Manage Azure Monitor based alerts for Azure Backup
Article
This article describes how to switch to Azure Monitor based alerts for Azure Backup and monitor them.
Supported alerting solutions
Azure Backup now supports different kinds of Azure Monitor based alerting solutions. You can use a combination of any of these based on your specific requirements.
The following table lists some of these solutions:
Alert
Utility
Description
Built-in Azure Monitor alerts
Default alerts enabled for critical scenarios.
Azure Backup automatically generates built-in alerts for certain default scenarios, such as deletion of backup data, disabling of soft-delete, backup failures, restore failures, and so on. You can view these alerts out of the box via Azure Business Continuity Center. To configure notifications for these alerts (for example, emails), you can use Azure Monitor's Alert Processing Rules and Action groups to route alerts to a wide range of notification channels.
Log/ARG based Alerts
To write custom alerts.
- Azure Resource Graph (ARG): On real time data. - LA: On Log Analytics data (when some delay is acceptable).
If you've scenarios where an alert needs to be generated based on custom logic, you can use Log Analytics based alerts for such scenarios, provided you've configured your vaults to send diagnostics data to a Log Analytics (LA) workspace.
Metric alerts
To write alerts for job success and cases where the health is not as expected.
You can write custom alert rules using Azure Monitor metrics to monitor the health of your backup items across different KPIs.
Note
There are five types of alert severity levels - Critical, Error, Warning, Informational, and Verbose. You can configure notifications for alerts based on these severity levels.
Migrate from classic alerts to built-in Azure Monitor alerts
Among the different Azure Monitor based alert solutions, built-in Azure Monitor alerts come closest to classic alerts as per user experience and functionality. So, to quickly switch from classic alerts to Azure Monitor, you can use built-in Azure Monitor alerts.
The following table lists the differences between classic backup alerts and built-in Azure Monitor alerts for backup:
Actions
Classic alerts
Built-in Azure Monitor alerts
Setting up notifications
- You must enable the configure notifications feature for each Recovery Services vault, along with the email id(s) to which the notifications should be sent.
- For certain destructive operations, email notifications are sent to the subscription owner, admin and co-admin irrespective of the notification settings of the vault.
- Notifications are configured by creating an alert processing rule.
- While alerts are generated by default and can't be turned off for destructive operations, the notifications are in the control of the user, allowing you to clearly specify which set of email address (or other notification endpoints) you wish to route alerts to.
Notification suppression for database backup scenarios
When there are multiple failures for the same database due to the same error code, a single alert is generated (with the occurrence count updated for each failure type) and a new alert is only generated when the original alert is inactivated.
The behavior is currently different. Here, a separate alert is generated for every backup failure. If there's a window of time when backups will fail for a certain known item (for example, during a maintenance window), you can create a suppression rule to suppress email noise for that backup item during the given period.
Pricing
There are no additional charges for this solution.
Alerts for critical operations/failures generate by default (that you can view in the Azure portal or via non-portal interfaces) at no additional charge. However, to route these alerts to a notification channel (such as email), it incurs a minor charge for notifications beyond the free tier (of 1000 emails per month). Learn more about Azure Monitor pricing.
Note
If you've existing custom Azure Resource Graph (ARG) queries written on classic alerts data, you'll need to update these queries to fetch information from Azure Monitor-based alerts. You can use the AlertsManagementResources table in ARG to query Azure Monitor alerts data.
If you send classic alerts to Log Analytics workspace/Storage account/Event Hub via diagnostics settings, you'll also need to update these automation. To send the fired Azure Monitor based alerts to a destination of your choice, you can create an alert processing rule and action group that routes these alerts to a logic app, webhook, or runbook that in turn sends these alerts to the required destination.
Azure Backup now provides a guided experience via Azure Business Continuity Center that allows you to switch to built-in Azure Monitor alerts and notifications with just a few selects. To perform this action, you need to have access to the Backup Contributor and Monitoring Contributor Azure role-based access control (Azure RBAC) roles to the subscription.
To migrate from classic alerts to built-in Azure Monitor alerts, follow these steps:
On the Azure portal, go to Business Continuity Center > Monitoring + Reporting > Alerts.
Opt-out of classic alerts to avoid receiving duplicate alerts from two solutions. Select Manage alerts to view the vaults for which classic alerts are currently enabled.
Select Update > Use only Azure Monitor alerts checkbox.
By doing so, you agree to receive backup alerts only via Azure Monitor, and you'll stop receiving alerts from the older (classic alerts) solution.
To select multiple vaults on a page and update the settings for these vaults with a single action, select Update from the top menu.
To opt-out of alerts from the Recovery Services vault or Backup vault, go to the specific vault > Properties > Monitoring Settings, and then select Update.
Turn on Azure Monitor alerts for job failure scenarios
To opt in to Azure Monitor alerts for backup failure and restore failure scenarios, follow these steps:
Built-in Azure Monitor alerts are generated for job failures by default. If you want to turn off alerts for these scenarios, you can edit the monitoring settings property of the vault accordingly.
To manage monitoring settings for a Backup vault, follow these steps:
Go to the vault and select Properties.
Locate the Monitoring Settings vault property and select Update.
In the context pane, select the appropriate options to enable/disable built-in Azure Monitor alerts for job failures depending on your requirement.
We also recommend you to select the checkbox Use only Azure Monitor alerts.
For Backup vaults, you no longer need to use a feature flag to opt in to alerts for job failure scenarios. Built-in Azure Monitor alerts are generated for job failures by default. If you want to turn off alerts for these scenarios, you can edit the monitoring settings property of the vault accordingly.
To manage monitoring settings for a Backup vault, follow these steps:
Go to the vault and select Properties.
Locate the Monitoring Settings vault property and select Update.
In the context pane, select the appropriate options to enable/disable built-in Azure Monitor alerts for job failures depending on your requirement.
Select Update to save the setting for the vault.
View fired alerts in the Azure portal
After an alert is fired for a vault, you can view the alert in the Azure portal in Azure Business Continuity Center or Recovery Services vault console.
View alerts in Recovery Services vault
To view fired alerts in the Azure Recovery Services vault, follow these steps:
In the Azure portal, go to Recovery Services vault > Alerts.
On the Alerts pane, filter for the Monitor Service =Azure Backup to see Azure Backup specific alerts.
A list a summary of active alerts are split by severity. The following types of alerts are displayed:
Datasource Alerts: You can see these alerts in the alerts basic view. Alerts that are tied to a specific datasource being backed-up (for example, back up or restore failure for a VM, deleting backup data for a database, and so on) appear under the Datasource Alerts section.
Global Alerts: You can see these alerts in the alerts full view. Alerts that aren't tied to a specific datasource(for example, disabling soft-delete functionality for a vault) appear under the Global Alerts section.
Each of the above types of alerts is further split into Security and Configured alerts. Currently, Security alerts include the scenarios of deleting backup data, or disabling soft-delete for vault (for the applicable workloads as detailed in the above section). Configured alerts include backup failure and restore failure, because these alerts are fired only when alerts aren't disabled for these scenarios.
Select the Alerts menu item to open a list of all active alerts fired with the relevant filters applied.
You can select any alert to view more details about the alert, such as the affected datasource, alert description and recommended action, and so on.
After the event is mitigated, change the state of an alert to Acknowledged or Closed by selecting Change Alert State.
View alerts in Azure Business Continuity Center
To monitor the alerts, follow these steps:
On Business Continuity Center, go to Monitoring + Reporting > Alerts.
The count of all alert rules appears that have at least one or more fired alerts in the selected time range.
On Alerts, filter the list by severity of alert, category of alert, time range (up to last 15 days), and other parameters.
The Impacted Items count in the grid shows the number of resources on which an alert corresponding to that alert rule was fired. To view the impacted items, select View impacted items in the context menu to view all alerts that were triggered due to that alert rule.
You can then review each alert and take appropriate action.
Programmatic options
You can also use programmatic methods to opt-out of classic alerts and manage Azure Monitor notifications.
Opt out of classic backup alerts
In the following sections, you'll learn how to opt out of classic backup alert solution using the supported clients.
Using Azure Resource Manager (ARM)/ Bicep/ REST API/ Azure Policy
The monitoringSettings vault property helps you specify if you want to disable classic alerts. You can create a custom ARM/Bicep template or Azure Policy to modify this setting for your vaults.
The following example of the vault settings property shows that the classic alerts are disabled and built-in Azure Monitor alerts are enabled for all job failures.
Using Azure Resource Manager (ARM)/ Bicep/ REST API
You can use these sample ARM and Bicep templates that create an alert processing rule and action group associated to all Recovery Services vaults in the selected subscription.
Using Azure PowerShell
As described in earlier sections, you need an action group (notification channel) and alert processing rule (notification rule) to configure notifications for your vaults.
To configure the notification, run the following cmdlet:
Create an alert processing rule that's linked to the above action group using the Set-AzAlertProcessingRule cmdlet.
PowerShell
Set-AzAlertProcessingRule -ResourceGroupName"testRG" -Name"AddActionGroupToSubscription" -Scope"/subscriptions/xxxx-xxx-xxxx" -FilterTargetResourceType"Equals:Microsoft.RecoveryServices/vaults" -Description"Add ActionGroup1 to alerts on all RS vaults in subscription" -Enabled"True" -AlertProcessingRuleType"AddActionGroups" -ActionGroupId"/subscriptions/xxxx-xxx-xxxx/resourcegroups/testRG/providers/microsoft.insights/actiongroups/testActionGroup"
Using Azure CLI
As described in earlier sections, you need an action group (notification channel) and alert processing rule (notification rule) to configure notifications for your vaults.
To configure the same, run the following commands:
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.