WEBVTT 0:00:02.740000 --> 0:00:07.020000 Hey, let's take a few minutes to talk about alerts. 0:00:07.020000 --> 0:00:09.360000 We're going to really go through a couple different things. 0:00:09.360000 --> 0:00:14.060000 We're going to talk about alerts in Azure in general. 0:00:14.060000 --> 0:00:17.680000 Then I'm going to go through a demonstration of how you can set up and 0:00:17.680000 --> 0:00:20.800000 how you might trigger alerts and what are the components. 0:00:20.800000 --> 0:00:24.000000 Then I'm going to talk about some of the for lack of a better term advanced 0:00:24.000000 --> 0:00:30.260000 alerts and what are some of the built-in alerts. 0:00:30.260000 --> 0:00:35.820000 Then I want to go ahead and talk about some of the alert takeaways. 0:00:35.820000 --> 0:00:39.680000 What are some of the things that we want to really come away from this 0:00:39.680000 --> 0:00:45.440000 lesson with? Let's go ahead and jump into this and let's talk about alerts 0:00:45.440000 --> 0:00:50.460000 in general. The concept of alert is something that if you've worked in 0:00:50.460000 --> 0:00:53.320000 IT, you're probably familiar with. 0:00:53.320000 --> 0:00:57.460000 It's really just a process where there's some level of automated monitoring 0:00:57.460000 --> 0:01:02.380000 and when something happens, usually something bad, you want to be notified 0:01:02.380000 --> 0:01:07.460000 of this, whether it's by email or text message or maybe making a call 0:01:07.460000 --> 0:01:09.720000 to another automated system. 0:01:09.720000 --> 0:01:15.360000 Whatever it is, if you think about the core concept of alerts in general, 0:01:15.360000 --> 0:01:19.080000 I'm not even talking about the concept of alerts in Azure, but if we have 0:01:19.080000 --> 0:01:24.800000 the core concept of alerts, you've got this idea of something that happens. 0:01:24.800000 --> 0:01:28.540000 There's some triggering event. 0:01:28.540000 --> 0:01:36.120000 Let's say for example, there's a HTTP, HTTP error. 0:01:36.120000 --> 0:01:43.320000 I've got a web app, there's an HTTP error, and then I want that to trigger 0:01:43.320000 --> 0:01:47.380000 some response, some action. 0:01:47.380000 --> 0:01:51.720000 Maybe multiple actions. 0:01:51.720000 --> 0:01:56.240000 For example, most commonly, maybe it sends out an email. 0:01:56.240000 --> 0:02:01.280000 At the highest level, that's what we have when we think about alerting. 0:02:01.280000 --> 0:02:06.900000 I've used alerting in a wide range of systems, probably back in the, I 0:02:06.900000 --> 0:02:09.180000 love saying this, previous century. 0:02:09.180000 --> 0:02:12.840000 Maybe one of the first things I used was SQL Server and how you could 0:02:12.840000 --> 0:02:15.400000 set up notifications there. 0:02:15.400000 --> 0:02:18.960000 Really, I've used it in many other systems as well, and likely, frankly, 0:02:18.960000 --> 0:02:22.460000 so have you. Really, what we want to do is say, okay, we've got this basic 0:02:22.460000 --> 0:02:25.960000 concept, and even if you'd never seen it before, what we have over here 0:02:25.960000 --> 0:02:30.600000 really is the basic concept, how is this implemented within the Azure 0:02:30.600000 --> 0:02:35.500000 environment? That's actually also really fairly straightforward. 0:02:35.500000 --> 0:02:40.300000 You have two components to really defining alerts, and the first component 0:02:40.300000 --> 0:02:43.140000 is the alert rule. 0:02:43.140000 --> 0:02:44.080000 That's what we have here. 0:02:44.080000 --> 0:02:49.080000 We've got this alert rule, and with an alert rule, you really define three 0:02:49.080000 --> 0:02:54.560000 things. First of all, you define what is the resource that you're monitoring? 0:02:54.560000 --> 0:02:59.020000 Really, that term very clear, this is the Azure resource. 0:02:59.020000 --> 0:03:01.280000 What Azure resource are you monitoring? 0:03:01.280000 --> 0:03:07.520000 Then what condition do you want to have as the trigger condition? 0:03:07.520000 --> 0:03:10.680000 The conditions, of course, are going to vary based on the alert. 0:03:10.680000 --> 0:03:14.360000 The conditions I would have for a web app are going to be necessarily 0:03:14.360000 --> 0:03:18.960000 different than the conditions I would have for alerting based on a virtual 0:03:18.960000 --> 0:03:21.780000 machine, although there may be overlap. 0:03:21.780000 --> 0:03:27.600000 Then the last component of the alert rule is what action you want to take. 0:03:27.600000 --> 0:03:32.920000 I've got the resource, I've got what's going on with the resource, and 0:03:32.920000 --> 0:03:36.160000 then I've got what I want to do when this gets triggered. 0:03:36.160000 --> 0:03:41.320000 Now, the action is really defined by an action group. 0:03:41.320000 --> 0:03:46.400000 An action group is a set of actions that are defined together that can 0:03:46.400000 --> 0:03:49.300000 be associated with alert rules. 0:03:49.300000 --> 0:03:53.420000 Why a group? Well, let's say you have one particular alert. 0:03:53.420000 --> 0:03:57.140000 Let's say you've got an HTTP error, and one thing that you want to do 0:03:57.140000 --> 0:04:02.960000 is you want to notify your administrators by email. 0:04:02.960000 --> 0:04:04.060000 Makes total sense. 0:04:04.060000 --> 0:04:08.720000 But maybe also, you've got a third party automation and logging system 0:04:08.720000 --> 0:04:13.960000 that has a webhook, it has a REST API, and you want to send some data 0:04:13.960000 --> 0:04:15.540000 to that as well. 0:04:15.540000 --> 0:04:18.320000 Well, I could define two different actions, but tie those together as 0:04:18.320000 --> 0:04:21.380000 an action group, and that's really all that is. 0:04:21.380000 --> 0:04:25.700000 That's why I have this ability to have an action group, which can be made 0:04:25.700000 --> 0:04:30.340000 up of one or more actions, and each action group can be associated with 0:04:30.340000 --> 0:04:31.980000 one or more alert rules. 0:04:31.980000 --> 0:04:37.800000 And likewise, each alert rule can actually have multiple action groups. 0:04:37.800000 --> 0:04:38.740000 That's the idea. 0:04:38.740000 --> 0:04:40.320000 Now, what are the different types of action groups? 0:04:40.320000 --> 0:04:43.880000 Well, you've got communication-based action groups, sending out emails, 0:04:43.880000 --> 0:04:51.700000 text messages. You've got the ability to link into functionality, to link 0:04:51.700000 --> 0:04:56.040000 into logic. And there's really actually, if I look about pretty much everything 0:04:56.040000 --> 0:05:02.140000 other than communication and possibly ITSM, those are all potentially 0:05:02.140000 --> 0:05:04.900000 custom actions that can be taken. 0:05:04.900000 --> 0:05:10.000000 So you can think of an alert not only as a way of notifying you that something 0:05:10.000000 --> 0:05:14.560000 possibly bad has happened, but you might even take that as a means of 0:05:14.560000 --> 0:05:17.200000 just automating processes. 0:05:17.200000 --> 0:05:21.100000 You're starting to run out of a disk space. 0:05:21.100000 --> 0:05:24.120000 What do you do? Well, that may not be a critical thing, but maybe there's 0:05:24.120000 --> 0:05:27.760000 a whole automation process that you want to kick off to respond to that. 0:05:27.760000 --> 0:05:31.900000 And so there's a lot of different ways that you can use alerts. 0:05:31.900000 --> 0:05:33.940000 In fact, you can think of alerting. 0:05:33.940000 --> 0:05:37.280000 I typically look at alerting from the standpoint of saying, OK, something's 0:05:37.280000 --> 0:05:41.520000 happening. I want to be extremely fast-reactive to that. 0:05:41.520000 --> 0:05:43.060000 So I want to get the alerts so I know it. 0:05:43.060000 --> 0:05:47.000000 But you could actually look at it as an element of an automation strategy 0:05:47.000000 --> 0:05:50.600000 altogether. It doesn't really matter as far as Azure's concerned. 0:05:50.600000 --> 0:05:53.800000 You've got the idea of some sort of event, and you've got some sort of 0:05:53.800000 --> 0:05:57.000000 response to it. As long as it falls within that, then it's going to work 0:05:57.000000 --> 0:06:03.520000 out fine. Now, in terms of the actual condition, that's based on these 0:06:03.520000 --> 0:06:07.620000 things we call alert signals, which sounds like it's a really, I don't 0:06:07.620000 --> 0:06:10.020000 know, that sounds like a really complex thing. 0:06:10.020000 --> 0:06:11.100000 It's really not. 0:06:11.100000 --> 0:06:15.600000 It's really just, OK, what are the different actions, activities, events 0:06:15.600000 --> 0:06:18.320000 that can trigger an alert rule? 0:06:18.320000 --> 0:06:20.380000 And there's two categories for that. 0:06:20.380000 --> 0:06:23.100000 One is metrics, so things like performance. 0:06:23.100000 --> 0:06:25.040000 And then the other is activity logs. 0:06:25.040000 --> 0:06:29.380000 So you could have an alert, for example, that triggers when kind of a 0:06:29.380000 --> 0:06:36.860000 stereotypical example, your percent processor is exceeding 80% on a virtual 0:06:36.860000 --> 0:06:38.520000 machine. You could trigger off that. 0:06:38.520000 --> 0:06:42.720000 But you could also trigger when somebody tries to change certain properties 0:06:42.720000 --> 0:06:46.640000 of a storage account, or maybe add things to a resource group. 0:06:46.640000 --> 0:06:52.520000 And you can have those kinds of activity -based, activity-log-based alerts. 0:06:52.520000 --> 0:06:58.740000 In fact, if you're in the Azure Monitor and you're going through the logs, 0:06:58.740000 --> 0:07:01.820000 which is covered in other videos, you can run a log query and actually 0:07:01.820000 --> 0:07:05.880000 create an alert based on that, based on the kind of data you would retrieve. 0:07:05.880000 --> 0:07:11.880000 So, again, broad concept, and what I want to do next is getting beyond 0:07:11.880000 --> 0:07:17.240000 the broad concept, I'm going to go ahead and take a look at setting a 0:07:17.240000 --> 0:07:19.420000 performance-based alert. 0:07:19.420000 --> 0:07:22.000000 And for this, I'm going to take an existing web app. 0:07:22.000000 --> 0:07:26.020000 And I've got the web app set up so that it can generate errors. 0:07:26.020000 --> 0:07:28.940000 Not something you would normally want to do with the web app, certainly 0:07:28.940000 --> 0:07:31.800000 not intentionally, but it works out pretty well when you're demonstrating 0:07:31.800000 --> 0:07:33.660000 things like alerts. 0:07:33.660000 --> 0:07:37.840000 And what I'm going to do is set up an alert on this web app so that any 0:07:37.840000 --> 0:07:43.840000 time there is an error, or a certain number of errors, it will go ahead 0:07:43.840000 --> 0:07:45.700000 and send me an alert. 0:07:45.700000 --> 0:07:53.020000 So without further ado, let's go ahead and let's set this up. 0:07:53.020000 --> 0:08:00.060000 I've got my portal to my standard subscription here, and I have deployed 0:08:00.060000 --> 0:08:04.840000 a web app. And here's my web app. 0:08:04.840000 --> 0:08:08.520000 And I've actually got the page open to it. 0:08:08.520000 --> 0:08:13.040000 I am not a designer, so this is not the most amazing looking web app ever. 0:08:13.040000 --> 0:08:18.280000 But I have the ability, for example, to set a network load, and I have 0:08:18.280000 --> 0:08:22.360000 the ability, a lot of reasons I can use this, and I can have this kind 0:08:22.360000 --> 0:08:23.900000 of randomly generated errors. 0:08:23.900000 --> 0:08:28.080000 So I'm going to have 100 requests, and in there there will be some errors. 0:08:28.080000 --> 0:08:30.260000 And you can see the errors out of this. 0:08:30.260000 --> 0:08:34.320000 I've got some 500 errors, some 404 errors that are generating. 0:08:34.320000 --> 0:08:35.180000 And there we go. 0:08:35.180000 --> 0:08:40.380000 So I've got 73 good messages, and then 27 errors. 0:08:40.380000 --> 0:08:42.340000 And again, just an easy way to generate errors. 0:08:42.340000 --> 0:08:44.040000 Please don't do this at home. 0:08:44.040000 --> 0:08:49.900000 What I want to do is I want to set up an alert on this app service so 0:08:49.900000 --> 0:08:56.060000 that when I do get those error messages, I can, well, be alerted to that. 0:08:56.060000 --> 0:08:59.900000 So what I'm going to do is I'm going to pop down here simply to the alert 0:08:59.900000 --> 0:09:05.520000 section. Now, the interface that I'm about to pull up is actually going 0:09:05.520000 --> 0:09:07.700000 to be a highly standardized interface. 0:09:07.700000 --> 0:09:10.320000 In fact, I'm going to bring up two of these. 0:09:10.320000 --> 0:09:15.260000 I'm going to bring up one where I can set up an action group, and another 0:09:15.260000 --> 0:09:16.780000 one where I create the alert rule. 0:09:16.780000 --> 0:09:20.980000 Now, I could create an alert rule and an action group at the same time, 0:09:20.980000 --> 0:09:26.880000 but I want to separate these out just for illustrative purposes. 0:09:26.880000 --> 0:09:31.420000 Now, I mentioned in fact that there's a number of different ways that 0:09:31.420000 --> 0:09:36.520000 you can go in and manage both action groups and alert rules. 0:09:36.520000 --> 0:09:41.600000 I'm going directly through a resource simply because I think it's the 0:09:41.600000 --> 0:09:47.040000 easiest way to see what's going on. 0:09:47.040000 --> 0:09:50.800000 I'm going to go and add an action group, and we're going to call this 0:09:50.800000 --> 0:10:02.680000 demo action group because I am not the least bit creative. 0:10:02.680000 --> 0:10:05.400000 A short name of demo action is hopefully that's short enough. 0:10:05.400000 --> 0:10:11.660000 It is, and I'm going to put this in, we'll put it in that resource group, 0:10:11.660000 --> 0:10:15.940000 O1 tasks. All right, so that's the action group, and then I start to define 0:10:15.940000 --> 0:10:20.680000 actions. And the first action that I'm going to define, I'll just call 0:10:20.680000 --> 0:10:24.300000 it email because that's what I'm going to end up doing. 0:10:24.300000 --> 0:10:28.120000 And then I can select an action type, and you'll see all these action 0:10:28.120000 --> 0:10:34.660000 types, which are essentially the list that I had in the previous slide. 0:10:34.660000 --> 0:10:39.240000 However, I had communication, which could either be email, SMS, push, 0:10:39.240000 --> 0:10:42.960000 or voice, or email as your resource manager role. 0:10:42.960000 --> 0:10:46.000000 So it kind of sets that out automatically. 0:10:46.000000 --> 0:10:50.620000 I have secure web hook and web hook, which is just variations of calling 0:10:50.620000 --> 0:10:55.240000 a REST API. But we're going to go ahead and set up email SMS, push, and 0:10:55.240000 --> 0:11:00.140000 voice. And I've got four options, and I can choose any, I have to choose 0:11:00.140000 --> 0:11:02.440000 at least one, but I can choose more than one. 0:11:02.440000 --> 0:11:13.600000 But I'm going to simply choose email and send this to my email account. 0:11:13.600000 --> 0:11:19.120000 And we will not use the common alerts schema, which is basically alert 0:11:19.120000 --> 0:11:22.580000 here. And I hit OK. 0:11:22.580000 --> 0:11:26.980000 And that's going to send an email out based on the, you know, anytime 0:11:26.980000 --> 0:11:27.960000 this gets called. 0:11:27.960000 --> 0:11:29.120000 Now this is just the action group. 0:11:29.120000 --> 0:11:31.420000 This is not the alert rule. 0:11:31.420000 --> 0:11:32.960000 So this isn't triggering anything. 0:11:32.960000 --> 0:11:38.000000 It's just essentially giving an endpoint that can be used when alerts 0:11:38.000000 --> 0:11:44.340000 are defined. Now I could have another action in this action group and 0:11:44.340000 --> 0:11:47.600000 just select something else, for example, maybe a web hook, and then I 0:11:47.600000 --> 0:11:50.960000 would go and define that web hook. 0:11:50.960000 --> 0:11:53.420000 But I don't have a web hook set up for this. 0:11:53.420000 --> 0:11:56.920000 So I'm going to delete that and hit OK. 0:11:56.920000 --> 0:11:59.320000 And that gives me an action group. 0:11:59.320000 --> 0:12:02.300000 There we go. I've got my action group. 0:12:02.300000 --> 0:12:07.520000 All right. Now I'm going to go back and I am going to create a new alert 0:12:07.520000 --> 0:12:15.300000 rule. Now the resource that I'm creating this on is Iany Alert Web. 0:12:15.300000 --> 0:12:18.820000 This interface is the absolute standard interface. 0:12:18.820000 --> 0:12:24.580000 In fact, if I were to go to monitor, I could create an alert exactly for 0:12:24.580000 --> 0:12:26.220000 exactly the same scenario. 0:12:26.220000 --> 0:12:29.460000 The only difference is that the resource would not be preselected. 0:12:29.460000 --> 0:12:33.300000 So by going through the interface, the portal interface for a particular 0:12:33.300000 --> 0:12:37.320000 resource, it just essentially pre-fills that option. 0:12:37.320000 --> 0:12:39.960000 All right. Now I do need to specify a condition. 0:12:39.960000 --> 0:12:41.840000 So I'm going to add a condition. 0:12:41.840000 --> 0:12:48.080000 And these are all of these signals that are available for this particular 0:12:48.080000 --> 0:12:50.000000 type of resource. 0:12:50.000000 --> 0:12:54.980000 And I've got two types as I mentioned metrics, which are the majority 0:12:54.980000 --> 0:12:58.240000 and activity logs, or at least the majority we could see. 0:12:58.240000 --> 0:13:02.140000 All right. So for example, maybe I want to know every time a web app gets 0:13:02.140000 --> 0:13:08.000000 restarted. I could have that as my condition. 0:13:08.000000 --> 0:13:11.480000 But I'm going to go ahead and go with metrics. 0:13:11.480000 --> 0:13:14.420000 And I'm going to come down here to HTTP server errors. 0:13:14.420000 --> 0:13:19.540000 So anytime there's any server errors, I want to go ahead and choose that. 0:13:19.540000 --> 0:13:23.020000 And this is going to show me, OK, here's what kinds of server errors you've 0:13:23.020000 --> 0:13:27.040000 had. And you notice actually there are a few of them. 0:13:27.040000 --> 0:13:33.280000 And then I can set up my instance. 0:13:33.280000 --> 0:13:37.840000 OK, I'm not going to set up an instance saying that has to do with differentiating 0:13:37.840000 --> 0:13:43.980000 the way that you are calculating or monitoring that. 0:13:43.980000 --> 0:13:48.640000 OK, also you can set up dynamic alert, thresholding. 0:13:48.640000 --> 0:13:52.100000 What that does is it actually uses a little bit of artificial intelligence. 0:13:52.100000 --> 0:13:54.860000 It kind of monitors what's been going on. 0:13:54.860000 --> 0:13:59.960000 So for example, if I've got a web app that just always generates a lot 0:13:59.960000 --> 0:14:03.620000 of HTTP errors, maybe it's not perfectly built. 0:14:03.620000 --> 0:14:08.740000 All right. I don't necessarily always want to alert that, but I might 0:14:08.740000 --> 0:14:12.640000 want to get alert if I get something that's really out of the norm. 0:14:12.640000 --> 0:14:15.340000 All right. But in this case, I'm just going to pick static and I'm going 0:14:15.340000 --> 0:14:20.420000 to say, if the total is greater than, we'll say, five. 0:14:20.420000 --> 0:14:23.180000 And this is over a period. 0:14:23.180000 --> 0:14:25.580000 We have an aggregation period here. 0:14:25.580000 --> 0:14:27.780000 I can aggregate every five minutes. 0:14:27.780000 --> 0:14:29.780000 I can aggregate every one minute. 0:14:29.780000 --> 0:14:32.320000 We'll go and aggregate every one minute. 0:14:32.320000 --> 0:14:35.600000 And it's going to check every minute. 0:14:35.600000 --> 0:14:38.180000 So we'll go back to five minutes. 0:14:38.180000 --> 0:14:43.080000 And done. And so that sets up the condition. 0:14:43.080000 --> 0:14:47.680000 Now I am going to associate an action group. 0:14:47.680000 --> 0:14:52.040000 So I go in here and there's the action group that I just created. 0:14:52.040000 --> 0:14:54.480000 I have another one that's just used for other demonstrations. 0:14:54.480000 --> 0:14:56.940000 Actually, it'll be used in a few minutes. 0:14:56.940000 --> 0:15:00.580000 And now I've got an action group associated with this. 0:15:00.580000 --> 0:15:01.740000 And then there's a few details. 0:15:01.740000 --> 0:15:05.240000 I have to give this a name, which not surprisingly, it's just going to 0:15:05.240000 --> 0:15:09.960000 be demo alert. I should give it a description. 0:15:09.960000 --> 0:15:19.940000 And we'll say server errors because that's really what it is. 0:15:19.940000 --> 0:15:22.860000 And the severity is just a number that you choose. 0:15:22.860000 --> 0:15:24.560000 And it's really just metadata. 0:15:24.560000 --> 0:15:27.240000 Believe it has severity three. 0:15:27.240000 --> 0:15:29.740000 And do I want this rule enabled upon creation? 0:15:29.740000 --> 0:15:31.760000 Yes, in fact, I do. 0:15:31.760000 --> 0:15:34.960000 So I'm going to go ahead and create that rule. 0:15:34.960000 --> 0:15:36.340000 Wait till that's done. 0:15:36.340000 --> 0:15:37.780000 And then I'm going to generate some errors. 0:15:37.780000 --> 0:15:39.600000 And I'll come back to this. 0:15:39.600000 --> 0:15:44.500000 And hopefully by the time I'm done covering our advanced errors, the alert 0:15:44.500000 --> 0:15:48.960000 or advanced alerts, the error will have generated an alert. 0:15:48.960000 --> 0:15:52.220000 For some reason, that was difficult for me to say. 0:15:52.220000 --> 0:15:55.420000 All right, give this just a moment. 0:15:55.420000 --> 0:15:58.300000 And we'll be back as soon as that's done creating the alert rule. 0:15:58.300000 --> 0:16:01.920000 And I will generate the errors. 0:16:01.920000 --> 0:16:09.120000 All right, so the alert rule and the action group have been created. 0:16:09.120000 --> 0:16:11.980000 And really now all I need to do is go ahead. 0:16:11.980000 --> 0:16:14.780000 And I'm just going to rerun this. 0:16:14.780000 --> 0:16:17.720000 And the edge create plenty. 0:16:17.720000 --> 0:16:21.620000 So I execute this and I start to get some errors. 0:16:21.620000 --> 0:16:27.140000 All right, and fairly quickly, if all goes well, ironically, that should 0:16:27.140000 --> 0:16:30.720000 trigger the alert and we should be able to track that. 0:16:30.720000 --> 0:16:32.860000 In the meantime, let's go ahead. 0:16:32.860000 --> 0:16:34.580000 So we're not waiting around for that. 0:16:34.580000 --> 0:16:42.260000 And let's take a look at some advanced alerts. 0:16:42.260000 --> 0:16:46.080000 And really, the advanced alerts aren't particularly advanced, really more 0:16:46.080000 --> 0:16:47.560000 like built-in alerts. 0:16:47.560000 --> 0:16:51.560000 And there's a few different types of built-in alerts that you can take 0:16:51.560000 --> 0:16:56.840000 advantage of. From the cost management side, there are budget alerts. 0:16:56.840000 --> 0:17:01.120000 You can set a budget and then you can set points at which you want to 0:17:01.120000 --> 0:17:05.180000 be alerted. So if I've got my typical spin budget, I can set an alert 0:17:05.180000 --> 0:17:07.820000 at certain percentages of that budget. 0:17:07.820000 --> 0:17:12.520000 Now, I'm going to demonstrate that if you watched actually really covered 0:17:12.520000 --> 0:17:16.140000 budgets before and kind of as a side note did the alerting. 0:17:16.140000 --> 0:17:20.260000 But if you saw that, then you may not need to watch this part of the video. 0:17:20.260000 --> 0:17:21.540000 But I've got that. 0:17:21.540000 --> 0:17:24.960000 In addition to that, there are alerts that you can set up within Azure 0:17:24.960000 --> 0:17:30.260000 AD. And the alerting capability to some extent depends on whether or not 0:17:30.260000 --> 0:17:33.340000 you have the premium tier. 0:17:33.340000 --> 0:17:38.980000 But things, for example, like password reset, that you can get alerted 0:17:38.980000 --> 0:17:40.720000 on at all times. 0:17:40.720000 --> 0:17:46.880000 You have a user's at risk alert so that if there are risky activities 0:17:46.880000 --> 0:17:49.800000 that occur, then you can get alerted on that. 0:17:49.800000 --> 0:17:53.440000 If you are implementing privileged identity management, which in and of 0:17:53.440000 --> 0:17:57.820000 itself requires the premium tier, it actually requires premium P2 tier 0:17:57.820000 --> 0:18:02.020000 of Azure AD, you can set up so that you're alerted. 0:18:02.020000 --> 0:18:05.960000 Anytime, for example, somebody may elevate there or request to elevate 0:18:05.960000 --> 0:18:11.580000 their permissions in order to accomplish some functionality within Azure. 0:18:11.580000 --> 0:18:13.160000 And that's really what that is. 0:18:13.160000 --> 0:18:20.020000 But the idea is that these are really predefined, built-in alerts. 0:18:20.020000 --> 0:18:23.260000 And what I'm going to do is go through the budget and just show you how 0:18:23.260000 --> 0:18:26.340000 you can set up an alert within the budget. 0:18:26.340000 --> 0:18:32.920000 And so that demonstration, which I just noticed, still says create a setting 0:18:32.920000 --> 0:18:35.500000 performance alert, which is what we've already done. 0:18:35.500000 --> 0:18:40.140000 I'm just going to jump right into it without showing that cool preview 0:18:40.140000 --> 0:18:42.240000 page. All right. 0:18:42.240000 --> 0:18:45.560000 I am back in my portal. 0:18:45.560000 --> 0:18:50.000000 And what I'm going to do is go down to cost management and billing. 0:18:50.000000 --> 0:18:55.020000 And I'm going to go to cost management. 0:18:55.020000 --> 0:18:58.000000 And I'm going to go to budgets. 0:18:58.000000 --> 0:19:02.940000 And I am going to go ahead and add a budget. 0:19:02.940000 --> 0:19:07.020000 And I'm going to give this budget a name. 0:19:07.020000 --> 0:19:08.660000 It will probably be a shock to you. 0:19:08.660000 --> 0:19:11.100000 They're called demo budget. 0:19:11.100000 --> 0:19:14.580000 I'm set to reset monthly. 0:19:14.580000 --> 0:19:20.620000 Going from 2019 to 2021 or 2020. 0:19:20.620000 --> 0:19:26.580000 And as the case may be, okay, next, let's go previous. 0:19:26.580000 --> 0:19:30.900000 I'm also going to actually set the budget. 0:19:30.900000 --> 0:19:35.300000 Isn't it right place? 0:19:35.300000 --> 0:19:43.560000 Yes. Ah, that's why I have the wrong scope. 0:19:43.560000 --> 0:19:50.040000 Always do this. I guess I should have had some budget data showing there. 0:19:50.040000 --> 0:19:56.160000 Okay. Now I'm going to add a budget. 0:19:56.160000 --> 0:20:00.160000 That really wasn't supposed to be part of the demo, but good to see. 0:20:00.160000 --> 0:20:02.340000 Anyways, demo budget. 0:20:02.340000 --> 0:20:05.940000 And a monthly budget. 0:20:05.940000 --> 0:20:09.140000 It actually suggests a number for me. 0:20:09.140000 --> 0:20:14.840000 Let me say $1000 budget. 0:20:14.840000 --> 0:20:15.820000 And it's pretty cool. 0:20:15.820000 --> 0:20:20.700000 I can see my budget line relative to what my costs have been and what 0:20:20.700000 --> 0:20:22.420000 my projected costs are. 0:20:22.420000 --> 0:20:29.160000 Then I can go and set my alert conditions. 0:20:29.160000 --> 0:20:32.480000 Really, what I'm doing here is I'm setting alert rules based on budget. 0:20:32.480000 --> 0:20:36.140000 So let's say, for example, I want to get an early alert when I'm up at 0:20:36.140000 --> 0:20:39.540000 25% of budget. And then what do I want to do with that? 0:20:39.540000 --> 0:20:42.580000 I want to send that alert to demo action group. 0:20:42.580000 --> 0:20:45.620000 And I can do it again at, let's say, 70%. 0:20:45.620000 --> 0:20:50.320000 Send that to demo action group again. 0:20:50.320000 --> 0:20:57.040000 Then if we get up to 100%, then I'm sending that to my primary budget 0:20:57.040000 --> 0:20:59.900000 folks, which actually is me as well. 0:20:59.900000 --> 0:21:01.240000 But that's the idea, right? 0:21:01.240000 --> 0:21:05.920000 So I have this ability to actually define multiple alert rules or conditions 0:21:05.920000 --> 0:21:08.280000 in this one interface for budgeting. 0:21:08.280000 --> 0:21:12.320000 And that's really what that does. 0:21:12.320000 --> 0:21:14.480000 We'll create that. 0:21:14.480000 --> 0:21:16.160000 And the budget was created. 0:21:16.160000 --> 0:21:17.720000 And you can see this budget now. 0:21:17.720000 --> 0:21:23.200000 Now, if alerts are generated, I can actually track those here in the cost 0:21:23.200000 --> 0:21:27.660000 alerts. Now, I don't have any alerts because I just created that budget. 0:21:27.660000 --> 0:21:31.560000 And fortunately, I've never triggered the actual budget. 0:21:31.560000 --> 0:21:37.700000 But that is the idea of setting up alerts and kind of a one-off way. 0:21:37.700000 --> 0:21:42.520000 And again, you have similar alerting capabilities within Azure AD. 0:21:42.520000 --> 0:21:49.640000 And now what I want to do is I want to go back and really cover some of 0:21:49.640000 --> 0:21:53.140000 the takeaways. Just wrap this up and then right at the end, we'll pop 0:21:53.140000 --> 0:21:57.380000 back over and see if our performance base alert has actually generated 0:21:57.380000 --> 0:22:01.200000 an alert yet. So when you think about alerts, you really want to think 0:22:01.200000 --> 0:22:04.260000 about the components, the alert rule and the action group. 0:22:04.260000 --> 0:22:05.260000 Pretty straightforward, right? 0:22:05.260000 --> 0:22:09.420000 The alert rule has three main elements. 0:22:09.420000 --> 0:22:11.120000 It's got the trigger. 0:22:11.120000 --> 0:22:14.240000 It's got the filter. 0:22:14.240000 --> 0:22:19.920000 So the trigger is going to be the resource and the actual filter. 0:22:19.920000 --> 0:22:23.060000 It's got the action group. 0:22:23.060000 --> 0:22:26.240000 And you also have a few of those additional settings that we saw. 0:22:26.240000 --> 0:22:32.400000 The action group is email, SMS, phone. 0:22:32.400000 --> 0:22:36.640000 You've got function apps, logic apps, runbooks, webhooks, webhooks with 0:22:36.640000 --> 0:22:43.760000 security, ITSM, and also now emailing directly to the administrators, 0:22:43.760000 --> 0:22:46.260000 the owners. All right, alert monitoring. 0:22:46.260000 --> 0:22:47.780000 How do you monitor alerts? 0:22:47.780000 --> 0:22:52.680000 You've got alert monitoring at the resource level within a given blade, 0:22:52.680000 --> 0:22:56.680000 for example, I can go into the portal, go to the blade for a resource, 0:22:56.680000 --> 0:23:00.120000 and I can actually keep track of the alerts that have been generated. 0:23:00.120000 --> 0:23:05.160000 I have an alerting window within the Azure monitor, so I go to that and 0:23:05.160000 --> 0:23:08.020000 kind of have centralized management of my alerts. 0:23:08.020000 --> 0:23:11.220000 You also have an API that's available where you could pull alert information, 0:23:11.220000 --> 0:23:16.040000 or, of course, you have the ability within the alert to send it to a logic 0:23:16.040000 --> 0:23:22.220000 app or a function app or a webhook, which is really any qualifying REST 0:23:22.220000 --> 0:23:26.660000 API. And by qualifying, there are certain rules with a REST API that accepts 0:23:26.660000 --> 0:23:28.440000 alert information. 0:23:28.440000 --> 0:23:33.220000 It has to be defined in such a way to actually prove that it can receive 0:23:33.220000 --> 0:23:36.160000 this information, but it's pretty straightforward to do so. 0:23:36.160000 --> 0:23:37.840000 All right, and so again, that's what alert is. 0:23:37.840000 --> 0:23:45.020000 Let's take a quick look back and let's see if my alert has been generated. 0:23:45.020000 --> 0:23:52.280000 All right, we are over here in the alerts. 0:23:52.280000 --> 0:23:59.980000 So let's go to the dashboard and let's go to my web app. 0:23:59.980000 --> 0:24:08.400000 And down here under alerts, there we go. 0:24:08.400000 --> 0:24:13.460000 I've got my one alert, not terribly exciting, but this didn't exist before. 0:24:13.460000 --> 0:24:15.520000 Notice it's severity three. 0:24:15.520000 --> 0:24:17.700000 I can actually click that. 0:24:17.700000 --> 0:24:19.380000 There's the demo alert. 0:24:19.380000 --> 0:24:23.320000 I can see that it fired on my web. 0:24:23.320000 --> 0:24:29.280000 And if I go into the actual alert, I can see why it fired. 0:24:29.280000 --> 0:24:37.580000 And criteria, and so that was an HTTP 500 error that fired it and the 0:24:37.580000 --> 0:24:38.560000 rest of the information. 0:24:38.560000 --> 0:24:39.660000 So there are server errors. 0:24:39.660000 --> 0:24:43.520000 That was my description, signal type metric alert rule demo alert. 0:24:43.520000 --> 0:24:45.180000 And I can really get information. 0:24:45.180000 --> 0:24:50.800000 In addition to that, I have also received an email that I'm going to ask 0:24:50.800000 --> 0:24:54.060000 you to just trust me on because I don't have my email up right at the 0:24:54.060000 --> 0:24:57.900000 moment, but that will have sent me an email as well that giving me details 0:24:57.900000 --> 0:24:59.200000 about the alert. 0:24:59.200000 --> 0:25:00.960000 And so that's really it. 0:25:00.960000 --> 0:25:04.940000 I have spent a fair bit of time talking about alerts because I think there's 0:25:04.940000 --> 0:25:08.860000 something that's important, but also hopefully you see that conceptually 0:25:08.860000 --> 0:25:10.760000 they're not really all that difficult.