Manage Azure Monitor based alerts for Azure Backup
This article describes how to switch to Azure Monitor based alerts for Azure Backup and monitor them.
Supported alerting solutions
Azure Backup now supports different kinds of Azure Monitor based alerting solutions. You can use a combination of any of these based on your specific requirements.
The following table lists some of these solutions:
| Alert | Utility | Description |
|---|---|---|
| Built-in Azure Monitor alerts | Default alerts enabled for critical scenarios. | Azure Backup automatically generates built-in alerts for certain default scenarios, such as deletion of backup data, disabling of soft-delete, backup failures, restore failures, and so on. You can view these alerts out of the box via Azure Business Continuity Center. To configure notifications for these alerts (for example, emails), you can use Azure Monitor's Alert Processing Rules and Action groups to route alerts to a wide range of notification channels. |
| Log/ARG based Alerts | To write custom alerts. - Azure Resource Graph (ARG): On real time data. - LA: On Log Analytics data (when some delay is acceptable). |
If you've scenarios where an alert needs to be generated based on custom logic, you can use Log Analytics based alerts for such scenarios, provided you've configured your vaults to send diagnostics data to a Log Analytics (LA) workspace. |
| Metric alerts | To write alerts for job success and cases where the health is not as expected. | You can write custom alert rules using Azure Monitor metrics to monitor the health of your backup items across different KPIs. |
Note
There are five types of alert severity levels - Critical, Error, Warning, Informational, and Verbose. You can configure notifications for alerts based on these severity levels.
Supported monitoring platform
Azure Business Continuity Center enables you to view the list of all Built-in alerts and custom alerts written on the metrics that Microsoft offers. To view any custom alerts written on ARG, Log Analytics, Activity Logs, go to Azure Monitor > Alerts, and then select Monitor Service as Log Alerts V2 and select Signal Type as Log search/ Activity.
Migrate from classic alerts to built-in Azure Monitor alerts
Among the different Azure Monitor based alert solutions, built-in Azure Monitor alerts come closest to classic alerts as per user experience and functionality. So, to quickly switch from classic alerts to Azure Monitor, you can use built-in Azure Monitor alerts.
The following table lists the differences between classic backup alerts and built-in Azure Monitor alerts for backup:
| Actions | Classic alerts | Built-in Azure Monitor alerts |
|---|---|---|
| Setting up notifications | - You must enable the configure notifications feature for each Recovery Services vault, along with the email id(s) to which the notifications should be sent. - For certain destructive operations, email notifications are sent to the subscription owner, admin and co-admin irrespective of the notification settings of the vault. |
- Notifications are configured by creating an alert processing rule. - While alerts are generated by default and can't be turned off for destructive operations, the notifications are in the control of the user, allowing you to clearly specify which set of email address (or other notification endpoints) you wish to route alerts to. |
| Notification suppression for database backup scenarios | When there are multiple failures for the same database due to the same error code, a single alert is generated (with the occurrence count updated for each failure type) and a new alert is only generated when the original alert is inactivated. | The behavior is currently different. Here, a separate alert is generated for every backup failure. If there's a window of time when backups will fail for a certain known item (for example, during a maintenance window), you can create a suppression rule to suppress email noise for that backup item during the given period. |
| Pricing | There are no additional charges for this solution. | Alerts for critical operations/failures generate by default (that you can view in the Azure portal or via non-portal interfaces) at no additional charge. However, to route these alerts to a notification channel (such as email), it incurs a minor charge for notifications beyond the free tier (of 1000 emails per month). Learn more about Azure Monitor pricing. |
Note
- If you've existing custom Azure Resource Graph (ARG) queries written on classic alerts data, you'll need to update these queries to fetch information from Azure Monitor-based alerts. You can use the AlertsManagementResources table in ARG to query Azure Monitor alerts data.
- If you send classic alerts to Log Analytics workspace/Storage account/Event Hub via diagnostics settings, you'll also need to update these automation. To send the fired Azure Monitor based alerts to a destination of your choice, you can create an alert processing rule and action group that routes these alerts to a logic app, webhook, or runbook that in turn sends these alerts to the required destination.
Azure Backup now provides a guided experience via Azure Business Continuity Center that allows you to switch to built-in Azure Monitor alerts and notifications with just a few selects. To perform this action, you need to have access to the Backup Contributor and Monitoring Contributor Azure role-based access control (Azure RBAC) roles to the subscription.
To migrate from classic alerts to built-in Azure Monitor alerts, follow these steps:
On the Azure portal, go to Business Continuity Center > Monitoring + Reporting > Alerts.
Opt-out of classic alerts to avoid receiving duplicate alerts from two solutions. Select Manage alerts to view the vaults for which classic alerts are currently enabled.
Select Update > Use only Azure Monitor alerts checkbox.
By doing so, you agree to receive backup alerts only via Azure Monitor, and you'll stop receiving alerts from the older (classic alerts) solution.
To select multiple vaults on a page and update the settings for these vaults with a single action, select Update from the top menu.
To opt-out of alerts from the Recovery Services vault or Backup vault, go to the specific vault > Properties > Monitoring Settings, and then select Update.
Turn on Azure Monitor alerts for job failure scenarios
To opt in to Azure Monitor alerts for backup failure and restore failure scenarios, follow these steps:
Choose a vault type:
Built-in Azure Monitor alerts are generated for job failures by default. If you want to turn off alerts for these scenarios, you can edit the monitoring settings property of the vault accordingly.
To manage monitoring settings for a Backup vault, follow these steps:
Go to the vault and select Properties.
Locate the Monitoring Settings vault property and select Update.
In the context pane, select the appropriate options to enable/disable built-in Azure Monitor alerts for job failures depending on your requirement.
We also recommend you to select the checkbox Use only Azure Monitor alerts.
By selecting this option, you're consenting to receive backup alerts only via Azure Monitor and you'll stop receiving alerts from the older classic alerts solution. Review the key differences between classic alerts and built-in Azure Monitor alerts.
Select Update to save the setting for the vault.
View fired alerts in the Azure portal
After an alert is fired for a vault, you can view the alert in the Azure portal in Azure Business Continuity Center or Recovery Services vault console.
View alerts in Recovery Services vault
To view fired alerts in the Azure Recovery Services vault, follow these steps:
In the Azure portal, go to Recovery Services vault > Alerts.
On the Alerts pane, filter for the Monitor Service =Azure Backup to see Azure Backup specific alerts.
A list a summary of active alerts are split by severity. The following types of alerts are displayed:
Datasource Alerts: You can see these alerts in the alerts basic view. Alerts that are tied to a specific datasource being backed-up (for example, back up or restore failure for a VM, deleting backup data for a database, and so on) appear under the Datasource Alerts section.
Global Alerts: You can see these alerts in the alerts full view. Alerts that aren't tied to a specific datasource(for example, disabling soft-delete functionality for a vault) appear under the Global Alerts section.
Each of the above types of alerts is further split into Security and Configured alerts. Currently, Security alerts include the scenarios of deleting backup data, or disabling soft-delete for vault (for the applicable workloads as detailed in the above section). Configured alerts include backup failure and restore failure, because these alerts are fired only when alerts aren't disabled for these scenarios.
Select the Alerts menu item to open a list of all active alerts fired with the relevant filters applied.
You can select any alert to view more details about the alert, such as the affected datasource, alert description and recommended action, and so on.
After the event is mitigated, change the state of an alert to Acknowledged or Closed by selecting Change Alert State.
View alerts in Azure Business Continuity Center
To monitor the alerts, follow these steps:
On Business Continuity Center, go to Monitoring + Reporting > Alerts.
The count of all alert rules appears that have at least one or more fired alerts in the selected time range.
On Alerts, filter the list by severity of alert, category of alert, time range (up to last 15 days), and other parameters.
The Impacted Items count in the grid shows the number of resources on which an alert corresponding to that alert rule was fired. To view the impacted items, select View impacted items in the context menu to view all alerts that were triggered due to that alert rule.
You can then review each alert and take appropriate action.
Programmatic options
You can also use programmatic methods to opt-out of classic alerts and manage Azure Monitor notifications.
Opt out of classic backup alerts
In the following sections, you'll learn how to opt out of classic backup alert solution using the supported clients.
Using Azure Resource Manager (ARM)/ Bicep/ REST API/ Azure Policy
The monitoringSettings vault property helps you specify if you want to disable classic alerts. You can create a custom ARM/Bicep template or Azure Policy to modify this setting for your vaults.
The following example of the vault settings property shows that the classic alerts are disabled and built-in Azure Monitor alerts are enabled for all job failures.
{
"monitoringSettings": {
"classicAlertsForCriticalOperations": "Disabled",
"azureMonitorAlertSettings": {
"alertsForAllJobFailures": "Enabled"
}
}
}
Using Azure PowerShell
To modify the alert settings of the vault, use the Update-AzRecoveryServicesVault command.
The following example helps you to enable built-in Azure Monitor alerts for job failures and disables classic alerts:
Update-AzRecoveryServicesVault -ResourceGroupName testRG -Name testVault -DisableClassicAlerts $true -DisableAzureMonitorAlertsForJobFailure $false
Using Azure CLI
To modify the alert settings of the vault, use the az backup vault backup-properties set command.
The following example helps you to enable built-in Azure Monitor alerts for job failures and disables classic alerts.
az backup vault backup-properties set \
--name testVault \
--resource-group testRG \
--clasic-alerts Disable \
--alerts-for-job-failures Enable
Set up notifications for Azure Monitor alerts
You can use the following standard programmatic interfaces supported by Azure Monitor to manage action groups and alert processing rules.
Using Azure Resource Manager (ARM)/ Bicep/ REST API
You can use these sample ARM and Bicep templates that create an alert processing rule and action group associated to all Recovery Services vaults in the selected subscription.
Using Azure PowerShell
As described in earlier sections, you need an action group (notification channel) and alert processing rule (notification rule) to configure notifications for your vaults.
To configure the notification, run the following cmdlet:
Create an action group associated with an email ID using the New-AzActionGroupReceiver cmdlet and the Set-AzActionGroup cmdlet.
$email1 = New-AzActionGroupReceiver -Name 'user1' -EmailReceiver -EmailAddress 'user1@contoso.com' Set-AzActionGroup -Name "testActionGroup" -ResourceGroupName "testRG" -ShortName "testAG" -Receiver $email1Create an alert processing rule that's linked to the above action group using the Set-AzAlertProcessingRule cmdlet.
Set-AzAlertProcessingRule -ResourceGroupName "testRG" -Name "AddActionGroupToSubscription" -Scope "/subscriptions/xxxx-xxx-xxxx" -FilterTargetResourceType "Equals:Microsoft.RecoveryServices/vaults" -Description "Add ActionGroup1 to alerts on all RS vaults in subscription" -Enabled "True" -AlertProcessingRuleType "AddActionGroups" -ActionGroupId "/subscriptions/xxxx-xxx-xxxx/resourcegroups/testRG/providers/microsoft.insights/actiongroups/testActionGroup"
Using Azure CLI
As described in earlier sections, you need an action group (notification channel) and alert processing rule (notification rule) to configure notifications for your vaults.
To configure the same, run the following commands:
Create an action group associated with an email ID using the az monitor action-group create command.
az monitor action-group create --name testag1 --resource-group testRG --short-name testag1 --action email user1 user1@contoso.com --subscription "Backup PM Subscription"Create an alert processing rule that is linked to the above action group using the az monitor alert-processing-rule create command.
az monitor alert-processing-rule create \ --name 'AddActionGroupToSubscription' \ --rule-type AddActionGroups \ --scopes "/subscriptions/xxxx-xxx-xxxx" \ --filter-resource-type Equals "Microsoft.RecoveryServices/vaults" --action-groups "/subscriptions/xxxx-xxx-xxxx/resourcegroups/testRG/providers/microsoft.insights/actiongroups/testag1" \ --enabled true \ --resource-group testRG \ --description "Add ActionGroup1 to all RS vault alerts in subscription"
Next steps
Learn more about Azure Backup monitoring and reporting.