Configure an Azure Monitor Alert Rule

1. Open an incognito or private window and log in to the Azure portal using the user name and password provided in the lab environment.
2. From within the portal, initiate the Cloud Shell to select Bash (versus PowerShell) and set up with new backing storage — do not use the existing storage account deployed into the lab environment. You will need both storage accounts to complete the lab.

At this point you should be logged into the Azure portal in the subscription associated with the lab credentials, and you should ahve the integrated Cloud Shell terminal open.

Use the Azure portal and the integrated Cloud Shell terminal to write Azure CLI required to complete the following tasks. Note that the order of the tasks is slightly different from the order of the wizard you may have used in the Azure portal to create Azure Monitor alert rules. See the Hints section at the end of the instructions if you need just a little help getting started on some of the tasks, prior to turning to the lab guide or solution video for a more detailed walk-through.

Collect the values you will need to populate two Azure CLI commands.

You can collect the required values by simply copy-pasting the values into a text editor, but for cleaner code that's easier to read and write, we suggest you use environment variables that you can then use in the Azure CLI commands. You can collect the values by using Azure CLI or by using the portal to navigate to the storage account deployed on your behalf in the lab subscription. The correct lab's name starts with "pslab" followed by a short string of random characters. Do not use the storage account you used to set up your Cloud Shell environment.

These are the values you need to collect:

• The resource group name (not the ID) where the storage account is located
• The "scope" for your alert rule, which is the Resource ID URL found under Endpoints in the left menu of the storage account in the portal.
• An action group name of your choice

Create an Action Group

You might recall from the intro video, in the portal workflow, you create the alert-rule scope, the condition, and then the action group that identifies what you want to do when the rule is triggered. But because we want to refernece the action group in our alert rule definition, we need to first create the action group.

Use the Azure CLI az monitor action-group create command, populated with the name of the action group, the resource group name, a short name, under 12 characters, for the action group, and the action you want to take, which is to send an SMS message to yourself. NOTE: The Microsoft documentation around the --action argument is not easy to find. See the "Hints" section, below for the syntax you should use on the --action argument.

When you successfully execute the code to create an Action Group based on your own phone number, you should almost immediately get a text.

Create an Alert on the Activity Log for the Storage Account

Use the az monitor activity-log alert create command, populated with the name of the alert rule, which can be anything you want, the resource group, the scope, the condition, the description, which can be anything you want, and the action group. NOTE: The Microsoft documentation around the specifics of the --condition argument is not easy to find. See the "Hints" section, below for the syntax you should use on the --condition argument.

Optional: Confirm the Creation of the Alert Rule

Assuming there are no errors, when you execute the alert create command, it should return the JSON description of your alert, but if you want to be double-sure, you can this list command: az monitor activity-log alert list. You can also go back to the storage account in the portal and click on Alerts in the left menu and then Alert Rules to see the one you just created.

Hints and Tips

• Don't be afraid to try to write the Azure CLI on your own. If you have the syntax wrong or you are missing an argument, you will get error feedback that may help you sort it out for yourself, without referring to documentation.
• To create an environment variable at the command line, just type the name of the command and set it equal to the value, like this:

resource_group_name="my-rg"

Note that there is no space before or after the "=" sign. Bash will throw an error if you put in spaces. The double-quotes are not strictly required unless there are spaces in the assigned value, but some developers do it as a matter of habit. The variable names used in the solution video are:

resource_group_name
rule_scope
action_group_name

And then you reference them later in code by putting a "$" in front of the variable name, as in this example:

--resource-group $resource_group_name

• The documentation for the az monitor action-group command group is here: https://learn.microsoft.com/en-us/cli/azure/monitor/action-group?view=azure-cli-latest#az-monitor-action-group-create()
• The correct syntax for the --action argument when creating the action group looks like this, where the first value is the type of action, the second value is the name of the recipient, the third value is the country code, and the fourth value is a valid phone number (5555555555 is a placeholder and will not work). You will need to use your name, country code, and phone number.

--action sms Amy 1 5555555555

• The documentation for the az monitor activity-log alert command group is here: https://learn.microsoft.com/en-us/cli/azure/monitor/activity-log/alert?view=azure-cli-latest
• The correct argument name and value for setting the condition that triggers the rule is, below. Copy-paste this into your terminal window for the condition argument in your code block:

--condition "category=Administrative and operationName=Microsoft.Storage/storageAccounts/write"