Custom Alerts for Azure Virtual Desktop

Syed Aman 1 Reputation point
2023-04-06T07:28:15.73+00:00

Please help me with kusto queries for setting up custom alerts for Azure Virtual Desktop.   Custom Alerts: |- User Connection Time

  • Unexpected Disconnection
  • VM's Being Available or Unavailable
  • Number of Users Connected to VDI
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,596 questions
{count} votes

1 answer

Sort by: Most helpful
  1. vipullag-MSFT 26,411 Reputation points
    2023-04-06T10:06:31.0033333+00:00

    Hello Syed Aman Welcome to Microsoft Q&A Platform, thanks for posting your query here. To set up custom alerts for Azure Virtual Desktop, you can use Kusto queries in Azure Monitor. Here are some sample queries that you can use for the custom alerts you mentioned:

    1. User Connection Time:
    AzureActivity
    | where OperationNameValue == "Microsoft.DesktopVirtualization/hostPools/sessionHosts/users/start"
    | extend User = tostring(parse_json(tostring(Properties)).userPrincipalName)
    | extend SessionId = tostring(parse_json(tostring(Properties)).sessionId)
    | extend StartTime = todatetime(EventTimestamp)
    | project User, SessionId, StartTime
    
    1. Unexpected Disconnection:
    AzureActivity
    | where OperationNameValue == "Microsoft.DesktopVirtualization/hostPools/sessionHosts/users/disconnect"
    | extend User = tostring(parse_json(tostring(Properties)).userPrincipalName)
    | extend SessionId = tostring(parse_json(tostring(Properties)).sessionId)
    | extend DisconnectTime = todatetime(EventTimestamp)
    | project User, SessionId, DisconnectTime
    
    1. VM's Being Available or Unavailable:
    Heartbeat
    | where TimeGenerated > ago(5m)
    | summarize LastHeartbeat = max(TimeGenerated) by Computer
    | join kind=leftouter (
        Heartbeat
        | where TimeGenerated > ago(5m)
        | summarize SecondLastHeartbeat = max(TimeGenerated) by Computer
    ) on Computer
    | extend IsAvailable = iif(LastHeartbeat > SecondLastHeartbeat, true, false)
    | project Computer, IsAvailable
    
    1. Number of Users Connected to VDI:
    AzureActivity
    | where OperationNameValue == "Microsoft.DesktopVirtualization/hostPools/sessionHosts/users/start"
    | summarize count() by bin(EventTimestamp, 1h)
    

    You can modify these queries as per your requirements and use them to create custom alerts in Azure Monitor.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.