Create and test a custom email alert

  • Last update on January 9th, 2025

Table of Contents

This guide will show you how to create a custom email alert based on a sample query.

Create an Alert Rule

After running your sample query,  follow these steps to create an alert rule

  1. Click on +New alert rule to create an alert based on on your sample query
  1. Under “Condition”, for the “Signal name”, select “Custom log search” from the dropdown menu
  1.  On the same page, scroll down to the “Alert logic” section. 
  2. Set the threshold value to 1 to receive alerts whenever a change meets the conditions of the query.
  1. Click “Next: Actions

Now, it's time to create an action group.

Create an action group

Action groups are collections of notification preferences and actions that can be triggered by Azure alerts. 

To create an Action Group, 

  1. Under “Actions”, select “Create action group

Under “Basics

Under Project details

  1. Select a subscription
  2. Select or create a “Resource group
  3. Select the desired region

Under “Instance details

  1. Provide an “Action group name
  2. Provide a display name

Afterwards, click “Next: Notifications

Under “Notifications”

Notification type

  1. Select “Notification type” as “Email/SMS/Push/Voice
  2. Check the Email checkbox on the right pane and add the desired email in the field
  3. Select OK at the bottom

Name

  1. Next, provide a name for the “Notification type”; please, note that this step is mandatory.

Actions (optional)

To provide a webhook address for sending notifications to a server or API for custom development:

  1. Select “Webhook” under “Action type
  2. Provide the URI
     

Tags (optional)

Optionally, provide a TAG to categorize your different action groups in your resource groups. This can aid in identifying/categorizing an action group's consumption for billing.

Review + create

Now, 

  1. Review details to confirm 
  2. Select “Create” at the bottom
     

After you create an action group

After the action group is created,

  1. you will get an email confirming that you have been added to an “Azure Monitor action group
  1. The newly created action group will show up under “Actions
  1. Click “Next: Details” to proceed

Under “Details”

Proceed with the following steps under “Details”:

Under “Project details

  1. Choose what subscription and “Resource group” for the alert rule

Under “Alert rule details

  1. Set the severity
  2. Provide alert rule name
  3. (Optional) Provide a description for the alert rule
  4. Select the desired Region
  1. If necessary, add tags by clicking “Next: Tags”, otherwise select “Review + create

Under “Review + Create”

Based on the type and frequency of actions you set, you can see the anticipated pricing/consumption—for example, $1.5 per month for the current setup.

At this point, for further confirmation, you can create a test policy (such as a Conditional Access policy) to test the alert you created, run a Sync and back it up in Configuration Manager, so that the Sync can send the detected changes to Log Analytics once it completes. 

Create a test policy

Create a test policy to test the alert you created:
 

Test email alert

Run a Sync

In Configuration Manager, run a Sync so that the tenant's sync can backup/export the test policy just created 

The Sync will send the detected changes to Log Analytics once it completes.

To run a sync, 

  1. Select the blue button under “Sync” and choose the “Sync” option
  1. The Sync will start. Wait for it to finish.
  1. Once complete, select the clock icon next to the tenant name to view the Sync history and confirm that the test policy exported successfully. 
  1. Click on the eye icon to see the Sync history.
  1. Confirm that the test policy has exported successfully.

If the whole process is successful, when a change that meets the conditions of the query is detected, the alert will be successfully sent out to the email we specified.


 

 

 


 

 

 


 

 


 

 

 

Related Articles

DID THIS PAGE HELP YOU?