\n}\n#custom_widget_MicrosoftFooter_RSS_105bp_1 {\n width: 2.5rem;\n height: 2.5rem;\n}\n@media (max-width: 991px) {\n .custom_widget_MicrosoftFooter_social-share_105bp_138 {\n display: none;\n }\n}\n","tokens":{"context-uhf":"custom_widget_MicrosoftFooter_context-uhf_105bp_1","c-uhff-link":"custom_widget_MicrosoftFooter_c-uhff-link_105bp_12","c-uhff":"custom_widget_MicrosoftFooter_c-uhff_105bp_12","c-uhff-nav":"custom_widget_MicrosoftFooter_c-uhff-nav_105bp_35","c-heading-4":"custom_widget_MicrosoftFooter_c-heading-4_105bp_49","c-uhff-nav-row":"custom_widget_MicrosoftFooter_c-uhff-nav-row_105bp_57","c-uhff-nav-group":"custom_widget_MicrosoftFooter_c-uhff-nav-group_105bp_58","c-list":"custom_widget_MicrosoftFooter_c-list_105bp_78","f-bare":"custom_widget_MicrosoftFooter_f-bare_105bp_78","c-uhff-base":"custom_widget_MicrosoftFooter_c-uhff-base_105bp_94","c-uhff-ccpa":"custom_widget_MicrosoftFooter_c-uhff-ccpa_105bp_107","social-share":"custom_widget_MicrosoftFooter_social-share_105bp_138","sharing-options":"custom_widget_MicrosoftFooter_sharing-options_105bp_146","linkedin-icon":"custom_widget_MicrosoftFooter_linkedin-icon_105bp_156","social-share-rss-image":"custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162","social-link-footer":"custom_widget_MicrosoftFooter_social-link-footer_105bp_169","social-share-list":"custom_widget_MicrosoftFooter_social-share-list_105bp_188","share-icon":"custom_widget_MicrosoftFooter_share-icon_105bp_195","label":"custom_widget_MicrosoftFooter_label_105bp_207","linkedin":"custom_widget_MicrosoftFooter_linkedin_105bp_156","facebook":"custom_widget_MicrosoftFooter_facebook_105bp_237","twitter":"custom_widget_MicrosoftFooter_twitter_105bp_240","reddit":"custom_widget_MicrosoftFooter_reddit_105bp_244","mail":"custom_widget_MicrosoftFooter_mail_105bp_247","bluesky":"custom_widget_MicrosoftFooter_bluesky_105bp_250","rss":"custom_widget_MicrosoftFooter_rss_105bp_254","RSS":"custom_widget_MicrosoftFooter_RSS_105bp_1"}},"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1745505307000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1745505307000","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1745505307000","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1722894000155":"Recent Discussions","title@instance:1727367112619":"Recent Blog Articles","title@instance:1727367069748":"Recent Discussions","title@instance:1727366213114":"Latest Discussions","title@instance:1727899609720":"","title@instance:1727363308925":"Latest Discussions","title@instance:1737115580352":"Latest Articles","title@instance:1720453418992":"Recent Discssions","title@instance:1727365950181":"Latest Blog Articles","title@instance:bmDPnI":"Latest Blog Articles","title@instance:IiDDJZ":"Latest Blog Articles","title@instance:1721244347979":"Latest blog posts","title@instance:1728383752171":"Related Content","title@instance:1722893956545":"Latest Skilling Resources","title@instance:dhcgCU":"Latest Discussions"},"localOverride":false},"Category:category:Exchange":{"__typename":"Category","id":"category:Exchange","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Outlook":{"__typename":"Category","id":"category:Outlook","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Community-Info-Center":{"__typename":"Category","id":"category:Community-Info-Center","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:EducationSector":{"__typename":"Category","id":"category:EducationSector","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:DrivingAdoption":{"__typename":"Category","id":"category:DrivingAdoption","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Azure":{"__typename":"Category","id":"category:Azure","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows-Server":{"__typename":"Category","id":"category:Windows-Server","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftTeams":{"__typename":"Category","id":"category:MicrosoftTeams","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PublicSector":{"__typename":"Category","id":"category:PublicSector","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft365":{"__typename":"Category","id":"category:microsoft365","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:IoT":{"__typename":"Category","id":"category:IoT","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:HealthcareAndLifeSciences":{"__typename":"Category","id":"category:HealthcareAndLifeSciences","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:ITOpsTalk":{"__typename":"Category","id":"category:ITOpsTalk","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftLearn":{"__typename":"Category","id":"category:MicrosoftLearn","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:MicrosoftLearnBlog":{"__typename":"Blog","id":"board:MicrosoftLearnBlog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:AI":{"__typename":"Category","id":"category:AI","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftMechanics":{"__typename":"Category","id":"category:MicrosoftMechanics","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftforNonprofits":{"__typename":"Category","id":"category:MicrosoftforNonprofits","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:StartupsatMicrosoft":{"__typename":"Category","id":"category:StartupsatMicrosoft","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PartnerCommunity":{"__typename":"Category","id":"category:PartnerCommunity","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Microsoft365Copilot":{"__typename":"Category","id":"category:Microsoft365Copilot","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows":{"__typename":"Category","id":"category:Windows","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Content_Management":{"__typename":"Category","id":"category:Content_Management","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoftintune":{"__typename":"Category","id":"category:microsoftintune","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:4396686":{"__typename":"Conversation","id":"conversation:4396686","topic":{"__typename":"BlogTopicMessage","uid":4396686},"lastPostingActivityTime":"2025-05-13T05:07:33.663-07:00","solved":false},"User:user:219011":{"__typename":"User","uid":219011,"login":"BrunoGabrielli","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-2.svg?time=0"},"id":"user:219011"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LVJuOXVWZA?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LVJuOXVWZA?revision=5","title":"Override-1.png","associationType":"COVER","width":942,"height":435,"altText":""},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LURKQjVCNQ?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LURKQjVCNQ?revision=5","title":"clipboard_image-1-1742828072026.png","associationType":"BODY","width":829,"height":486,"altText":""},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LUpvcFB6aQ?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LUpvcFB6aQ?revision=5","title":"clipboard_image-2-1742828072032.png","associationType":"BODY","width":1354,"height":322,"altText":""},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LWZrOFA2Sg?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LWZrOFA2Sg?revision=5","title":"clipboard_image-3-1742828072035.png","associationType":"BODY","width":1009,"height":517,"altText":""},"BlogTopicMessage:message:4396686":{"__typename":"BlogTopicMessage","subject":"Azure Monitor: How To Create Overrides for Log Search Alerts","conversation":{"__ref":"Conversation:conversation:4396686"},"id":"message:4396686","revisionNum":5,"uid":4396686,"depth":0,"board":{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"author":{"__ref":"User:user:219011"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"Struggling with the missing override concept in Azure Monitor alerts? Read through to see how this can be achieved for Log-based alerts.","metrics":{"__typename":"MessageMetrics","views":610},"postTime":"2025-03-25T01:00:00.022-07:00","lastPublishTime":"2025-03-26T18:56:51.332-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello blog readers 😊 \n How many times have you found yourself in a situation where you created Azure Monitor alerts but the threshold you specified was not applicable to all the targeted resources? The side effects of this were: \n \n You were getting unnecessary alerts \n You were getting sort of false positives \n To fix the problem you had to create different alerts for different resources with different thresholds \n \n I faced this problem long time ago, and I blogged about a possible solution in the post called Azure Monitor: Use Dynamic Thresholds in Log Alerts. Despite that approach being effective, it did not completely resolve the problem. Unfortunately, it was not possible to query Azure resource graph back in April 2023, but nowadays it is 😊😊😊. \n Thanks to the ability to Create alerts with Azure Resource Graph and Log Analytics, it is now possible to query for the presence of resource tags that can be used to set a new threshold applied to the tagged resources specifically. Each and every resource can have tags and values so they will use specific thresholds. Isn’t this an override? \n NOTE: Some tables (like the InsightsMetrics table) include a Tag column that does not contain any resource tag. This column is used to store various additional information about the collected data, such as the mountId tag that contains the logical volume letter. \n Now that theory should be clear, let’s have a look at the practice taking a disk space alert. \n Normally you have an alert with a query similar to the one in the picture below: \n \n That is going to create an alert for disks with space below 10% \n Using my previous solution, you could have made the thresholds different based on the disk size but, as mentioned, this does not give you the ability to set a resource specific threshold. \n Hence, considering the theory explained above you need to add the Azure Resource Graph (ARG) to your query and join the above query with the ARG part before the threshold comparison. \n Talking about the ARG part, you need to decide the tag name you would like to use. I would recommend something easy and mnemonic like DiskSpaceThreshold. In this case, the ARG part of the query would be similar to: \n let overridenResource = (arg(\"\").resources\n| where type =~ \"Microsoft.Compute/virtualMachines\"\n| project _ResourceId = tolower(id), tags\n| where tags contains \"DiskSpaceOverride\"); \n That part should be added at the top of your query: \n let overridenResource = (arg(\"\").resources\n| where type =~ \"Microsoft.Compute/virtualMachines\"\n| project _ResourceId = tolower(id), tags\n| where tags contains \"DiskSpaceOverride\");\nInsightsMetrics\n| where _ResourceId has \"Microsoft.Compute/virtualMachines\"\n| where Origin == \"vm.azm.ms\"\n| where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\"\n| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])\n| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk\n| where AggregatedValue < 10\n| project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue \n Now, you need to join the query results with the ARG part before the threshold comparison. This will change the query into the one below: \n let overridenResource = (arg(\"\").resources\n| where type =~ \"Microsoft.Compute/virtualMachines\"\n| project _ResourceId = tolower(id), tags\n| where tags contains \"DiskSpaceOverride\");\nInsightsMetrics\n| where _ResourceId has \"Microsoft.Compute/virtualMachines\"\n| where Origin == \"vm.azm.ms\"\n| where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\"\n| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])\n| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk\n| join hint.remote=left kind=leftouter overridenResource on _ResourceId\n| project-away _ResourceId1 \n At this point, you need to read the tag value, if it exists, and use it as the new specific threshold. If the tag does not exist, you need to default the generic threshold. The following lines, added to the query will do the trick: \n | extend appliedThresholdString = iif(tags contains \"DiskSpaceOverride\", tostring(tags.[\"DiskSpaceOverride\"]), \"10\")\n| extend appliedThreshold = toint(appliedThresholdString)\n| where AggregatedValue < appliedThreshold \n Last but not least, project the query results. I am gonna suggest you add the appliedThreshold field to the project so you can see the real threshold applied to the resources: \n let overridenResource = (arg(\"\").resources\n| where type =~ \"Microsoft.Compute/virtualMachines\"\n| project _ResourceId = tolower(id), tags\n| where tags contains \"DiskSpaceOverride\");\nInsightsMetrics\n| where _ResourceId has \"Microsoft.Compute/virtualMachines\"\n| where Origin == \"vm.azm.ms\"\n| where Namespace == \"LogicalDisk\" and Name == \"FreeSpacePercentage\"\n| extend Disk=tostring(todynamic(Tags)[\"vm.azm.ms/mountId\"])\n| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk\n| join hint.remote=left kind=leftouter overridenResource on _ResourceId\n| project-away _ResourceId1\n| extend appliedThresholdString = iif(tags contains \"DiskSpaceOverride\", tostring(tags.[\"DiskSpaceOverride\"]), \"10\")\n| extend appliedThreshold = toint(appliedThresholdString)\n| where AggregatedValue < appliedThreshold\n| project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold \n How do you put that into action? Just tag the resources you need to override, run the query manually to check the results and then update your alerts using the same approach. For instance, I tagged my vm-Win-Demos-01 with the suggested tag name (DiskSpaceOverride) and a tag value of 90. This will apply the threshold of 90% of free disk space for this machine only \n \n Running the query, we just assembled, I will get these results: \n \n With clear evidence that the threshold applied to vm-Win-Demos-01 was 90 instead of 10 \n This method is much more flexible and gives granular control over the resources compared to the one I previously blogged on. Let me know if you like it 😊 \n \n … That’s all folks, thanks for reading through😊 \n \n Disclaimer \n The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without a warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"7098","kudosSumWeight":2,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LVJuOXVWZA?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LURKQjVCNQ?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LUpvcFB6aQ?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LWZrOFA2Sg?revision=5\"}"}}],"totalCount":4,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":{"__typename":"UploadedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00Mzk2Njg2LVJuOXVWZA?revision=5"},"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3865274":{"__typename":"Conversation","id":"conversation:3865274","topic":{"__typename":"BlogTopicMessage","uid":3865274},"lastPostingActivityTime":"2025-05-01T07:21:11.504-07:00","solved":false},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyMGkxRTQ1MzI2MUU4MzlGQ0Uz?revision=9\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyMGkxRTQ1MzI2MUU4MzlGQ0Uz?revision=9","title":"BrunoGabrielli_9-1688495167958.png","associationType":"TEASER","width":773,"height":405,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyMmlGRDM2OUE1QzkwN0MxNERC?revision=9\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyMmlGRDM2OUE1QzkwN0MxNERC?revision=9","title":"BrunoGabrielli_10-1688495639401.png","associationType":"BODY","width":1724,"height":311,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyM2kxNTQzQTAwQzE2NDhFMUU4?revision=9\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyM2kxNTQzQTAwQzE2NDhFMUU4?revision=9","title":"BrunoGabrielli_11-1688495639405.png","associationType":"BODY","width":1725,"height":301,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyNGkwMjEwOTcwMjcxNzAwMzAx?revision=9\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyNGkwMjEwOTcwMjcxNzAwMzAx?revision=9","title":"BrunoGabrielli_12-1688495639409.png","associationType":"BODY","width":847,"height":1111,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyNWlFQzRBQjNEMEJCQzVEMzM5?revision=9\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyNWlFQzRBQjNEMEJCQzVEMzM5?revision=9","title":"BrunoGabrielli_13-1688495639411.png","associationType":"BODY","width":1256,"height":870,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyNmlBMjNFQTI3MkZGMjZGMzAz?revision=9\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyNmlBMjNFQTI3MkZGMjZGMzAz?revision=9","title":"BrunoGabrielli_14-1688495639414.png","associationType":"BODY","width":1726,"height":517,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyN2kyNTA0ODcxNDE0M0M4MTZB?revision=9\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyN2kyNTA0ODcxNDE0M0M4MTZB?revision=9","title":"BrunoGabrielli_15-1688495639418.png","associationType":"BODY","width":1726,"height":765,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyOGlBOTI2MzRGQ0IxMEMzRERE?revision=9\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyOGlBOTI2MzRGQ0IxMEMzRERE?revision=9","title":"BrunoGabrielli_16-1688495639421.png","associationType":"BODY","width":1614,"height":442,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyOWlDMkUwMkRDQjlGMDg0RDYw?revision=9\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyOWlDMkUwMkRDQjlGMDg0RDYw?revision=9","title":"BrunoGabrielli_17-1688495639423.png","associationType":"BODY","width":1349,"height":450,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTczMGlGNzQ1ODYzMDI1NjBDODU0?revision=9\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTczMGlGNzQ1ODYzMDI1NjBDODU0?revision=9","title":"BrunoGabrielli_18-1688495639429.png","associationType":"BODY","width":1373,"height":479,"altText":null},"BlogTopicMessage:message:3865274":{"__typename":"BlogTopicMessage","subject":"Azure Monitor: Gain Observability On Your DHCP Server","conversation":{"__ref":"Conversation:conversation:3865274"},"id":"message:3865274","revisionNum":9,"uid":3865274,"depth":0,"board":{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"author":{"__ref":"User:user:219011"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Need for observability on your DHCP servers? Azure Monitor can help you out. Just import the data and visualize it with workbooks or be proactive with alerts. \n \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":5449},"postTime":"2023-07-24T09:00:00.166-07:00","lastPublishTime":"2023-08-04T00:41:52.804-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" [2023-July-31]: The previous limitation has been resolved. I modified the PowerShell script to update the table name in the workbook file inheriting the value passed as parameter. Make sure you use the latest updated attachment. \n \n [2023-July-27]: To avoid workbook issues, make sure you call the the Custom table DHCPLOG_CL (using the correct case). If you prefer another name, then you have to edit the workbook code to point to the correct table. \n \n Hello readers, \n It is common that customers need to expand the observability over the entire IT infrastructure (see Azure Monitor: Expanding the Out-of-the-Box Observability for your IT Infrastructure). This includes one of the requests I got to gain observability over DHCP servers. More in details, a customer of mine wanted to have a sort of dashboard to show DHCP events with the ability to do an easy search. \n After 5 minutes of brainstorming I got the solution in mind: I needed to ingest DHCP logs into Azure Monitor, storing them in a Log Analytics workspace and visualize the data through Azure Workbooks. Looks complicated? It is not, but let us go step by step: \n \n #1: Ingesting logs into Azure Monitor: \n This is not something difficult, you can follow the Collect text logs with Azure Monitor Agent documentation or you can read ahead to see how I tried to make life easier by using templates and scripts to manage everything in one go. Reason I created the script is just to avoid too many steps to be completed manually. I preferred to have one single script to run which does the following: \n \n Import the table definition schema \n Create the table in Log Analytics \n If table creation was successful, it creates the necessary DCE and DCR using a JSON template \n \n This approach does not require any customization since all the necessary info are asked as parameters during the script execution. However, you might need to import a different set of info so consider the following: \n \n The table definition schema template includes only meaningful field. If you need less, more or all the fields in the original log, you need to adapt the table schema. \n The transformation rule has been defined according to the table schema. If you change the table schema, make sure you adapt the transformation rule as well template prior to running the script. \n \n \n With that said, let us try it: \n \n Open a PowerShell prompt and launch the script with no parameters: \n \n \n \n \n The script will ask for Azure Active Directory Tenant ID This is required to correctly scope the authentication: \n \n \n \n \n Once the Azure Active Directory Tenant ID has been entered the script will move on with the authentication asking to pick an account from one of the recently used or to enter a new one with the corresponding password: \n \n \n \n \n As the next step, a grid will show up, allowing you to select the subscription you want to use: \n \n \n \n \n From this point on, specific information will be asked like:\n \n The Resource Group containing the Log Analytics workspace to be used \n The name of the Log Analytics workspace that will host the custom table \n A name for the Custom table \n A name for the DCE \n A name for the DCR \n The name of the Json template file containing DCE and DCR definitions \n \n \n \n \n \n \n The execution will continue, letting you know about the step and the outcome. If everything goes smoothly you will get the following results \n \n \n \n At this point you just need to associate the above created DCR with the DHCP server(s) making sure to set the endpoint to the above created DCE \n \n \n \n Easy enough, isn’t it ? \n You can find the script, the table schema template and the DCE+DCR template files attached to the post. \n \n #2: Visualize data through Azure Workbooks: \n This step is not deadly difficult as well. The documentation for Creating an Azure Workbook or to use Azure Workbooks templates is there. Together with it there’s also the documentation to the various Azure Workbooks data sources that can be used in a workbook as well as the supported Workbook visualizations. \n \n But you know me by now! I love to make my readers’ life easier, so I am going to add a ready-to-use workbook as part of this post. This first version includes tiles with aggregated information on events by DHCP server, events by Event Id and event by description \n \n \n \n \n As well as a grid with all log entries with a search box on top. \n \n \n The search box is a superb feature of the workbooks. It searches against everything showing up in the grid. Really amazing!!! \n \n It goes without saying that this solution applies to both Azure virtual machines and Arc-Enabled servers. \n \n Happy observing \n \n Disclaimer \n The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5788","kudosSumWeight":6,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyMGkxRTQ1MzI2MUU4MzlGQ0Uz?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyMmlGRDM2OUE1QzkwN0MxNERC?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyM2kxNTQzQTAwQzE2NDhFMUU4?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyNGkwMjEwOTcwMjcxNzAwMzAx?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyNWlFQzRBQjNEMEJCQzVEMzM5?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyNmlBMjNFQTI3MkZGMjZGMzAz?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyN2kyNTA0ODcxNDE0M0M4MTZB?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyOGlBOTI2MzRGQ0IxMEMzRERE?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTcyOWlDMkUwMkRDQjlGMDg0RDYw?revision=9\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODY1Mjc0LTQ4NTczMGlGNzQ1ODYzMDI1NjBDODU0?revision=9\"}"}}],"totalCount":10,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:4089859":{"__typename":"Conversation","id":"conversation:4089859","topic":{"__typename":"BlogTopicMessage","uid":4089859},"lastPostingActivityTime":"2025-03-28T03:30:43.207-07:00","solved":false},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkxN2k4MENDRDlCMTcwRjk1MDQ4?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkxN2k4MENDRDlCMTcwRjk1MDQ4?revision=7","title":"BrunoGabrielli_0-1710849384445.png","associationType":"TEASER","width":687,"height":320,"altText":"BrunoGabrielli_0-1710849384445.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwMGk5MzkzNTU5NjdERDQ0NDU0?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwMGk5MzkzNTU5NjdERDQ0NDU0?revision=7","title":"BrunoGabrielli_0-1710847696414.png","associationType":"BODY","width":1395,"height":174,"altText":"BrunoGabrielli_0-1710847696414.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2Mjg5OWk4OEFFMkIxNzFBNDBCOTFF?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2Mjg5OWk4OEFFMkIxNzFBNDBCOTFF?revision=7","title":"BrunoGabrielli_1-1710847696417.png","associationType":"BODY","width":1395,"height":174,"altText":"BrunoGabrielli_1-1710847696417.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwMWk2QkQ0MTY5QTJCODc0RkY3?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwMWk2QkQ0MTY5QTJCODc0RkY3?revision=7","title":"BrunoGabrielli_2-1710847696420.png","associationType":"BODY","width":1395,"height":174,"altText":"BrunoGabrielli_2-1710847696420.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwMmk4MzQzNUNBQjdCRUQ2ODM1?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwMmk4MzQzNUNBQjdCRUQ2ODM1?revision=7","title":"BrunoGabrielli_3-1710847696423.png","associationType":"BODY","width":1395,"height":174,"altText":"BrunoGabrielli_3-1710847696423.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwM2k0NjlFRDc1RjRFOTlCQkQ4?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwM2k0NjlFRDc1RjRFOTlCQkQ4?revision=7","title":"BrunoGabrielli_4-1710847696426.png","associationType":"BODY","width":1395,"height":174,"altText":"BrunoGabrielli_4-1710847696426.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwNGkyQUZEOUE4NDBGOTNENzU3?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwNGkyQUZEOUE4NDBGOTNENzU3?revision=7","title":"BrunoGabrielli_5-1710847696430.png","associationType":"BODY","width":610,"height":553,"altText":"BrunoGabrielli_5-1710847696430.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwN2kxMDlGQTA1ODZFNjVDNjE4?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwN2kxMDlGQTA1ODZFNjVDNjE4?revision=7","title":"BrunoGabrielli_6-1710847696441.png","associationType":"BODY","width":2362,"height":652,"altText":"BrunoGabrielli_6-1710847696441.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwNWk1MTk3NzE2QzBFQkY5MURB?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwNWk1MTk3NzE2QzBFQkY5MURB?revision=7","title":"BrunoGabrielli_7-1710847696443.png","associationType":"BODY","width":1380,"height":216,"altText":"BrunoGabrielli_7-1710847696443.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwNmlGMzcwNDc3OTA2Mzc4RTgw?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwNmlGMzcwNDc3OTA2Mzc4RTgw?revision=7","title":"BrunoGabrielli_8-1710847696447.png","associationType":"BODY","width":1123,"height":714,"altText":"BrunoGabrielli_8-1710847696447.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkxM2k4Q0E2NjEyNzI4NzIxQTBC?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkxM2k4Q0E2NjEyNzI4NzIxQTBC?revision=7","title":"BrunoGabrielli_9-1710848525701.png","associationType":"BODY","width":1420,"height":711,"altText":"BrunoGabrielli_9-1710848525701.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkxNGlEQ0MyNzhCMDY4RTBDQTI3?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkxNGlEQ0MyNzhCMDY4RTBDQTI3?revision=7","title":"BrunoGabrielli_10-1710848651335.png","associationType":"BODY","width":1419,"height":487,"altText":"BrunoGabrielli_10-1710848651335.png"},"BlogTopicMessage:message:4089859":{"__typename":"BlogTopicMessage","subject":"Azure Monitor: Create Dedicated Clusters Using Any Commitment Tier","conversation":{"__ref":"Conversation:conversation:4089859"},"id":"message:4089859","revisionNum":7,"uid":4089859,"depth":0,"board":{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"author":{"__ref":"User:user:219011"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Looking for an easy way to create an Azure Monitor Logs Dedicated Cluster using any pricing tier? Here we go with a simple PowerShell script that can help you out. \n \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":4367},"postTime":"2024-03-21T01:00:00.049-07:00","lastPublishTime":"2025-03-28T03:30:43.207-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello readers, \n You might have noticed the supportability for any existing commitment tier, including the small 100, 200, 300, 400 GB/Day ones, for Azure Monitor Logs Dedicated Cluster have been announced by the Azure Monitor product group. The official announcement went live on January 25, 2024 and can be found HERE. \n As short recap, an Azure Monitor Logs Dedicated Cluster might be required if you would like to use one or more of the capabilities reported below: \n \n \n Customer-managed keys - Encrypt cluster data using keys that you provide and control. \n Lockbox - Control Microsoft Support engineer access requests to your data. \n Double encryption - Protect against a scenario where one of the encryption algorithms or keys may be compromised. In this case, the extra layer of encryption continues to protect your data. \n Cross-query optimization - Cross-workspace queries run faster when workspaces are on the same cluster. \n Cost optimization - Link your workspaces in the same region to cluster to get commitment tier discount to all workspaces, even to ones with low ingestion that are eligible for commitment tier discount. \n Availability zones - Protect your data from datacenter failures by relying on datacenters in different physical locations, equipped with independent power, cooling, and networking. The physical separation in zones and independent infrastructure makes an incident far less likely since the workspace can rely on the resources from any of the zones. Azure Monitor availability zones covers broader parts of the service and when available in your region, extends your Azure Monitor resilience automatically. Azure Monitor creates dedicated clusters as availability-zone-enabled (isAvailabilityZonesEnabled: 'true') by default in supported regions. Dedicated clusters Availability zones aren't supported in all regions currently. \n Ingest from Azure Event Hubs - Lets you ingest data directly from an event hub into a Log Analytics workspace. Dedicated cluster lets you use capability when ingestion from all linked workspaces combined meet commitment tier. \n \n \n As per the announcement, configuration is first available the Clusters - Create Or Update REST API. There are also good examples in Microsoft documentation, including methods like Azure portal, Azure CLI, PowerShell, and REST API, about cluster provisioning. \n \n Trying to make your life easier I created a PowerShell script that allows you to use PowerShell to leverage REST API calls which allow you to create a Dedicated Cluster using any commitment tier starting with the lowest level of 100 GB/Day. \n Let’s have a look at the information you need to have at first before running the script: \n \n An account with at least the Log Analytics Contributor built-in role permissions \n The SKU capacity or Commitment tier you would like to use \n The subscription where you want to create the cluster \n The location in which the cluster will be created. Remember that you can only link Log Analytics Workspaces to a dedicated cluster if they are in the same region \n The resource group where to create the dedicated cluster \n \n With this information in your hand, you can start creating the PowerShell script that: \n \n Ask for all the above information \n Make the connection to Azure \n Retrieve the authentication token \n Create the cluster \n \n Not really happy with creating the above-mentioned PowerShell script? Don’t worry, I have one created for you. Here is the source code: \n \n \n <#\n.SYNOPSIS\n This sample script is designed to ease the creation of Azure Monitor Logs Dedicated Cluster using any supported/available tier.\n \n.DESCRIPTION\n This sample script is designed to ease the creation of Azure Monitor Logs Dedicated Cluster using any supported/available tier.\n It will ask for the following information during the execution:\n\n - Subscription Id\n - Resource group\n - Azure Monitor Logs Dedicated Cluster name\n - Azure Monitor Logs Dedicated Cluster commitment tier\n\n Once all the necessary information has been entered, the script will log you in and retrieve a list of Azure location to deploy\n the resource in. Select your preferred location from the grid to continue with the execution and resource creation.\n\n.REQUIREMENTS\n The following PowerShell modules are required:\n - AZ.ACCOUNTS\n - AZ.RESOURCES\n\n.NOTES\n AUTHOR: Bruno Gabrielli\n LASTEDIT: March 5th, 2024\n\n - VERSION: 1.0 // March 5th, 2024\n - First version\n \n#>\n\n# Forcing use of TLS protocol\n[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12\n\n# Reaing input values\n[string]$subscriptionId\t= Read-Host \"Enter the subscription id\"\n[string]$resourceGroup\t= Read-Host \"Enter the resource group name\"\n[string]$clusterName = Read-Host \"Enter the Dedicated cluster name\"\n[string]$sku\t = Read-Host \"Enter the Dedicated cluster commitment tier (only the size number)\"\n\n\n# Authenticating to Azure and setting the contex on the selected subscription\nConnect-AzAccount\nSet-AzContext -subscriptionId \"$subscriptionId\"\n\n# Getting Azure Location where to deploy the cluster\n$selectedLocation = (Get-AzLocation | Select-Object -Property DisplayName, Location | Out-GridView -OutputMode Single -Title \"Select the region to deploy the resource in\").Location\n\n# Retrieving bearer token to be used for REST API call authentication\n$bearerToken = (Get-AzAccessToken).Token\n\n# Assembling body based on the input values\n$body = @\"\n{\n\"identity\": {\n \"type\" : \"systemAssigned\"\n },\n\"sku\": {\n \"name\" : \"capacityReservation\",\n \"Capacity\" : $sku\n },\n\"properties\" : {\n \"billingType\" : \"Cluster\"\n },\n\"location\" : \"$selectedLocation\"\n}\n\"@\n\n# Setting variables and costants\n$method = \"PUT\"\n$contentType = \"application/json\"\n$headers = @{\"Authorization\" = \"Bearer $bearerToken\"}\n$uri = \"https://management.azure.com/subscriptions/$subscriptionId/resourcegroups/$resourceGroup/providers/Microsoft.OperationalInsights/clusters/$($clusterName)?api-version=2022-10-01\"\n\n# Create Cluster\n$createResponse = Invoke-WebRequest -Uri $uri -Method $method -ContentType $contentType -Headers $headers -Body $body -UseBasicParsing\nreturn $createResponse.StatusCode\n\n<#\n\n## USE THESE LINE BELOW TO CHECK FOR RESOURCE PROVISIONING STATUS\n\n#Get cluster provisioning state\n$getClusterProvisioningState = Invoke-WebRequest -Uri $uri -Method \"GET\" -Headers $headers -UseBasicParsing\n$getClusterProvisioningStateDetails = $getClusterProvisioningState | ConvertFrom-JSON\nWrite-Host \"Resource provisioning status == $($getClusterProvisioningStateDetails.Properties.provisioningState)\"\n\n#> \n \n \n Run the script and provide the necessary information as prompted by PowerShell (in this example I am going to create a 100GB/Day instance): \n \n \n \n \n \n \n Once all the information has been entered, the script will present a grid view with all the Azure regions so you can select the one you would like to use and click OK: \n \n \n Script will continue with the execution and once done, return HTTP code 202 which means request accepted. \n \n \n Provisioning this type of resource will require a considerable amount of time (few hours) so, from this point on, you just have to sit, relax, and wait . Of course, you can check every now and then the provisioning status by running the following commands from the same PowerShell prompt you just used to invoke the cluster creation: \n \n \n #Get cluster provisioning state\n$getClusterProvisioningState = Invoke-WebRequest -Uri $uri -Method \"GET\" -Headers $headers -UseBasicParsing\n$getClusterProvisioningStateDetails = $getClusterProvisioningState | ConvertFrom-JSON\nWrite-Host \"Resource provisioning status = $($getClusterProvisioningStateDetails.Properties.provisioningState)\" \n \n \n \n \n Once the value of provisioningState changes to Succeeded, it means that your cluster has been successfully created and you can start linking your workspaces. \n \n REMEMBER: this script is provided AS IS, so do not forget to test it thoroughly. \n \n Curious to see all details about your cluster including linked workspaces with their setting, data ingested by each of them, total daily ingestion for the cluster and an estimation of chargeback? We have a nice workbook for you in the Azure Monitor Workbook gallery \n \n \n This is an example of how the workbook will look like: \n \n \n \n With that said, I can only close by saying: happy linking and good saving \n \n Disclaimer \n The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"9638","kudosSumWeight":7,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkxN2k4MENDRDlCMTcwRjk1MDQ4?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwMGk5MzkzNTU5NjdERDQ0NDU0?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2Mjg5OWk4OEFFMkIxNzFBNDBCOTFF?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwMWk2QkQ0MTY5QTJCODc0RkY3?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwMmk4MzQzNUNBQjdCRUQ2ODM1?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwM2k0NjlFRDc1RjRFOTlCQkQ4?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwNGkyQUZEOUE4NDBGOTNENzU3?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwN2kxMDlGQTA1ODZFNjVDNjE4?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwNWk1MTk3NzE2QzBFQkY5MURB?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkwNmlGMzcwNDc3OTA2Mzc4RTgw?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkxM2k4Q0E2NjEyNzI4NzIxQTBC?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDg5ODU5LTU2MjkxNGlEQ0MyNzhCMDY4RTBDQTI3?revision=7\"}"}}],"totalCount":12,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:4192847":{"__typename":"Conversation","id":"conversation:4192847","topic":{"__typename":"BlogTopicMessage","uid":4192847},"lastPostingActivityTime":"2025-03-26T02:11:21.960-07:00","solved":false},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDcyOWk4NjA1M0YzMjZDOTM4MDJB?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDcyOWk4NjA1M0YzMjZDOTM4MDJB?revision=5","title":"BrunoGabrielli_0-1721142121568.png","associationType":"TEASER","width":1156,"height":339,"altText":"BrunoGabrielli_0-1721142121568.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczMmkwMjkzRDQxMDg3ODUyMjIy?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczMmkwMjkzRDQxMDg3ODUyMjIy?revision=5","title":"BrunoGabrielli_1-1721142153116.png","associationType":"BODY","width":888,"height":580,"altText":"BrunoGabrielli_1-1721142153116.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczMWlFMkZEQTA0N0E5NzNFMTcy?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczMWlFMkZEQTA0N0E5NzNFMTcy?revision=5","title":"BrunoGabrielli_2-1721142153117.png","associationType":"BODY","width":679,"height":220,"altText":"BrunoGabrielli_2-1721142153117.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczMGlEQ0FEMUU4Q0QyMjI4NEY2?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczMGlEQ0FEMUU4Q0QyMjI4NEY2?revision=5","title":"BrunoGabrielli_3-1721142153117.png","associationType":"BODY","width":526,"height":157,"altText":"BrunoGabrielli_3-1721142153117.png"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczM2kyNTlFMDY5NTQ1NEQ3RDMw?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczM2kyNTlFMDY5NTQ1NEQ3RDMw?revision=5","title":"BrunoGabrielli_4-1721142153123.png","associationType":"BODY","width":1047,"height":571,"altText":"BrunoGabrielli_4-1721142153123.png"},"BlogTopicMessage:message:4192847":{"__typename":"BlogTopicMessage","subject":"Azure Monitor: How To Get Alerts for Disconnected Arc Agents","conversation":{"__ref":"Conversation:conversation:4192847"},"id":"message:4192847","revisionNum":5,"uid":4192847,"depth":0,"board":{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"author":{"__ref":"User:user:219011"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Do you know that your hybrid machines are not connected to Azure and hence are not sending monitoring data? How come? Don’t you have an alert for it? \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":7726},"postTime":"2024-07-22T00:00:00.047-07:00","lastPublishTime":"2025-03-26T02:11:21.960-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" [20240906 - Update: This alert is available in AMBA as of release 2024-06-05.] \n \n Ciao Readers, \n Just a week no writing . The moment of another blog post arrived . \n \n In this post, I am going to show you how to set up alerts for disconnected Arc agents using Azure Monitor. If you are not familiar with Azure Arc, it is a service that lets you manage and govern your hybrid cloud resources from a single pane of glass. More about it in the Azure Arc overview public documentation page. \n \n One of the benefits of using Arc is that it allows you to collect data from your hybrid resources, so you monitor the health and performance of them. It is ‘a prerequisite’ for enabling Azure Monitor. With that in mind, why it is important to get the alert when a hybrid virtual machine gets disconnected, or the Arc agent status is reported as Offline? Ouch, you did not know they were offline !!! \n \n \n \n There are several reasons that spread from management to compliance including monitoring why you need to be aware if your resources are communicating properly or not . Let me give you a few of them: \n \n \n When a hybrid virtual machine is onboarded, every connection is authenticated using a Managed Identity created automatically during the onboarding process. This System Assigned Managed Identity is renewed automatically and can be set as expired if the system does not communicate for more than 60 days. Should this be the case, there is no way to reset the identity. You have to offboard and re-onboard the machine together with all the installed extensions and configurations \n When the hybrid machine is disconnected, no monitoring data can be sent. This can lead up to something really bad like:\n \n Customers go blind about infrastructure health \n Machine will maintain the unsent monitoring data in the local cache on the C drive using up to 10 GB of disk space \n Old, cached data will be deleted so monitoring data loss is expected \n Machines with small disks can quickly and easily run out of disk space. Can you imagine that on a Domain Controller? \n \n \n \n I just gave you two reasons and given them, I do not think you need any additional one, right? I think you have got the importance of being alerted when an Arc agent gets disconnected as soon as possible by now. Yes, the sooner, the better. \n \n Therefore, you will agree with me that it is necessary to create an alarm. To achieve the goal of creating the alert, you can take advantage of the ability to Create alerts with Azure Resource Graph and Log Analytics. \n Let us have a look at the query to be used. The query should give you back one line per monitored server (any alert should give you actionable information and the affected resource is the first in the list) where the last status is reported as Disconnected. \n A good query should return records for hybrid machine not connected since a given amount of time. The value in this case is your choice, but I would recommend something not that wide (15 minutes could be a good compromise). \n Once you have a good record set, you should configure the alert rule to use the Table rows as Measure and the Count as aggregation type. The Aggregation granularity, which is driving the data range the query will consider, could be set at 1 day \n \n \n The alert rule logic will be then configured to measure the number of rows returned by the query. The alert will fire if records (even a single one) are returned. \n \n \n \n Assuming that your preference will be to get an alert where resources have not been connecting for the last 15 minutes, you create an alert that uses a query similar to the following one: \n \n \n arg(\"\").resources\n| where type == \"microsoft.hybridcompute/machines\"\n| where tostring(properties.status) == \"Disconnected\"\n| extend lastContactedDate = todatetime(properties.lastStatusChange)\n| where lastContactedDate <= ago(15m)\n| extend status = tostring(properties.status)\n| project id, Computer=name, status, lastContactedDate \n \n \n Running the suggested query, will return something similar to the following image, which will fire the alert in line with the Alert logic condition provided as sample: \n \n \n I trust you all will be more than able to continue with alert creation; hence I am to stop here avoid consuming your eyes anymore . \n \n Thanks for reading through !!! \n \n Disclaimer \n The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without a warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5440","kudosSumWeight":8,"repliesCount":7,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDcyOWk4NjA1M0YzMjZDOTM4MDJB?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczMmkwMjkzRDQxMDg3ODUyMjIy?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczMWlFMkZEQTA0N0E5NzNFMTcy?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczMGlEQ0FEMUU4Q0QyMjI4NEY2?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTkyODQ3LTYwMDczM2kyNTlFMDY5NTQ1NEQ3RDMw?revision=5\"}"}}],"totalCount":5,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3832301":{"__typename":"Conversation","id":"conversation:3832301","topic":{"__typename":"BlogTopicMessage","uid":3832301},"lastPostingActivityTime":"2024-09-23T04:34:32.062-07:00","solved":false},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM4N2k5NDFFMTRCNDNEOEFCNjQ4?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM4N2k5NDFFMTRCNDNEOEFCNjQ4?revision=10","title":"BrunoGabrielli_0-1685093671583.png","associationType":"TEASER","width":1197,"height":943,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3NWkyMjJCODVERjE5MjYwNDBB?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3NWkyMjJCODVERjE5MjYwNDBB?revision=10","title":"BrunoGabrielli_0-1685091778755.png","associationType":"BODY","width":1052,"height":394,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3NmlBNTg0QUNFMURFNTNFOEY2?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3NmlBNTg0QUNFMURFNTNFOEY2?revision=10","title":"BrunoGabrielli_1-1685091778765.png","associationType":"BODY","width":1052,"height":506,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3N2k0MzA5Njc0N0MzMzdCN0Q4?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3N2k0MzA5Njc0N0MzMzdCN0Q4?revision=10","title":"BrunoGabrielli_2-1685091778770.png","associationType":"BODY","width":957,"height":352,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3OGk4QzdEMDIwNDU0QjgzOEY0?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3OGk4QzdEMDIwNDU0QjgzOEY0?revision=10","title":"BrunoGabrielli_3-1685091778775.png","associationType":"BODY","width":1052,"height":348,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3OWlCMTk5MUQ3NzEzQ0VGOEFG?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3OWlCMTk5MUQ3NzEzQ0VGOEFG?revision=10","title":"BrunoGabrielli_4-1685091778784.png","associationType":"BODY","width":1052,"height":733,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM4MGkxNjI3Njc0QTQzQTBEQTA3?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM4MGkxNjI3Njc0QTQzQTBEQTA3?revision=10","title":"BrunoGabrielli_5-1685091778791.png","associationType":"BODY","width":554,"height":1418,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM4MWk0NTg4RUNCMDg4RDI5MTY2?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM4MWk0NTg4RUNCMDg4RDI5MTY2?revision=10","title":"BrunoGabrielli_6-1685091778797.png","associationType":"BODY","width":1052,"height":579,"altText":null},"BlogTopicMessage:message:3832301":{"__typename":"BlogTopicMessage","subject":"Azure Monitor: Gain Observability Over Guest Users","conversation":{"__ref":"Conversation:conversation:3832301"},"id":"message:3832301","revisionNum":10,"uid":3832301,"depth":0,"board":{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"author":{"__ref":"User:user:219011"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Have you sent invitations to guest users and don't know about the status? Not sure if guest users are still active or can be removed? Do you want to check if guest users have App roles and group membership assigned? In this post, I provide one possible solution to answer the aforementioned questions. \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":16357},"postTime":"2023-06-04T15:00:00.041-07:00","lastPublishTime":"2023-06-08T01:21:06.091-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello howdy readers, \n Not too long passed since my last post on Azure Monitor; I couldn’t leave you alone . \n \n In this post, I would like to explore something about gaining and keeping observability over guest users. Guest users in Azure Active Directory are external users to which you can grant permission on resources in your tenant, thanks to the B2B collaboration. \n Adding an external user to your tenant is remarkably simple: sending an invitation to the user’s email address is more than enough. Once the invitation is accepted, the user can sign-in and access the resources in your subscriptions(s) according to the permissions given to his/her guest account. \n For more information on how to send invitations or about the B2B collaboration, the following articles are available: \n \n B2B collaboration overview \n Add Azure Active Directory B2B collaboration users in the Azure portal \n \n After having all the necessary invitations been sent, is there any way to know something about their status? \n Unfortunately, there is nothing natively integrated with Azure Monitor for this scope, but together with my colleague elenacazzagon, we found out that we have all the ingredients to prepare a satisfying meal . \n \n We can start by getting the necessary information about guest users from Azure AD using the Microsoft.Graph.Users PowerShell module. \n Second, do not forget that we can ingest data into Azure Monitor from anywhere (check my Azure Monitor: Logs Ingestion API Tips & Tricks post) using the Log Ingestion API. \n Third, we can automate this ingestion using an automation runbook, feature of Azure Automation. \n Last but not least we can use Azure Workbooks to visualize the data. Remember that observability, which is the main target of this post, goes hand in hand with monitoring (see Monitoring and observability) \n \n Putting all this in the same pan, gave elenacazzagon and me the idea to provide you with a sort of “tool” that allows you to gain observability over your guest users and invitations. \n We built up a sample, but working, script that takes care of: \n \n Authenticating to Azure Active Directory using a System Assigned Managed Identity \n Authenticating to Azure using the same System Assigned Managed Identity as above \n Retrieving only the guest users \n For each guest user, getting the necessary properties like User Id, UPN, Email, DisplayName and some others. \n Sending the data to Azure Monitor \n \n Considering the amount of information that an Azure AD Tenant can contain and the time the script would take to run and upload data, we decided to not retrieve the permissions assigned to each user or group to which the user belongs to, but only if App Roles or group membership have been configured for the given guest. \n \n Attached to this post, you will find all the necessary pieces to begin your guest user’s observability journey sample. As journeys require preparation also this one requires some prerequisites to be put in place: \n \n Automation Account \n PowerShell modules imported as Automation Modules \n Log Analytics Workspace \n Custom table created in the Log Analytics Workspace \n Data Collection Endpoint (or DCE) \n Data Collection Rule (or DCR) \n Permission to be granted to the Automation Account Managed Identity \n Configuration of Automation Variables \n \n Let us explore them one by one: \n Automation Account \n Any existing automation account can be used. Should you have none, create a new one following the instructions at Quickstart: Create an Automation account using the Azure portal. \n PowerShell modules \n The following PowerShell modules must be imported in the Automation Account prior to executing the script: \n \n Microsoft.Graph.Authentication 2.0.0-preview1 \n Microsoft.Graph.Users 2.0.0-preview1 \n \n \n \n For information about how to import modules, refer to Import Az modules. \n Log Analytics Workspace \n Any previously created workspace can be used. Should you have none, you can create a new one following the instructions available at Create a Log Analytics workspace \n Custom table \n Since data into a Log Analytics Workspace is organized into tables with records and fields, we need to define a custom table prior to ingesting data. A custom table can be defined in different mode but for the sake of this post, we will refer to Create new table in Log Analytics workspace using ARM templates. \n Data Collection Endpoint (or DCE) \n Data collection Endpoint can be created using the Azure Portal, the Rest API or through ARM templates. In this post we will use the ARM template approach. More info in DCE creation using templates can be found at Create data collection endpoint. \n Data Collection Rule (or DCR) \n We will follow the same approach to DCR creation. More info available on the Create data collection rule page. \n \n \n NOTE: The configuration of Custom table, DCR and DCE can be done in one go using the sample script and the template attached to this post. Make sure to enter the values corresponding to your subscription, resource group, Log Analytics Workspace before executing the script. \n \n \n Permission to be given to the Automation Account Managed Identity \n As far as permissions go, we need to assign two sets of permissions to the Automation Account Managed Identity: \n \n Permission to the DCR to allow data ingestion. The managed Identity can be assigned to the Monitoring Metric Publisher role using the Azure Portal as documented at Assign permissions to a DCR \n \n \n \n \n Permission on the Azure AD Tenant to read user information. A simple approach is to assign this Managed Identity the Directory Reader role \n \n \n \n Configuration of Automation Variables \n Once we have completed all the above, we can move on with the Automation Variables: \n The script code makes use of three automation variables holding the coordinates to where and how data will be sent. They must be created according to the info below: \n \n gumDcrImmutableId:\n \n Name: gumDcrImmutableId \n Type: string \n Value: <ImmutableID of the DCR created above> \n \n \n gumDce\n \n Name: gumDce \n Type: string \n Value: <URL of Log Ingestion endpoint of the DCE> \n \n \n gumTableName\n \n Name: gumTableName \n Type: string \n Value: <Name of the custom table> \n \n \n \n \n \n \n NOTE: To make your life easier, a ZIP file, with the content listed below, has been attached to this post. Remember to adapt the script for table, DCE and DCR, inserting the coordinates of your resources. Finally: TEST, TEST, TEST ! \n \n the sample runbook PowerShell code, \n the PowerShell script to create the custom table, the DCE and the DCR \n the sample workbook code \n \n \n \n Once all the prerequisites are in place, import the sample runbook PowerShell code making sure to import it as PowerShell runbook type and to select Runtime version 5.1. \n \n \n \n Create a schedule for the runbook execution setting the recurrence to an interval of your convenience. \n \n \n Import the corresponding workbook, wait for the first runbook execution (or execute it manually) and play with the data. \n \n \n \n Have fun with your Guest User Management \n \n Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"8217","kudosSumWeight":6,"repliesCount":15,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM4N2k5NDFFMTRCNDNEOEFCNjQ4?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3NWkyMjJCODVERjE5MjYwNDBB?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3NmlBNTg0QUNFMURFNTNFOEY2?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3N2k0MzA5Njc0N0MzMzdCN0Q4?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3OGk4QzdEMDIwNDU0QjgzOEY0?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM3OWlCMTk5MUQ3NzEzQ0VGOEFG?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM4MGkxNjI3Njc0QTQzQTBEQTA3?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODMyMzAxLTQ3NDM4MWk0NTg4RUNCMDg4RDI5MTY2?revision=10\"}"}}],"totalCount":8,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:4189893":{"__typename":"Conversation","id":"conversation:4189893","topic":{"__typename":"BlogTopicMessage","uid":4189893},"lastPostingActivityTime":"2024-09-06T05:36:08.760-07:00","solved":false},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY0Nmk5NDM3MjFFOTk1MDRFNjIw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY0Nmk5NDM3MjFFOTk1MDRFNjIw?revision=10","title":"BrunoGabrielli_0-1720785611793.png","associationType":"TEASER","width":1497,"height":726,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY0N2kzN0NDMUJGMEIyMDU1MEVF?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY0N2kzN0NDMUJGMEIyMDU1MEVF?revision=10","title":"BrunoGabrielli_1-1720785800872.png","associationType":"BODY","width":1497,"height":726,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTYzMWk5N0Y3OUMxOUVGNEE5MDdC?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTYzMWk5N0Y3OUMxOUVGNEE5MDdC?revision=10","title":"BrunoGabrielli_1-1720782300082.png","associationType":"BODY","width":807,"height":468,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTYzMmk1OTQ0MEEwMUQ1MTdBNzNC?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTYzMmk1OTQ0MEEwMUQ1MTdBNzNC?revision=10","title":"BrunoGabrielli_2-1720782544316.png","associationType":"BODY","width":1432,"height":558,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY1M2lGRkY1REVCQjdBNTZBNEE0?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY1M2lGRkY1REVCQjdBNTZBNEE0?revision=10","title":"BrunoGabrielli_2-1720786573948.png","associationType":"BODY","width":1026,"height":418,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY1OGk3RjlFM0YwMjQ4MzI5NDAy?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY1OGk3RjlFM0YwMjQ4MzI5NDAy?revision=10","title":"BrunoGabrielli_3-1720788326199.png","associationType":"BODY","width":975,"height":463,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY1OWkyOEU3OUExRjU0NTdFNjg1?revision=10\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY1OWkyOEU3OUExRjU0NTdFNjg1?revision=10","title":"BrunoGabrielli_4-1720788415286.png","associationType":"BODY","width":910,"height":430,"altText":null},"BlogTopicMessage:message:4189893":{"__typename":"BlogTopicMessage","subject":"Azure Monitor: How To Stop Log-search Alerts for Specific Resources","conversation":{"__ref":"Conversation:conversation:4189893"},"id":"message:4189893","revisionNum":10,"uid":4189893,"depth":0,"board":{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"author":{"__ref":"User:user:219011"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" How many times, while dealing with alerting configured at scale, you had the need of stopping the alerts for few resources or even for only one? Read through to see how this can be achieved for Log-based alerts. \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":5639},"postTime":"2024-07-15T00:00:00.048-07:00","lastPublishTime":"2024-09-06T05:36:08.760-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" [20240906 - Update: The approach discussed in this post is now part of AMBA as of release 2024-09-02.] \n \n Hello howdie readers \n How many times, while dealing with alerting configured at scale, you had the need of stopping the alerts for few resources or even for only one? \n \n \n \n Creating alerts that work at scale, meaning alerts created with a wide scope (all virtual machine in a given subscription) gives you a hug advantage on alert management, but it also comes with some cons. For instance, you cannot disable the alert for a specific resource. Reason? The alert user interface does not include a feature or setting to disable an alert based on a specific resource (or resources); it only \n allows you to enable or disable it. \n \n So, given the need, how can you make sure to not get alerts for resources which are in maintenance or that you do not want to monitor? \n \n Thanks to the ability to Correlate data in Azure Data Explorer and Azure Resource Graph with data in a Log Analytics workspace, you can now create log-search based alerts that leverage this capability. If you are not familiar with Azure Resource Graph (ARG), as a brief description we can say that is an Azure service designed to extend Azure Resource Management by providing efficient and performant resource exploration. Resource Graph can query at scale across a given set of subscriptions so that you can effectively govern your environment. \n \n Among the fields and properties that you can retrieve by querying ARG, there are also the tags defined for the resources. Tags are exactly the cornerstone of this post and the key to identifying the resource for which you would like to stop alerting. \n \n The new correlation capability works in our favor since, in the same alert query, you can define a first step of identifying the resource based on Tag names and Tag values to create a resource exclusion list. Then, you can compare the results of the alert query with the list of excluded resources to exclude them from the result set to not return any records for them. \n \n Easy enough, isn’t it ? \n \n Let us see how it works in real life. As anticipated, you need to: \n \n Identify the resources for which we do not want to get the alert. For instance, we would like to stop getting alerted about a virtual machine called vm-Demo01 \n Define a tag name and a tag value to be applied on. We could define StopMonitoring as tag name and True as tag value so the resource tagging will look similar the one in the following picture: \n \n \n \n \n Retrieve the list of resources with the tagging defined on step #2 For this step do not forget that you need have a Managed Identity with the necessary permissions assigned at the relevant scope. It is normally enough to create a User Assigned Managed Identity that can be used in all alerts that need to read from ARG and assign it the Monitoring Reader permission at the subscription level \n \n \n \n \n Exclude that list from the alert query \n \n \n Defining the tagging is not that difficult, hence I am not going to describe it. \n Creating a list of excluded resources is easy as well but could require some time to correctly identify the ARG query to be used. Moreover, consider that you could exclude resources based on existing tag names which might have different values. As an example, imagine that you tagged your dev/test resources with the Environment tag name that, according to the purpose, can have either Dev or Test. You can exclude resources in both using the same query. \n The query part, which will be stored with an alias using the let statement, for a single tag name and tag value will look like: \n \n \n \n \n \n \n let excludedResources = (arg(\"\").resources\n| where type =~ \"Microsoft.Compute/virtualMachines\"\n| project _ResourceId = id, tags\n| where parse_json(tostring(tags.StopMonitoring)) =~ \"true\"\n); \n \n \n \n \n \n \n The one for a single tag name with multiple values, will look like: \n \n \n \n \n \n \n let excludedResources = (arg(\"\").resources\n| where type =~ \"Microsoft.Compute/virtualMachines\"\n| project _ResourceId = id, tags\n| where parse_json(tostring(tags.Environment)) in~ (\"Test\", \"Dev\", \"Sandbox\")\n); \n \n \n \n \n \n \n Running the single tag name query would give back the records for the resources which have been tagged accordingly: \n \n \n \n \n Right after the let statement, you put your alert query (or change the existing ones where necessary/applicable) to dynamically stop alerting based on the provided tag configuration: \n \n \n \n \n \n \n InsightsMetrics\n| where _ResourceId has \"Microsoft.Compute/virtualMachines\"\n| where _ResourceId !in~ (excludedResources) //This is where we exclude resources identified by the tagging\n| where Origin == \"vm.azm.ms\"\n| where Namespace == \"Processor\" and Name == \"UtilizationPercentage\"\n| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId \n \n \n \n \n \n \n If you run the previous query the filter line commented, it will return all the resources which satisfy the condition; it will exclude none: \n \n \n \n Assembling the two parts together will give you the final alert query: \n \n \n \n \n \n \n let excludedResources = (arg(\"\").resources\n| where type =~ \"Microsoft.Compute/virtualMachines\"\n| project _ResourceId = id, tags\n| where parse_json(tostring(tags.StopMonitoring)) =~ \"true\"\n);\nInsightsMetrics\n| where _ResourceId has \"Microsoft.Compute/virtualMachines\"\n| where _ResourceId !in~ (excludedResources) //This is where we exclude resources identified by the tagging\n| where Origin == \"vm.azm.ms\"\n| where Namespace == \"Processor\" and Name == \"UtilizationPercentage\"\n| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId \n \n \n \n \n \n \n And if you run it now, you will not get vm-Demo01 anymore because of the filter (line #8) \n \n \n \n I am now sure you can continue with the alert rule creation without my help . \n \n Something that I have not mentioned yet is that using this combined (ARG and Log Analytics) query approach works near real-time. Once the alert is there, you only need to add or remove the tagging to/from the given resource(s) and … \n \n … That’s all folks, thanks for reading through \n \n Disclaimer \n The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without a warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"7617","kudosSumWeight":4,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY0Nmk5NDM3MjFFOTk1MDRFNjIw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY0N2kzN0NDMUJGMEIyMDU1MEVF?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTYzMWk5N0Y3OUMxOUVGNEE5MDdC?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTYzMmk1OTQ0MEEwMUQ1MTdBNzNC?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY1M2lGRkY1REVCQjdBNTZBNEE0?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY1OGk3RjlFM0YwMjQ4MzI5NDAy?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MTg5ODkzLTU5OTY1OWkyOEU3OUExRjU0NTdFNjg1?revision=10\"}"}}],"totalCount":7,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3853114":{"__typename":"Conversation","id":"conversation:3853114","topic":{"__typename":"BlogTopicMessage","uid":3853114},"lastPostingActivityTime":"2024-07-25T09:54:34.040-07:00","solved":false},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODUzMTE0LTQ4MjAxOGk4Q0M1NEE4NkNCMEQ2NTVD?revision=8\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODUzMTE0LTQ4MjAxOGk4Q0M1NEE4NkNCMEQ2NTVD?revision=8","title":"BrunoGabrielli_0-1687357747937.png","associationType":"TEASER","width":634,"height":253,"altText":null},"BlogTopicMessage:message:3853114":{"__typename":"BlogTopicMessage","subject":"Azure Monitor: How To Use Managed Identity with Log Ingestion API","conversation":{"__ref":"Conversation:conversation:3853114"},"id":"message:3853114","revisionNum":8,"uid":3853114,"depth":0,"board":{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"author":{"__ref":"User:user:219011"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Do you want to use managed identities instead of App Registrations when uploading data through Log Ingestion API and don't know how to do it? Read through to get an initial understanding about how, why and when to use them. \n \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":9019},"postTime":"2023-07-13T09:00:00.048-07:00","lastPublishTime":"2023-12-21T09:16:40.686-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" [2023-December-21]: Article updated to reflect the correct way of getting the bearer token from Azure Arc Machines. \n \n Hello readers! \n In one of my recent post, Azure Monitor: Logs Ingestion API Tips & Tricks, I discussed some Tips and Tricks to better deal with the new Logs Ingestion API. \n In this new one, I would like to share an example of how to use Managed Identities as authentication method for custom log ingestion, focusing only on the System Assigned Managed Identities. The Tutorial: Send data to Azure Monitor Logs with Logs ingestion API (Azure portal) documentation includes good samples for sending data that use Azure AD application but nothing that uses the managed identity. \n Let me set a bit of context using a Q&A based approach. \n \n Question #1: What do we need to have for using Managed Identity when uploading data to Azure Monitor with Log Ingestion API? \n A:The answer is quite simple: we need to obtain a bearer token for the authentication; that is all we need. A simple but good explanation of what a bearer token is can be found at RFC 6750: OAuth 2.0 Bearer Token Usage. \n Once we have the token, we can use the Invoke-RestMethod to authenticate against the https://monitor.azure.com//.default endpoint. All other information reported in the Generate sample data and Sample code pages, as well as the requirements for the data ingestion, remain required. \n \n Question #2: Who validates the authentication request and release the authentication token? \n A: Talking about Azure, we need to differentiate based on the request origin. If the authentication request is coming from An Azure VM or from an Arc-Enabled server, then it is Azure Instance Metadata Service responsibility to manage the request. Differently, if the request is coming from another resource type, say the Automation Account, it could be validated according to the RBAC definition. If the authentication request is contained inside a script, say an Automation Runbook that needs to connect to an SQL database, then the requested will be managed by the Identity Endpoint retrieved as environment variable for the given resource and pointed as $env:IDENTITY_ENDPOINT. For more information, see Using system-assigned managed identity to Access SQL Database. \n \n Question #3: When and why do we need to authenticate using managed identities? \n A: This one is simple as well: we could be in a situation where we are uploading data from an Azure VM or from an Arc-Enabled server or from an Automation runbook. In this case it is not ideal to use an App Registration. Why creating another security principal when we already have one, which is even more reliable and manageable? \n \n Question #4: Is there any difference in using Managed Identities from Azure, Arc or Automation Runbook? \n A: Not in how to use it, but in how the authentication is requested and used throughout the script. \n \n Question #5: Should we assign managed identities permission on the target resource? \n A: Of course, we should. Each and every access to a target resource is validated against the RBAC. This means that we must give enough permission to the managed identity on the target resource either using Azure built-in roles or by creating custom ones. \n \n With that said, let me discuss and share some sample codes for the authentication for each of the three scenarios mentioned in Question #3 \n \n Azure VM: \n For more information about how to authenticate from VM using managed identity, see the article Use a Windows VM system-assigned managed identity to access Resource Manager. Below there’s sample code that sets the header and the uri to the right values and then uses the Invoke-RestMethod to retrieve the token object. Bear in mind that the token object contains different properties, but since we only need the token, we can directly point to the access_token properties while executing the Invoke-RestMethod. This code can be safely re-used. \n \n \n \n ## Obtain a bearer token for the system assigned managed identity\n$header = @{Metadata=\"true\" };\n$uri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://monitor.azure.com//.default\"\n$bearerToken = (Invoke-RestMethod -Uri $uri -Method \"Get\" -Headers $header).access_token \n \n \n \n \n Azure Arc-Enabled server: \n For more information about how to authenticate from an Arc-Enabled machine using managed identity, see the article Authenticate against Azure resources with Azure Arc-enabled servers . Below there’s sample code that sets the header and the uri to the right values and then uses the Invoke-RestMethod to retrieve the token object. Bear in mind that the token object contains different properties, but since we only need the token, we can directly point to the access_token properties while executing the Invoke-RestMethod. This code can be safely re-used. \n \n \n \n ## Obtain a bearer token used to authenticate against the data collection endpoint using Azure-Arc machine's Managed Identity \n$uri = \"http://localhost:40342/metadata/identity/oauth2/token?api-version=2021-02-01&resource=https://monitor.azure.com\" \n$secretFile = \"\"\n$wwwAuthHeader = \"\" \n\ntry\n{\n Invoke-WebRequest -Method GET -Uri $uri -Headers @{Metadata='True'} -UseBasicParsing\n}\ncatch\n{\n $wwwAuthHeader = $_.Exception.Response.Headers[\"WWW-Authenticate\"]\n if ($wwwAuthHeader -match \"Basic realm=.+\")\n {\n $secretFile = ($wwwAuthHeader -split \"Basic realm=\")[1]\n }\n}\nWrite-Host \"Secret file path: \" $secretFile`n\n$secret = cat -Raw $secretFile\n$response = Invoke-WebRequest -Method GET -Uri $uri -Headers @{Metadata='True'; Authorization=\"Basic $secret\"} -UseBasicParsing\nif ($response)\n{\n $token = (ConvertFrom-Json -InputObject $response.Content).access_token\n Write-Host \"Access token: \" $token\n} \n \n \n \n \n Azure Automation runbook: \n For more information about authenticating access to azure resources from an automation runbook using a Managed Identity, see the Authenticate access with system-assigned managed identity and Generate an access token without using Azure cmdlets documentation. Below I am sharing a sample code that authenticates to Azure through the Automation Account managed identity and then retrieves the token. This code can be safely re-used. \n \n \n \n # Connect to Azure with system-assigned managed identity\nConnect-AzAccount -Identity | Out-Null\n# Retrieving bearer token for the system-assigned managed identity\n$bearerToken = (Get-AzAccessToken -ResourceUrl \"https://monitor.azure.com//.default\").Token \n \n \n \n \n Now that you know how to use the System Assigned Managed Identities to authenticate your Azure Monitor data ingestion, you can guess how a hypothetic sample code to send data from aa Azure virtual machine should look like. Something like this: \n \n \n \n ## Obtain a bearer token for the system assigned managed identity\n$header = @{Metadata=\"true\" };\n$uri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://monitor.azure.com//.default\"\n$bearerToken = (Invoke-RestMethod -Uri $uri -Method \"Get\" -Headers $header).access_token\n<#\n#### put your data retrieving and manipulation logic here\n#>\n\n# Sending the data to Log Analytics via DCR!\n$body = $log_entry | ConvertTo-Json -AsArray;\n$headers = @{\"Authorization\" = \"Bearer $bearerToken\"; \"Content-Type\" = \"application/json\" };\n$uri = \"$DceURI/dataCollectionRules/$DcrImmutableId/streams/Custom-$Table\"+\"?api-version=2021-11-01-preview\";\n$uploadResponse = Invoke-RestMethod -Uri $uri -Method \"Post\" -Body $body -Headers $headers; \n \n \n \n \n Thanks to my colleague PerJub for his help on this approach. \n \n Disclaimer \n The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"8835","kudosSumWeight":2,"repliesCount":7,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zODUzMTE0LTQ4MjAxOGk4Q0M1NEE4NkNCMEQ2NTVD?revision=8\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:2589995":{"__typename":"Conversation","id":"conversation:2589995","topic":{"__typename":"BlogTopicMessage","uid":2589995},"lastPostingActivityTime":"2024-07-10T21:57:33.646-07:00","solved":false},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYxMWlEQ0RGNzNEMzVFQTY2MDc0?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYxMWlEQ0RGNzNEMzVFQTY2MDc0?revision=5","title":"BrunoGabrielli_9-1627377107241.png","associationType":"TEASER","width":1355,"height":357,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYxMmk0NTEwNTRDNjI0MDVGMENC?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYxMmk0NTEwNTRDNjI0MDVGMENC?revision=5","title":"BrunoGabrielli_10-1627377211228.png","associationType":"TEASER","width":1331,"height":341,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwMmkxMEY1MTJCNjVENkMxNjQ3?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwMmkxMEY1MTJCNjVENkMxNjQ3?revision=5","title":"BrunoGabrielli_0-1627375454096.png","associationType":"BODY","width":267,"height":740,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwM2kwRURGNkZBMkY3QTI4NUE5?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwM2kwRURGNkZBMkY3QTI4NUE5?revision=5","title":"BrunoGabrielli_1-1627375454101.png","associationType":"BODY","width":961,"height":254,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwNGkzQ0UwRjAxNkMxRTQ5RDdD?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwNGkzQ0UwRjAxNkMxRTQ5RDdD?revision=5","title":"BrunoGabrielli_2-1627375454102.png","associationType":"BODY","width":969,"height":171,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTQyNDMyNmlFOTExRjFGMkIyNDY2QTVF?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTQyNDMyNmlFOTExRjFGMkIyNDY2QTVF?revision=5","title":"BrunoGabrielli_0-1670517921517.png","associationType":"BODY","width":1181,"height":759,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwNWkyQzlGNzg4ODYwMjcxNUEx?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwNWkyQzlGNzg4ODYwMjcxNUEx?revision=5","title":"BrunoGabrielli_4-1627375454118.png","associationType":"BODY","width":1663,"height":644,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwNmkxODRCNjlDNjgzNjgyMENF?revision=5\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwNmkxODRCNjlDNjgzNjgyMENF?revision=5","title":"BrunoGabrielli_5-1627375454122.png","associationType":"BODY","width":1672,"height":511,"altText":null},"BlogTopicMessage:message:2589995":{"__typename":"BlogTopicMessage","subject":"Azure Kubernetes Services - Start & Stop Your AKS Cluster on Schedule using Azure Automation","conversation":{"__ref":"Conversation:conversation:2589995"},"id":"message:2589995","revisionNum":5,"uid":2589995,"depth":0,"board":{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"author":{"__ref":"User:user:219011"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Hi everybody, here I am again to show you a possible way to start and stop your AKS cluster on schedule. Are you interested in spending diligently your money? Are you curious to find a way to align with Cost Optimization recommendation about shutting down unused virtual machine during non business hours or in dev/test environment on AKS? If your answer is 'Yes', then please read through. \n \n \n \n \n \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":17451},"postTime":"2021-07-29T00:00:00.044-07:00","lastPublishTime":"2022-12-08T08:49:43.739-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" [20221208 - Update: Runbook code updated to use Managed Identity instead of RunAsAccounts] \n \n Hi everybody, here I am again to show you a possible way to start and stop your AKS cluster on schedule. \n \n This could be something important if you’re aiming at saving money and are in the middle of a Microsoft Azure Well-Architected Cost Optimization review. Say for example that you have a dev environment for which you don’t need the resources to be up & running during the night or outside of normal working hours. \n \n Helping customer in saving money or, even better, in spending them diligently is part of the mission we are all called to. If you can help customers to save money, they will be more inclined to invest that saving into other Azure services or by using additional resources. Hence, in the end, it’s not a bad idea but instead a great example of customer care. I came across this scenario during a customer engagement and since I am not Kubernetes (or container) expert, I asked my colleague Michele Ferracin some help. Hence credits to Michele \n \n So far, the Azure portal does not provide any scheduled approach to start or stop your AKS cluster in the Kubernetes Service blade: \n \n \n \n But the goal can be reached by either using Azure CLI as documented in the Stop and Start an Azure Kubernetes Service (AKS) cluster page or by using the REST APIs as per: \n \n Managed Clusters – Start \n Managed Clusters – Stop \n \n Of course, doing this kind of operations on a cluster has some limitations which well explained in the Microsoft documentation and briefly reported below: \n \n \n \n But question is still: How can you get this done? You can take advantage of the great integration offered by Azure. Azure Automation, in this case, is your friend and since there are no PowerShell modules or cmdlets available for this purpose we will be forced to work with the REST APIs. I proposed that solution to a customer that was exactly asking the question: How can I stop the AKS cluster on my dev environment during night to save money? \n \n Given that, what should you do to put this solution in place? All you need is to create a new automation runbook in a new or existing automation account. The technical pre-req here is that you need to have the Az.Accounts module added to the Modules shared resource in your Automation Account \n \n \n \n Assuming that you are all set (the AKS cluster in place, the authentication mechanism is working perfectly, and your permissions are set), you can import the PowerShell code below into a new runbook and schedule it as required. \n \n \n <#\n.SYNOPSIS \n This sample automation runbook is designed to manage the start and stop of aks clusterson a given schedule.\n\n.DESCRIPTION\n This sample automation runbook is designed to manage the start and stop of aks clusterson a given schedule. You need to provide some parameters. This runbook requires also \n the following modules to be imported in the modules section of the Automation Account in the Azure Portal:\n\n - Az.Account\n\n.PARAMETERS\n aksClusterResourceId: This REQUIRED string parameter represents the cluster resource Id and contains all the necessary information for the action to be taken.\n\n operation: This REQUIRED string parameter represents the operations to be performed on the AKS cluster. It can only contain 2 values: Start or Stop\n \n\n.EXAMPLE\n .\\StartStop-AKS-Cluster\n\n.NOTES\n AUTHOR: Bruno Gabrielli\n LASTEDIT: December 8th, 2022\n CHANGELOG:\n\n VERSION: 1.2\n - Added support for authentication through Managed Identities \n - Removed support for AzureRunAsConnection authentication\n - Implemented the use of resource Id with the restAPIs\n - Small code optimization\n \n VERSION: 1.1\n - Added support to initial code to support AzureRunAsConnection authentication\n - Fixed the RestAPI call to work \n - Added verification on current AKS cluster state before performing the requested operation\n \n VERSION: 1.0\n - Initial version\n#>\n\n\nParam(\n [Parameter(Mandatory=$True,\n ValueFromPipelineByPropertyName=$false,\n HelpMessage='Specify the AKS cluster resource Id.',\n Position=1)]\n [String]\n $aksClusterResourceId,\n \n [Parameter(Mandatory=$True,\n ValueFromPipelineByPropertyName=$false,\n HelpMessage='Specify the operation to be performed on the AKS cluster name (Start/Stop).',\n Position=2)]\n [ValidateSet('Start','Stop')]\n [String]\n $operation\n )\n\ntry\n{\n \"Logging in to Azure using the Managed Identity assigned to this automation account ...\"\n Connect-AzAccount -Identity | Out-Null\n \n #Start/Stop cluster\n #az aks $operation --name $aksClusterName --resource-group $resourceGroupName\n #POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/stop?api-version=2021-05-01\n \n #Setting REST API Authentication token\n $accToken = Get-AzAccessToken | Select-Object -Property Token\n $AccessToken = $accToken.Token\n $headers_Auth = @{'Authorization'=\"Bearer $AccessToken\"}\n\n #Setting GET RestAPI Uri\n $getRestUri = \"https://management.azure.com/$($aksClusterResourceId)?api-version=2021-05-01\"\n\n #Setting POST RestAPI Uri\n #$postRestUri = \"https://management.azure.com/subscriptions/$($servicePrincipalConnection.SubscriptionId)/resourceGroups/$resourceGroupName/providers/Microsoft.ContainerService/managedClusters/$aksClusterName/$($operation.ToLower())?api-version=2021-05-01\"\n $postRestUri = \"https://management.azure.com/$aksClusterResourceId/$($operation.ToLower())?api-version=2021-05-01\"\n\n try\n {\n #Retrieving cluster name from the resource Id\n $aksClusterName = $($aksClusterResourceId -split '/')[8]\n \n #Getting the cluster state\n Write-Output \"Invoking RestAPI method to get the cluster state. The request Uri is ==$getRestUri==.\"\n $getResponse = Invoke-WebRequest -UseBasicParsing -Method Get -Headers $headers_Auth -Uri $getRestUri\n $getResponseJson = $getResponse.Content | ConvertFrom-Json\n $clusterState = $getResponseJson.properties.powerState.code\n Write-Output \"AKS Cluster ==$aksClusterName== is currently ==$clusterState==\"\n\n #Checking if the requested operation can be performed based on the current state\n Switch ($operation)\n {\n \"Start\"\n {\n If ($clusterState -eq \"Running\")\n {\n Write-Output \"The AKS Cluster ==$aksClusterName== is already ==$clusterState== and cannot be started again.\"\n }\n else\n {\n Write-Output \"Invoking RestAPI method to perform the requested ==$operation== operation on AKS Cluster ==$aksClusterName==. The request Uri is ==$postRestUri==.\"\n }\n }\n \n \"Stop\"\n {\n If ($clusterState -eq \"Stopped\")\n {\n Write-Output \"The AKS Cluster ==$aksClusterName== is already ==$clusterState== and cannot be stopped again.\"\n }\n else\n {\n Write-Output \"Invoking RestAPI method to perform the requested ==$operation== operation on AKS Cluster ==$aksClusterName==. The request Uri is ==$postRestUri==.\"\n }\n }\n\n Default\n {\n Write-Output \"Unexpected scenario. The requested operation ==$operation== was not matching any of the managed cases.\"\n }\n }\n\n #Performning the operation\n $postResponse = Invoke-WebRequest -UseBasicParsing -Method Post -Headers $headers_Auth -Uri $postRestUri\n $StatusCode = $postResponse.StatusCode\n }\n catch\n {\n $StatusCode = $_.Exception.Response.StatusCode.value__\n $exMsg = $_.Exception.Message\n Write-Output \"Response Code == $StatusCode\"\n Write-Output \"Exception Message == $exMsg\"\n }\n\n if (($StatusCode -ge 200) -and ($StatusCode -lt 300))\n {\n Write-Output \"The ==$operation== operation on AKS Cluster ==$aksClusterName== has been completed succesfully.\"\n }\n else\n {\n Write-Output \"The ==$operation== operation on AKS Cluster ==$aksClusterName== was not completed succesfully.\"\n }\n\n}\ncatch\n{\n Write-Error -Message $_.Exception\n throw $_.Exception\n} \n \n \n As per the parameter section in the script, it will require some inputs in order to be executed. When you will run the runbook (on-demand or on schedule) you’ll need to enter the following specific info: \n \n Kubernetes cluster resource Id \n Action (Accepted values are start and stop) \n \n \n \n \n The runbook will first check if the required operation on the given cluster can be performed. For instance, if you requested to stop the cluster and the cluster is already stopped, the runbook produce some log entries similar to those below: \n \n \n \n If the cluster was in the Stopped state and your request is to start it, then the runbook will go ahead and you will see logs similar to the screenshot below: \n \n \n \n As I have been doing in all of my posts, I strongly recommend you to TEST, TEST, TEST before using it in production. \n \n Thanks for reading as always \n \n Disclaimer \n The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"10681","kudosSumWeight":3,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYxMWlEQ0RGNzNEMzVFQTY2MDc0?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYxMmk0NTEwNTRDNjI0MDVGMENC?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwMmkxMEY1MTJCNjVENkMxNjQ3?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwM2kwRURGNkZBMkY3QTI4NUE5?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwNGkzQ0UwRjAxNkMxRTQ5RDdD?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTQyNDMyNmlFOTExRjFGMkIyNDY2QTVF?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwNWkyQzlGNzg4ODYwMjcxNUEx?revision=5\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTg5OTk1LTI5ODYwNmkxODRCNjlDNjgzNjgyMENF?revision=5\"}"}}],"totalCount":8,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:2507676":{"__typename":"Conversation","id":"conversation:2507676","topic":{"__typename":"BlogTopicMessage","uid":2507676},"lastPostingActivityTime":"2024-04-22T06:24:20.004-07:00","solved":false},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5MjkxMmkzQzlFOTc4NzA3MjA5RDlD?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5MjkxMmkzQzlFOTc4NzA3MjA5RDlD?revision=7","title":"BrunoGabrielli_0-1625148742728.png","associationType":"TEASER","width":643,"height":332,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg3M2k1QjUwMDVGMzAyNDdGNkU1?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg3M2k1QjUwMDVGMzAyNDdGNkU1?revision=7","title":"BrunoGabrielli_4-1625142619856.png","associationType":"BODY","width":444,"height":252,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4MWlDNTVGMDAyNjA1RTM3N0Qy?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4MWlDNTVGMDAyNjA1RTM3N0Qy?revision=7","title":"1.png","associationType":"BODY","width":726,"height":881,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM3N2kzNUE4OUQxREVGMDlENzFC?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM3N2kzNUE4OUQxREVGMDlENzFC?revision=7","title":"2.png","associationType":"BODY","width":721,"height":881,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4MmlCQkE0MzkxREFDRjE0RkZB?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4MmlCQkE0MzkxREFDRjE0RkZB?revision=7","title":"3.png","associationType":"BODY","width":998,"height":383,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg4NmlEQjcwMUE3QjQ5NkY1Mzkz?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg4NmlEQjcwMUE3QjQ5NkY1Mzkz?revision=7","title":"BrunoGabrielli_8-1625146576181.png","associationType":"BODY","width":1464,"height":764,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg4NWlCMzEzNzhFQTZEMkM0Nzcw?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg4NWlCMzEzNzhFQTZEMkM0Nzcw?revision=7","title":"BrunoGabrielli_9-1625146576205.png","associationType":"BODY","width":1171,"height":639,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg4N2k4NUExRjIyOEJEODY1NDNB?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg4N2k4NUExRjIyOEJEODY1NDNB?revision=7","title":"BrunoGabrielli_10-1625146576225.png","associationType":"BODY","width":1276,"height":686,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5NmlFQzhEMkU3OTI5REVFRTEy?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5NmlFQzhEMkU3OTI5REVFRTEy?revision=7","title":"BrunoGabrielli_19-1625147748170.png","associationType":"BODY","width":325,"height":181,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5N2kxQkY0MDk5QUUxRUYwQjdG?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5N2kxQkY0MDk5QUUxRUYwQjdG?revision=7","title":"BrunoGabrielli_20-1625147765940.png","associationType":"BODY","width":315,"height":277,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5OWk4NkY2MjgwOTNDMjY2MjJC?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5OWk4NkY2MjgwOTNDMjY2MjJC?revision=7","title":"BrunoGabrielli_22-1625148131758.png","associationType":"BODY","width":642,"height":265,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5MjkwMGlFMzZCNzU5N0VCREJCMDQw?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5MjkwMGlFMzZCNzU5N0VCREJCMDQw?revision=7","title":"BrunoGabrielli_23-1625148277434.png","associationType":"BODY","width":452,"height":180,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5Mmk0NzZFRjQ4MTZFRDkyMzk2?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5Mmk0NzZFRjQ4MTZFRDkyMzk2?revision=7","title":"BrunoGabrielli_15-1625146576272.png","associationType":"BODY","width":471,"height":298,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5M2k4RjA2NjczQkQ3NDgxRTI2?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5M2k4RjA2NjczQkQ3NDgxRTI2?revision=7","title":"BrunoGabrielli_16-1625146576280.png","associationType":"BODY","width":407,"height":411,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5NGkzRDQxRTUxNzAxQTRCMzQ4?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5NGkzRDQxRTUxNzAxQTRCMzQ4?revision=7","title":"BrunoGabrielli_17-1625146576299.png","associationType":"BODY","width":1053,"height":635,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5NWkwQzEwMkMzQTRFNDY3NUM5?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5NWkwQzEwMkMzQTRFNDY3NUM5?revision=7","title":"BrunoGabrielli_18-1625146576317.png","associationType":"BODY","width":1195,"height":858,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5OGk4OUFBODgzQzBFNkU3MEM2?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5OGk4OUFBODgzQzBFNkU3MEM2?revision=7","title":"11.png","associationType":"BODY","width":999,"height":187,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4M2lFNDNDQTU3M0I2NTM2MTI0?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4M2lFNDNDQTU3M0I2NTM2MTI0?revision=7","title":"4.png","associationType":"BODY","width":693,"height":240,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4NGkzRTk2Njg3NEE3MzNGOTA1?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4NGkzRTk2Njg3NEE3MzNGOTA1?revision=7","title":"5.png","associationType":"BODY","width":741,"height":882,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4NWk2QjgzMDcwQ0U0NDg1OTU3?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4NWk2QjgzMDcwQ0U0NDg1OTU3?revision=7","title":"6.png","associationType":"BODY","width":997,"height":291,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4Nmk3QTkzMEE5NzQ0Q0E5QTgy?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4Nmk3QTkzMEE5NzQ0Q0E5QTgy?revision=7","title":"7.png","associationType":"BODY","width":998,"height":187,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5MmlDRUEzNzZDNUZDNDRBNzFG?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5MmlDRUEzNzZDNUZDNDRBNzFG?revision=7","title":"8.png","associationType":"BODY","width":998,"height":311,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5MjkwNmkyNkY2OEIyMDAyNzZFOEMz?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5MjkwNmkyNkY2OEIyMDAyNzZFOEMz?revision=7","title":"BrunoGabrielli_30-1625148464846.png","associationType":"BODY","width":1237,"height":230,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5Nmk5MDdEMDA5MDJBMTBDOEIw?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5Nmk5MDdEMDA5MDJBMTBDOEIw?revision=7","title":"9.png","associationType":"BODY","width":802,"height":889,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5N2kzQjc3MkJBOTJBOEMxRUE1?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5N2kzQjc3MkJBOTJBOEMxRUE1?revision=7","title":"10.png","associationType":"BODY","width":964,"height":357,"altText":null},"BlogTopicMessage:message:2507676":{"__typename":"BlogTopicMessage","subject":"Azure Monitor - Alert Notification via Teams","conversation":{"__ref":"Conversation:conversation:2507676"},"id":"message:2507676","revisionNum":7,"uid":2507676,"depth":0,"board":{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"author":{"__ref":"User:user:219011"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Hi there, Bruno Gabrielli here again to talk about how to get alert notification using a Teams channel. \n Lots of customers are using Teams channel as notification mechanism in their alert management process. They find it very helpful because Teams can be used over mobile devices and browsers without relying on your company laptop. \n \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":89666},"postTime":"2021-07-05T00:00:00.044-07:00","lastPublishTime":"2023-03-14T08:54:49.561-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Hi there, Bruno Gabrielli here again to talk about how to get alert notification using a Teams channel. \n \n I apologize because this is going to be a long post with all the steps to achieve the notification goals, so please bear with me if you’re interested in getting the configuration done. \n \n Lots of customers are using Teams channel as notification mechanism in their alert management process. They find it very helpful because Teams can be used over mobile devices and browsers without relying on your company laptop. Apparently, there’s no built-in activity in Azure Monitor out of the box to notify an alert via Teams, but we DO have all the pieces that we need. \n \n In this post I will drive you through the Azure Monitor configuration which is behind the Teams channel alert notification mechanism. \n \n First and foremost, a Teams and a Teams channel need to exist. We will not cover this part since it is out of scope, however, should you need information on how to accomplish the pre-requisites you can rely on the following articles: \n \n Create a team from scratch at https://support.microsoft.com/en-us/office/create-a-team-from-scratch-174adf5f-846b-4780-b765-de1a0a737e2b \n Create a channel in Teams at https://support.microsoft.com/en-us/office/create-a-channel-in-teams-fda0b75e-5b90-4fb8-8857-7e102b014525 \n \n With that said, here we are with some steps that will be completed in the Azure portal. Let’s see them in detail. \n \n Step 1: Create a blank Logic App \n For this step, you need to login to the Azure portal and create a new Logic App. For the purpose of this article, I decided to name it SendAlertNotificationToTeamsChannel, but you can choose the name you prefer the most and according to the company standard you have in place. \n \n Once you’re in the right place, click on the Add menu and select the Logic App type you want to create. The available types are: Standard and Consumption. You can find all the necessary info in the page Pricing and billing models for Azure Logic Apps at https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-pricing \n \n \n \n \n \n Once you have selected the billing model that best suite your needs, you will be presented with a page in which you will select/enter basic initial information, such as: \n \n \n Subscription \n Resource Group \n Logic App name \n Region \n \n \n \n \n As you can see from the above screenshot, you can also choose to associate the Logic App with an ISE and or to enable Log Analytics for observability purpose (which is always recommended). Specify the Tags if used and then click on the Review + create button. Once the validation process has finished click on the Create button. \n \n \n \n \n \n The deployment of a new Logic App will start. Once completed click on the Go to resource button to get redirected on the newly created Logic App designer page for editing. \n \n \n \n \n Step 2: Configure the Logic App \n \n In the Logic App designer page, click on When a HTTP request is received. This will be our trigger. \n \n \n \n \n \n After the selection, you will be presented with the Logic App designer canvas. This is where we will do all our remaining configurations starting with the trigger activity we just added. \n \n \n \n \n \n Configure the activity with the JSON schema that the trigger will use. Since the request will contain the alert’s JSON payload, you can refer (and use) the sample schema you can find in the article Common alert schema definitions at https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-common-schema-definitions .Copy the sample alert payload from the page, click on Use sample playload to generate schema, paste the content and click Done \n \n \n \n \n \n Now let’s have some fun with the notification formatting. Since I preferred to create different activities to notify specific information according to the type of alert (i.e., Metrics, Log Analytics or Application Insight alerts), I created 3 separate but similar activities which differ only in some parts that are related in the information to be sent. If you prefer having just one notification activity for all alert type, jump to step 7 \n To create a condition used to decide which notification activity to use, click on the New Step, in the search box type Control \n \n \n \n \n \n Select the Control group and then select the Switch activity to add it to the canvas. For groups with lots of activities, you can enter the activity name or part of it in the search box. \n \n \n \n \n \n To configure this activity:\n \n Click on the On field and select monitoringService from the Dynamic content list\n \n \n \n \n Click on the Equals and enter the string corresponding to the alert type you’re going to create the notification for. For the possible values to be used you can refer at the samples in the Common alert schema definitions at https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-common-schema-definitions located under the Alert context paragraph. In this example we will use the Metric alerts (excluding availability tests) section, hence as value we will enter Platform.\n \n \n \n \n If you like to configure specific notification activities, click on the +sign between the 2 blocks and add a new case and configure it accordingly (for configuration step, refer to step b above) or add the notification activity as a new action inside the specific case (see next steps) \n \n \n \n \n Now we can move on with the notification activity. As we did for the Switch action, click on New step (or click on Add an action if you’re adding it as a child action as result of choice made during step 4) \n Follow what has been described in steps 5 and 6 using Microsoft Teams as group and Post a message (V3) (Preview) as action \n Once added, this activity needs some configuration:\n \n Team ID \n Channel \n Message\n \n As far as the Team ID and the Channel go, you can select them from a drop-down list\n \n \n \n \n With regards to the Message body part, this is representing the information sent through the notification. Here you can enter static text formatted as you like, dynamic content as well as formulas. In my example I started with a kind of title and followed with sections under which there are the info I wanted to send. For the static text, you just need to write it. For the dynamic content and/or formulas, once you decided the line where to put it, click on Add dynamic content and select it from the side panel click in the Message canvas and either select it from the Dynamic content list or assemble it using the Expression builder\n \n \n \n In this post, since I got everything correctly parsed from the trigger activity (the When a HTTP request is received), I will go use the dynamic content only. For instance, after heving put some text like – Alert Id: I will select alertId content from the list \n \n \n \n \n Repeat the above step for all the field you want to make part of the message such as Alert Rule Name, Severity, Description, etc. \n \n \n \n \n \n \n Once the activity configuration is complete, repeat the steps 8, 9 and 10 if you want to add more specific notification activity or click on Save when done. \n \n \n \n \n Step 3: Configure the Action Group \n Now that the Logic App has been created, we need to configure an Action Group to use it in order receive our alerts as expected. \n From the Azure Monitor blade, follow the steps below: \n \n From the Alerts page, click on Manage actions \n \n \n \n \n \n Click on New action group \n \n \n \n \n \n Enter the necessary basic information and click on Next: Notifications >\n \n Subscription \n Resource group \n Action group name \n Display name \n \n \n \n \n \n \n \n Leave everything unchanged click on Next: Actions > \n Configure the following according to what has been created before:\n \n Action type \n Name \n Selected \n \n \n \n , making sure to enable the common alert schema and select \n \n \n \n \n Click on Next: Tags >and configure the Tags if necessary. Then click on Next: Review + create >and the on Create \n \n Step 4: Add the new action group to your alerts \n Now that we have the Action group created and configured, we need to add it to all the alerts we want to notify: \n \n From the Alerts page, click on Manage alert rules \n \n \n \n \n \n Identify the alert you want to notify (i.e., the Low CPU usage on Virtual Machines) and click on it to edit \n \n \n \n \n \n In the Actions section, add the new action group to the existing one (or remove them if not necessary anymore) by clicking on the Manage action groups \n \n \n \n \n \n Select the newly created (and de-select the selected ones if necessary) and click Select \n \n \n \n \n \n Click Save to save and apply the changes \n \n \n \n \n Step 5: Test, test, test \n As always when re-using something from others, we gotta make sure it works in our environment. What’s better than a deep test session? Play with the alert rules you configured to generate some alert and see if it gets notified. If everything went smoothly, we should get notifications similar to the one below in our Teams: \n \n \n \n Hope that will make the Alert Management process as well as the Notification process easier and usable enough. \n \n Thanks for reading through the entire loooooong post \n \n Disclaimer \n The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"10596","kudosSumWeight":11,"repliesCount":25,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5MjkxMmkzQzlFOTc4NzA3MjA5RDlD?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg3M2k1QjUwMDVGMzAyNDdGNkU1?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4MWlDNTVGMDAyNjA1RTM3N0Qy?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM3N2kzNUE4OUQxREVGMDlENzFC?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4MmlCQkE0MzkxREFDRjE0RkZB?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg4NmlEQjcwMUE3QjQ5NkY1Mzkz?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg4NWlCMzEzNzhFQTZEMkM0Nzcw?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg4N2k4NUExRjIyOEJEODY1NDNB?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5NmlFQzhEMkU3OTI5REVFRTEy?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5N2kxQkY0MDk5QUUxRUYwQjdG?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5OWk4NkY2MjgwOTNDMjY2MjJC?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5MjkwMGlFMzZCNzU5N0VCREJCMDQw?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5Mmk0NzZFRjQ4MTZFRDkyMzk2?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5M2k4RjA2NjczQkQ3NDgxRTI2?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5NGkzRDQxRTUxNzAxQTRCMzQ4?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5Mjg5NWkwQzEwMkMzQTRFNDY3NUM5?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5OGk4OUFBODgzQzBFNkU3MEM2?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE4","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4M2lFNDNDQTU3M0I2NTM2MTI0?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE5","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4NGkzRTk2Njg3NEE3MzNGOTA1?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIw","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4NWk2QjgzMDcwQ0U0NDg1OTU3?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIx","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM4Nmk3QTkzMEE5NzQ0Q0E5QTgy?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIy","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5MmlDRUEzNzZDNUZDNDRBNzFG?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDIz","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5MjkwNmkyNkY2OEIyMDAyNzZFOEMz?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI0","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5Nmk5MDdEMDA5MDJBMTBDOEIw?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI1","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yNTA3Njc2LTI5NTM5N2kzQjc3MkJBOTJBOEMxRUE1?revision=7\"}"}}],"totalCount":26,"pageInfo":{"__typename":"PageInfo","hasNextPage":true,"endCursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI1","hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3690750":{"__typename":"Conversation","id":"conversation:3690750","topic":{"__typename":"BlogTopicMessage","uid":3690750},"lastPostingActivityTime":"2023-11-09T15:28:46.366-08:00","solved":false},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1OGk1REM2QTQxNjJCNzI0NjA0?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1OGk1REM2QTQxNjJCNzI0NjA0?revision=3","title":"BrunoGabrielli_16-1670327693669.png","associationType":"TEASER","width":819,"height":508,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0Mmk1NEI1REE2RjU4Njk0NTlD?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0Mmk1NEI1REE2RjU4Njk0NTlD?revision=3","title":"BrunoGabrielli_0-1670327281891.png","associationType":"BODY","width":43,"height":43,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0M2kwRDI4QzlBRDUyNDQ5RTdD?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0M2kwRDI4QzlBRDUyNDQ5RTdD?revision=3","title":"BrunoGabrielli_1-1670327338104.png","associationType":"BODY","width":454,"height":488,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0NGk4QkNGMEYxNTZCMEIzQjVE?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0NGk4QkNGMEYxNTZCMEIzQjVE?revision=3","title":"BrunoGabrielli_2-1670327338114.png","associationType":"BODY","width":1064,"height":400,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0NWk0Qjk2NjMyNjAwRjkwODcw?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0NWk0Qjk2NjMyNjAwRjkwODcw?revision=3","title":"BrunoGabrielli_3-1670327338120.png","associationType":"BODY","width":976,"height":354,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0N2k1MTlERUZEQzU2MzU1QzUy?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0N2k1MTlERUZEQzU2MzU1QzUy?revision=3","title":"BrunoGabrielli_4-1670327338125.png","associationType":"BODY","width":1052,"height":464,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0OGkxMzAxQzk5QzZBQzQwODND?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0OGkxMzAxQzk5QzZBQzQwODND?revision=3","title":"BrunoGabrielli_5-1670327338130.png","associationType":"BODY","width":1039,"height":427,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0NmkxNEREMDI3QjdGMzAwQ0JE?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0NmkxNEREMDI3QjdGMzAwQ0JE?revision=3","title":"BrunoGabrielli_6-1670327338135.png","associationType":"BODY","width":882,"height":440,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0OWk0Q0Q0QjAyNzFGNTIwOEE5?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0OWk0Q0Q0QjAyNzFGNTIwOEE5?revision=3","title":"BrunoGabrielli_7-1670327338139.png","associationType":"BODY","width":891,"height":437,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1MGkzMTlFN0M5REI2RkE3OUYx?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1MGkzMTlFN0M5REI2RkE3OUYx?revision=3","title":"BrunoGabrielli_8-1670327338145.png","associationType":"BODY","width":1052,"height":484,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1MWlFNkNCOUIxOTE5NDRBOEIz?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1MWlFNkNCOUIxOTE5NDRBOEIz?revision=3","title":"BrunoGabrielli_9-1670327338151.png","associationType":"BODY","width":1052,"height":509,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1MmlDM0Q0RkFGNTJBQzgxRUQ0?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1MmlDM0Q0RkFGNTJBQzgxRUQ0?revision=3","title":"BrunoGabrielli_10-1670327338157.png","associationType":"BODY","width":1052,"height":604,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1M2lDMzFCMTRENENGRDgzN0VD?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1M2lDMzFCMTRENENGRDgzN0VD?revision=3","title":"BrunoGabrielli_11-1670327338164.png","associationType":"BODY","width":1052,"height":636,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1NGk4QTREQTM2NDY2QkM0MzEy?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1NGk4QTREQTM2NDY2QkM0MzEy?revision=3","title":"BrunoGabrielli_12-1670327338175.png","associationType":"BODY","width":980,"height":489,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1NWkwMTMxODJCNzQ4QjZGRDU4?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1NWkwMTMxODJCNzQ4QjZGRDU4?revision=3","title":"BrunoGabrielli_13-1670327338181.png","associationType":"BODY","width":1052,"height":618,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1NmkxOEJCQUE1NDI3Nzc1OTU4?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1NmkxOEJCQUE1NDI3Nzc1OTU4?revision=3","title":"BrunoGabrielli_14-1670327338187.png","associationType":"BODY","width":1052,"height":556,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1N2lBRDRDQjE4MTEzNDkyQzE4?revision=3\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1N2lBRDRDQjE4MTEzNDkyQzE4?revision=3","title":"BrunoGabrielli_15-1670327450348.png","associationType":"BODY","width":1052,"height":624,"altText":null},"BlogTopicMessage:message:3690750":{"__typename":"BlogTopicMessage","subject":"Azure Monitor: Manage Data Access for Your Log Analytics Workspace","conversation":{"__ref":"Conversation:conversation:3690750"},"id":"message:3690750","revisionNum":3,"uid":3690750,"depth":0,"board":{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"author":{"__ref":"User:user:219011"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Struggling with giving very specific access to Log Analytics data, whether they be Security or Monitoring data? Managing your access list through IAM on the workspace”, is not enough? Read ahead to discover how to better assign specific permission to specific data or, even more, to data coming from specific resource(s). \n \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":7314},"postTime":"2022-12-12T00:00:00.042-08:00","lastPublishTime":"2023-11-09T15:28:46.366-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Gooooood morning readers \n \n I am back with another important topic arising from my customers’ visits. How can I give very specific access to Log Analytics data, whether they be Security or Monitoring data? \n \n Tricky one, isn’t it? A very simplistic answer could be: “manage your access list through IAM on the workspace”, but this is not enough. Say, for instance, that you would give scoped access to data coming from specific resources or, even more complicated, you would like that given the same resource one team can see some info and another one all the rest. \n \n Looks complicated, but hey … good news: this is doable \n \n To understand how we can achieve this complicated goal, we need to explore how data access works in Log analytics. First of all, we need to bear in mind that data access is a combination of factors that fall under 2 main categories: Access and Permission. The picture below should anticipate the idea that we will be explained right after: \n \n \n \n As you can see, on the left side there is Access Control Mode and Access Mode. \n The first one, Access Control Mode, is a setting that controls which permission set will be used: the one defined at the workspace level (IAM on the workspace) or the one defined at the resource level (IAM on the resource sending data) \n \n \n \n Using Require workspace permission will allow any configured user on the workspace to access all contained data with no restrictions. On the other hand, with Use resource or workspace permission user will access data based on the permission they have been granted on the resource. If the same user has been granted permissions at workspace level, these will be ignored. \n Access Mode, instead, is a method that controls the scope of data to be accessed. We have 2 options here: accessing data from the Log Analytics workspace, which gives access to all the contained data, or accessing collected data from the resource emitting the data. In this case, the query scope will be automatically restricted to the logs created by the given resource and access will happen only on this data. \n \n \n \n Now that we have clear in mind how data access can be configured and how it is evaluated, let’s look at scenarios which can clarify the real life: \n Scenario #1: Full access to workspace data. \n This is the simplest case. We will set the Access control mode to Workspace permission and configure the necessary RBAC on the workspace. In this case Log Analytics queries, Dashboard and workbook will work automatically with no additional effort for all the users who have been given at least reader permissions. \n \n \n \n Running a query against on the Log Analytics workspace, the granted user will be able to see everything logged so far: \n \n \n \n Scenario #2: Access to specific resource data. \n Here is where the long explanation above applies. Pretending to have a situation where: \n \n Operations User 1 needs to access only data produced by Windows virtual machines \n Operations User 2 needs to access only data produced by Linux virtual machines \n \n it will be enough granting: \n \n Read permission to Operations User 1 to Windows VMs (or to the resource group hosting them) \n \n \n \n \n \n Read permission to Operations User 2 to Linux VMs (or to the resource group hosting them) \n \n \n \n \n Running the same above query from the Logs item in the vm-Demo01 (or 02) blade, the Windows-based virtual machines, being logged as Operations User 1 will only return the data scoped to that VM: \n \n \n \n Running the same query from the workspace, always being logged as Operations User 1, will return data for both virtual machines we granted the user read access on: \n \n \n \n The same goes for the Linux-based virtual machine accessing the data as Operations User 2 \n \n Scenario #3: Access to specific tables \n There is also a third possible scenario which makes things a bit more complicated and requires the definition of a Table-Level RBAC through custom role(s). We might need to give Access to specific resource data in specific tables. To give you an idea, imagine the following: \n \n Performance User 1 only needs access to VM Performance data \n Networking User 1 only needs access to VM Connection data \n \n regardless of the Operating System. The solution for this scenario is to create 2 different azure custom roles each with the necessary reader permission and configure these custom roles on the virtual machines (or resource group containing them). Custom roles can be created by following 2 approaches: \n \n Give access to specific table(s). This approach is preferred if you need to grant access to a few tables. \n Start with full access and enforce the necessary restrictions. This second approach is helpful when access needs to be granted to many table so it is easier to manage the restrictions. \n \n For this scenario I went on creating custom roles through the Azure portal starting from the built-in Log Analytics Reader role and changing it accordingly. You can see a sample for the VM Performance data Reader: \n \n \n \n \n NOTE: Pay attention to the Action section which contains, together with the first 2 permissions which are necessary to enumerate the workspace and to read and use built-in queries, a specific entry for the InsightsMetrics table. \n \n \n and for the VM Connection Reader: \n \n \n \n \n NOTE: Pay attention to the Action section which contains, together with the first two permissions which are necessary to enumerate the workspace and to read and use built-in queries, a specific entry for the VMConnection table \n \n \n For both scenario #2 and #3, access to data will be granted based on the flow below: \n \n \n \n Now that you have an idea on how to grant data access rights, how can you control who is really accessing data and which portion has been accessed? Luckily, Azure helps us in collecting the Audit data for our log analytics workspace(s). You only need to enable the capture using the Diagnostics Setting and configure the Audits to be sent to a workspace (it could be the same you are configuring or a different one) \n \n \n \n Once the collection of audit logs is enabled, go to the Insights under the Monitoring section on the workspace blade, select the Query Audit tab to see data about query performance, Slow and Inefficient queries as well as the number of queries run by users. \n \n \n \n But I know you … you think this is not enough. Here is why I am keeping the little cherry as last. Having audit data stored in a Log Analytics workspace we can always, as for any other data type, run our custom queries. \n A very simple one that also shows the query text to better understand the research scope, is the following one: \n \n \n LAQueryLogs\n| top 10 by TimeGenerated desc\n| project TimeGenerated, AADEmail, QueryText, RequestClientApp, ResponseRowCount \n \n \n \n Hope that the long explanation and the scenario walkthrough will be of help \n \n Disclaimer \n The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"8208","kudosSumWeight":1,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1OGk1REM2QTQxNjJCNzI0NjA0?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0Mmk1NEI1REE2RjU4Njk0NTlD?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0M2kwRDI4QzlBRDUyNDQ5RTdD?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0NGk4QkNGMEYxNTZCMEIzQjVE?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0NWk0Qjk2NjMyNjAwRjkwODcw?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0N2k1MTlERUZEQzU2MzU1QzUy?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0OGkxMzAxQzk5QzZBQzQwODND?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0NmkxNEREMDI3QjdGMzAwQ0JE?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU0OWk0Q0Q0QjAyNzFGNTIwOEE5?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1MGkzMTlFN0M5REI2RkE3OUYx?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1MWlFNkNCOUIxOTE5NDRBOEIz?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1MmlDM0Q0RkFGNTJBQzgxRUQ0?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1M2lDMzFCMTRENENGRDgzN0VD?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1NGk4QTREQTM2NDY2QkM0MzEy?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1NWkwMTMxODJCNzQ4QjZGRDU4?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1NmkxOEJCQUE1NDI3Nzc1OTU4?revision=3\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjkwNzUwLTQyMzU1N2lBRDRDQjE4MTEzNDkyQzE4?revision=3\"}"}}],"totalCount":17,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"CachedAsset:text:en_US-components/community/Navbar-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1745505307000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","gxcuf89792":"Tech Community","external-1":"Events","s-m-b":"Nonprofit Community","windows-server":"Windows Server","education-sector":"Education Sector","driving-adoption":"Driving Adoption","Common-content_management-link":"Content Management","microsoft-learn":"Microsoft Learn","s-q-l-server":"Content Management","partner-community":"Microsoft Partner Community","microsoft365":"Microsoft 365","external-9":".NET","external-8":"Teams","external-7":"Github","products-services":"Products","external-6":"Power Platform","communities-1":"Topics","external-5":"Microsoft Security","planner":"Outlook","external-4":"Microsoft 365","external-3":"Dynamics 365","azure":"Azure","healthcare-and-life-sciences":"Healthcare and Life Sciences","external-2":"Azure","microsoft-mechanics":"Microsoft Mechanics","microsoft-learn-1":"Community","external-10":"Learning Room Directory","microsoft-learn-blog":"Blog","windows":"Windows","i-t-ops-talk":"ITOps Talk","external-link-1":"View All","microsoft-securityand-compliance":"Microsoft Security","public-sector":"Public Sector","community-info-center":"Lounge","external-link-2":"View All","microsoft-teams":"Microsoft Teams","external":"Blogs","microsoft-endpoint-manager":"Microsoft Intune","startupsat-microsoft":"Startups at Microsoft","exchange":"Exchange","a-i":"AI and Machine Learning","io-t":"Internet of Things (IoT)","Common-microsoft365-copilot-link":"Microsoft 365 Copilot","outlook":"Microsoft 365 Copilot","external-link":"Community Hubs","communities":"Products"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1745505307000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1745505307000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1745505307000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1745505307000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1745505307000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1745505307000","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the community","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1745505307000","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1745505307000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1745505307000","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1745505307000","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745505307000","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1745505307000","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1745505307000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1745505307000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1745505307000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1745505307000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1745505307000","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1745505307000","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1745505307000","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1745505307000","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1745505307000","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1745505307000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1745505307000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"nodeId":"board:CoreInfrastructureandSecurityBlog","tagName":"BrunoGabrielli"},"buildId":"YK32GCbhJqbL-HLk4DLXM","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"o365","openTelemetryServiceVersion":"25.3.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/customComponent/CustomComponent/CustomComponent.tsx","./components/tags/TagsHeaderWidget/TagsHeaderWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/tags/TagSubscriptionAction/TagSubscriptionAction.tsx","./components/external/components/ExternalComponent.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","../shared/client/components/common/Pager/PagerLoadMore/PagerLoadMore.tsx","./components/customComponent/CustomComponentContent/TemplateContent.tsx"],"appGip":true,"scriptLoader":[{"id":"analytics","src":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/pagescripts/1730819800000/analytics.js?page.id=TagPage","strategy":"afterInteractive"}]}