diff --git a/.github/actions-pester/Test-ModifiedPolicies.Tests.ps1 b/.github/actions-pester/Test-ModifiedPolicies.Tests.ps1 index d9d5f7160..c2cdf9a56 100644 --- a/.github/actions-pester/Test-ModifiedPolicies.Tests.ps1 +++ b/.github/actions-pester/Test-ModifiedPolicies.Tests.ps1 @@ -1,6 +1,6 @@ Describe 'UnitTest-ModifiedPolicies' { BeforeAll { - Import-Module -Name $PSScriptRoot\PolicyPesterTestHelper.psm1 -Force -Verbose + Import-Module -Name $PSScriptRoot\PolicyPesterTestHelper.psm1 -Force # -Verbose $ModifiedFiles = @(Get-PolicyFiles -DiffFilter "M") if ($ModifiedFiles -ne $null) { @@ -132,7 +132,7 @@ Describe 'UnitTest-ModifiedPolicies' { $PolicyFile = Split-Path $_ -Leaf $PolicyMetadataName = $PolicyJson.name $ExcludePolicy = @() - $ExcludeParams = @("ALZManagementSubscriptionId", "BYOUserAssignedManagedIdentityResourceId") + $ExcludeParams = @("ALZManagementSubscriptionId", "BYOUserAssignedManagedIdentityResourceId", "UAMIResourceId") if ($PolicyMetadataName -notin $ExcludePolicy) { $PolicyParameters = $PolicyJson.properties.parameters if ($PolicyParameters | Get-Member -MemberType NoteProperty) { @@ -144,7 +144,7 @@ Describe 'UnitTest-ModifiedPolicies' { if ($key -notin $ExcludeParams) { $defaultValue = $PolicyParameters.$key | Get-Member -MemberType NoteProperty | Where-Object Name -EQ "defaultValue" # Write-Warning "$($PolicyFile) - Parameter: $($key) - Default Value: $($defaultValue)" - $PolicyParameters.$key.defaultValue | Should -Not -Because "the [defaultValue] for parameter [$key] is empty." + $PolicyParameters.$key.defaultValue | Should -Not -BeNullOrEmpty -Because "the [defaultValue] for parameter [$key] is empty." } } } diff --git a/.github/workflows/check-policy-build.yml b/.github/workflows/check-policy-build.yml index 3453d6446..ba67976bb 100644 --- a/.github/workflows/check-policy-build.yml +++ b/.github/workflows/check-policy-build.yml @@ -26,7 +26,7 @@ jobs: check-policy: name: Check Policy Build - runs-on: ubuntu-latest + runs-on: windows-latest steps: - name: Check out repository diff --git a/docs/content/patterns/alz/HowTo/Customer_managed_key_for_log_search_alerts.md b/docs/content/patterns/alz/HowTo/Customer_managed_key_for_log_search_alerts.md new file mode 100644 index 000000000..f319c1cb5 --- /dev/null +++ b/docs/content/patterns/alz/HowTo/Customer_managed_key_for_log_search_alerts.md @@ -0,0 +1,48 @@ +--- +title: Secure log search alert queries with Customer-managed key +geekdocCollapseSection: true +geekdocHidden: true +weight: 79 +--- + +### In this page + +> [Overview](../Customer_managed_key_for_log_search_alerts#overview)
+> [How this feature works](../Customer_managed_key_for_log_search_alerts#how-this-feature-works)
+ +## Overview + +The query language used in Log Analytics is expressive and can contain sensitive information in comments, or in the query syntax. Despite all data and saved queries are encrypted at rest using Microsoft-managed keys (MMK), some organizations might require that such information is kept protected under Customer-managed key policy. For this reason, you need to save your queries encrypted with your key. Azure Monitor enables you to store saved queries and log search alerts encrypted with your key in your own Storage Account when linked to your workspace. Check guidance and considerations in the following article: [Azure Monitor customer-managed keys](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/customer-managed-keys?tabs=portal). + +![Alert Rule](../../media/cmk_alertrule.png) + +## How this feature works + +{{< hint type=Info >}} +**This feature is applicable only to log-search alerts.** +{{< /hint >}} + +The **Require a workspace linked storage** option in the query alert rule controls whether this scheduled query rule should be stored in the customer's storage. To control this option in the AMBA-ALZ pattern, we use the ***checkWorkspaceAlertsStorageConfigured*** parameter with a **default value of 'false'**. More information in the following article: [Scheduled Query Rules](https://learn.microsoft.com/en-us/azure/templates/microsoft.insights/scheduledqueryrules?pivots=deployment-language-bicep) + +To change the **checkWorkspaceAlertsStorageConfigured** flag to **'true'**, navigate to: + +- [alzArm.param.json](https://github.com/azure/azure-monitor-baseline-alerts/blob/2025-02-05/patterns/alz/alzArm.param.json) for the latest release. +- [alzArm.param.json](https://github.com/azure/azure-monitor-baseline-alerts/blob/main/patterns/alz/alzArm.param.json) for the main branch. +- change parameters value where name contains *checkWorkspaceAlertsStorageConfigured* to *true* + ![Parameter file](../../media/cmk_parameter.png) + +{{< hint type=IMPORTANT >}} +An alert rule won't be created if the Log Analytics workspace doesn't have a configured linked storage account. +{{< /hint >}} + +Enabling this feature without a linked storage account, will cause the remediation task to fail + + ![remediation task error](../../media/cmk_remediation_task_error.png) + +with an error message similar to the following one: + + ![remediation task error message](../../media/cmk_remediation_task_error_message.png) + +As consequence, ***no alert rule for the given policy will be created*** and the corresponding policy definition will show as ***Non-compliant***. See the image below + + ![Policy compliance](../../media/cmk_alert_rule_error.png) diff --git a/docs/content/patterns/alz/media/cmk_alert_rule_error.png b/docs/content/patterns/alz/media/cmk_alert_rule_error.png new file mode 100644 index 000000000..9d5e40f85 Binary files /dev/null and b/docs/content/patterns/alz/media/cmk_alert_rule_error.png differ diff --git a/docs/content/patterns/alz/media/cmk_alertrule.png b/docs/content/patterns/alz/media/cmk_alertrule.png new file mode 100644 index 000000000..3ca4cfaef Binary files /dev/null and b/docs/content/patterns/alz/media/cmk_alertrule.png differ diff --git a/docs/content/patterns/alz/media/cmk_parameter.png b/docs/content/patterns/alz/media/cmk_parameter.png new file mode 100644 index 000000000..bf9c9b459 Binary files /dev/null and b/docs/content/patterns/alz/media/cmk_parameter.png differ diff --git a/docs/content/patterns/alz/media/cmk_remediation_task_error.png b/docs/content/patterns/alz/media/cmk_remediation_task_error.png new file mode 100644 index 000000000..45ac7acbf Binary files /dev/null and b/docs/content/patterns/alz/media/cmk_remediation_task_error.png differ diff --git a/docs/content/patterns/alz/media/cmk_remediation_task_error_message.png b/docs/content/patterns/alz/media/cmk_remediation_task_error_message.png new file mode 100644 index 000000000..967f2ec19 Binary files /dev/null and b/docs/content/patterns/alz/media/cmk_remediation_task_error_message.png differ diff --git a/patterns/alz/alzArm.param.json b/patterns/alz/alzArm.param.json index bed9881d5..5a94612f6 100644 --- a/patterns/alz/alzArm.param.json +++ b/patterns/alz/alzArm.param.json @@ -1175,6 +1175,9 @@ "HybridVMHeartBeatRGAutoMitigate": { "value": "true" }, + "HybridVMHeartBeatRGcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMHeartBeatRGAutoResolve": { "value": "true" }, @@ -1211,6 +1214,9 @@ "HybridVMNetworkInAutoMitigate": { "value": "true" }, + "HybridVMNetworkIncheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMNetworkInAutoResolve": { "value": "true" }, @@ -1238,11 +1244,6 @@ "HybridVMNetworkInFailingPeriods": { "value": "1" }, - "HybridVMNetworkInComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMNetworkOutAlertSeverity": { "value": "2" }, @@ -1255,6 +1256,9 @@ "HybridVMNetworkOutAutoMitigate": { "value": "true" }, + "HybridVMNetworkOutcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMNetworkOutAutoResolve": { "value": "true" }, @@ -1282,11 +1286,6 @@ "HybridVMNetworkOutFailingPeriods": { "value": "1" }, - "HybridVMNetworkOutComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMOSDiskReadLatencyAlertSeverity": { "value": "2" }, @@ -1299,6 +1298,9 @@ "HybridVMOSDiskReadLatencyAutoMitigate": { "value": "true" }, + "HybridVMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMOSDiskReadLatencyAutoResolve": { "value": "true" }, @@ -1326,11 +1328,6 @@ "HybridVMOSDiskReadLatencyFailingPeriods": { "value": "1" }, - "HybridVMOSDiskReadLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMOSDiskWriteLatencyAlertSeverity": { "value": "2" }, @@ -1343,6 +1340,9 @@ "HybridVMOSDiskWriteLatencyAutoMitigate": { "value": "true" }, + "HybridVMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMOSDiskWriteLatencyAutoResolve": { "value": "true" }, @@ -1370,11 +1370,6 @@ "HybridVMOSDiskWriteLatencyFailingPeriods": { "value": "1" }, - "HybridVMOSDiskWriteLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMOSDiskSpaceAlertSeverity": { "value": "2" }, @@ -1387,6 +1382,9 @@ "HybridVMOSDiskSpaceAutoMitigate": { "value": "true" }, + "HybridVMOSDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMOSDiskSpaceAutoResolve": { "value": "true" }, @@ -1414,11 +1412,6 @@ "HybridVMOSDiskSpaceFailingPeriods": { "value": "1" }, - "HybridVMOSDiskSpaceComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMPercentCPUAlertSeverity": { "value": "2" }, @@ -1431,6 +1424,9 @@ "HybridVMPercentCPUAutoMitigate": { "value": "true" }, + "HybridVMPercentCPUcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMPercentCPUAutoResolve": { "value": "true" }, @@ -1467,6 +1463,9 @@ "HybridVMPercentMemoryAutoMitigate": { "value": "true" }, + "HybridVMPercentMemorycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMPercentMemoryAutoResolve": { "value": "true" }, @@ -1503,6 +1502,9 @@ "HybridVMDataDiskSpaceAutoMitigate": { "value": "true" }, + "HybridVMDataDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMDataDiskSpaceAutoResolve": { "value": "true" }, @@ -1542,6 +1544,9 @@ "HybridVMDataDiskReadLatencyAutoMitigate": { "value": "true" }, + "HybridVMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMDataDiskReadLatencyAutoResolve": { "value": "true" }, @@ -1569,11 +1574,6 @@ "HybridVMDataDiskReadLatencyFailingPeriods": { "value": "1" }, - "HybridVMDataDiskReadLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMDataDiskWriteLatencyAlertSeverity": { "value": "2" }, @@ -1586,6 +1586,9 @@ "HybridVMDataDiskWriteLatencyAutoMitigate": { "value": "true" }, + "HybridVMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMDataDiskWriteLatencyAutoResolve": { "value": "true" }, @@ -1613,11 +1616,6 @@ "HybridVMDataDiskWriteLatencyFailingPeriods": { "value": "1" }, - "HybridVMDataDiskWriteLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMDisconnectedAlertSeverity": { "value": "1" }, @@ -1630,6 +1628,9 @@ "HybridVMDisconnectedAlertAutoMitigate": { "value": "true" }, + "HybridVMDisconnectedAlertcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMDisconnectedAlertPolicyEffect": { "value": "deployIfNotExists" }, @@ -1733,6 +1734,9 @@ "LAWDailyCapLimitAutoMitigate": { "value": "true" }, + "LAWDailyCapLimitcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "LAWDailyCapLimitThreshold": { "value": "0" }, @@ -2384,6 +2388,9 @@ "VMHeartBeatRGAutoMitigate": { "value": "true" }, + "VMHeartBeatRGcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMHeartBeatRGAutoResolve": { "value": "true" }, @@ -2405,11 +2412,6 @@ "VMHeartBeatRGTimeAggregation": { "value": "Count" }, - "VMHeartBeatRGComputersToInclude": { - "value": [ - "*" - ] - }, "VMHeartBeatRGFailingPeriods": { "value": "1" }, @@ -2425,6 +2427,9 @@ "VMNetworkInAutoMitigate": { "value": "true" }, + "VMNetworkIncheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMNetworkInAutoResolve": { "value": "true" }, @@ -2452,11 +2457,6 @@ "VMNetworkInFailingPeriods": { "value": "1" }, - "VMNetworkInComputersToInclude": { - "value": [ - "*" - ] - }, "VMNetworkOutAlertSeverity": { "value": "2" }, @@ -2469,6 +2469,9 @@ "VMNetworkOutAutoMitigate": { "value": "true" }, + "VMNetworkOutcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMNetworkOutAutoResolve": { "value": "true" }, @@ -2496,11 +2499,6 @@ "VMNetworkOutFailingPeriods": { "value": "1" }, - "VMNetworkOutComputersToInclude": { - "value": [ - "*" - ] - }, "VMOSDiskReadLatencyAlertSeverity": { "value": "2" }, @@ -2513,6 +2511,9 @@ "VMOSDiskReadLatencyAutoMitigate": { "value": "true" }, + "VMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMOSDiskReadLatencyAutoResolve": { "value": "true" }, @@ -2540,11 +2541,6 @@ "VMOSDiskReadLatencyFailingPeriods": { "value": "1" }, - "VMOSDiskReadLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "VMOSDiskWriteLatencyAlertSeverity": { "value": "2" }, @@ -2557,6 +2553,9 @@ "VMOSDiskWriteLatencyAutoMitigate": { "value": "true" }, + "VMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMOSDiskWriteLatencyAutoResolve": { "value": "true" }, @@ -2584,11 +2583,6 @@ "VMOSDiskWriteLatencyFailingPeriods": { "value": "1" }, - "VMOSDiskWriteLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "VMOSDiskSpaceAlertSeverity": { "value": "2" }, @@ -2601,6 +2595,9 @@ "VMOSDiskSpaceAutoMitigate": { "value": "true" }, + "VMOSDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMOSDiskSpaceAutoResolve": { "value": "true" }, @@ -2628,11 +2625,6 @@ "VMOSDiskSpaceFailingPeriods": { "value": "1" }, - "VMOSDiskSpaceComputersToInclude": { - "value": [ - "*" - ] - }, "VMPercentCPUAlertSeverity": { "value": "2" }, @@ -2645,6 +2637,9 @@ "VMPercentCPUAutoMitigate": { "value": "true" }, + "VMPercentCPUcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMPercentCPUAutoResolve": { "value": "true" }, @@ -2681,6 +2676,9 @@ "VMPercentMemoryAutoMitigate": { "value": "true" }, + "VMPercentMemorycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMPercentMemoryAutoResolve": { "value": "true" }, @@ -2717,6 +2715,9 @@ "VMDataDiskSpaceAutoMitigate": { "value": "true" }, + "VMDataDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMDataDiskSpaceAutoResolve": { "value": "true" }, @@ -2756,6 +2757,9 @@ "VMDataDiskReadLatencyAutoMitigate": { "value": "true" }, + "VMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMDataDiskReadLatencyAutoResolve": { "value": "true" }, @@ -2783,11 +2787,6 @@ "VMDataDiskReadLatencyFailingPeriods": { "value": "1" }, - "VMDataDiskReadLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "VMDataDiskWriteLatencyAlertSeverity": { "value": "2" }, @@ -2800,6 +2799,9 @@ "VMDataDiskWriteLatencyAutoMitigate": { "value": "true" }, + "VMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMDataDiskWriteLatencyAutoResolve": { "value": "true" }, @@ -2826,11 +2828,6 @@ }, "VMDataDiskWriteLatencyFailingPeriods": { "value": "1" - }, - "VMDataDiskWriteLatencyComputersToInclude": { - "value": [ - "*" - ] } } }, @@ -2932,6 +2929,9 @@ "AppInsightsThrottlingLimitAutoMitigate": { "value": "true" }, + "AppInsightsThrottlingLimitcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "AppInsightsThrottlingLimitThreshold": { "value": "32000" }, diff --git a/patterns/alz/eslzArm.terraform-sync.param.json b/patterns/alz/eslzArm.terraform-sync.param.json index 38e8e6c17..cc3249529 100644 --- a/patterns/alz/eslzArm.terraform-sync.param.json +++ b/patterns/alz/eslzArm.terraform-sync.param.json @@ -1175,6 +1175,9 @@ "HybridVMHeartBeatRGAutoMitigate": { "value": "true" }, + "HybridVMHeartBeatRGcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMHeartBeatRGAutoResolve": { "value": "true" }, @@ -1211,6 +1214,9 @@ "HybridVMNetworkInAutoMitigate": { "value": "true" }, + "HybridVMNetworkIncheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMNetworkInAutoResolve": { "value": "true" }, @@ -1238,11 +1244,6 @@ "HybridVMNetworkInFailingPeriods": { "value": "1" }, - "HybridVMNetworkInComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMNetworkOutAlertSeverity": { "value": "2" }, @@ -1255,6 +1256,9 @@ "HybridVMNetworkOutAutoMitigate": { "value": "true" }, + "HybridVMNetworkOutcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMNetworkOutAutoResolve": { "value": "true" }, @@ -1282,11 +1286,6 @@ "HybridVMNetworkOutFailingPeriods": { "value": "1" }, - "HybridVMNetworkOutComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMOSDiskReadLatencyAlertSeverity": { "value": "2" }, @@ -1299,6 +1298,9 @@ "HybridVMOSDiskReadLatencyAutoMitigate": { "value": "true" }, + "HybridVMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMOSDiskReadLatencyAutoResolve": { "value": "true" }, @@ -1326,11 +1328,6 @@ "HybridVMOSDiskReadLatencyFailingPeriods": { "value": "1" }, - "HybridVMOSDiskReadLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMOSDiskWriteLatencyAlertSeverity": { "value": "2" }, @@ -1343,6 +1340,9 @@ "HybridVMOSDiskWriteLatencyAutoMitigate": { "value": "true" }, + "HybridVMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMOSDiskWriteLatencyAutoResolve": { "value": "true" }, @@ -1370,11 +1370,6 @@ "HybridVMOSDiskWriteLatencyFailingPeriods": { "value": "1" }, - "HybridVMOSDiskWriteLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMOSDiskSpaceAlertSeverity": { "value": "2" }, @@ -1387,6 +1382,9 @@ "HybridVMOSDiskSpaceAutoMitigate": { "value": "true" }, + "HybridVMOSDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMOSDiskSpaceAutoResolve": { "value": "true" }, @@ -1414,11 +1412,6 @@ "HybridVMOSDiskSpaceFailingPeriods": { "value": "1" }, - "HybridVMOSDiskSpaceComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMPercentCPUAlertSeverity": { "value": "2" }, @@ -1431,6 +1424,9 @@ "HybridVMPercentCPUAutoMitigate": { "value": "true" }, + "HybridVMPercentCPUcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMPercentCPUAutoResolve": { "value": "true" }, @@ -1467,6 +1463,9 @@ "HybridVMPercentMemoryAutoMitigate": { "value": "true" }, + "HybridVMPercentMemorycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMPercentMemoryAutoResolve": { "value": "true" }, @@ -1503,6 +1502,9 @@ "HybridVMDataDiskSpaceAutoMitigate": { "value": "true" }, + "HybridVMDataDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMDataDiskSpaceAutoResolve": { "value": "true" }, @@ -1542,6 +1544,9 @@ "HybridVMDataDiskReadLatencyAutoMitigate": { "value": "true" }, + "HybridVMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMDataDiskReadLatencyAutoResolve": { "value": "true" }, @@ -1569,11 +1574,6 @@ "HybridVMDataDiskReadLatencyFailingPeriods": { "value": "1" }, - "HybridVMDataDiskReadLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMDataDiskWriteLatencyAlertSeverity": { "value": "2" }, @@ -1586,6 +1586,9 @@ "HybridVMDataDiskWriteLatencyAutoMitigate": { "value": "true" }, + "HybridVMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMDataDiskWriteLatencyAutoResolve": { "value": "true" }, @@ -1613,11 +1616,6 @@ "HybridVMDataDiskWriteLatencyFailingPeriods": { "value": "1" }, - "HybridVMDataDiskWriteLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "HybridVMDisconnectedAlertSeverity": { "value": "1" }, @@ -1630,6 +1628,9 @@ "HybridVMDisconnectedAlertAutoMitigate": { "value": "true" }, + "HybridVMDisconnectedAlertcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "HybridVMDisconnectedAlertPolicyEffect": { "value": "deployIfNotExists" }, @@ -1733,6 +1734,9 @@ "LAWDailyCapLimitAutoMitigate": { "value": "true" }, + "LAWDailyCapLimitcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "LAWDailyCapLimitThreshold": { "value": "0" }, @@ -2384,6 +2388,9 @@ "VMHeartBeatRGAutoMitigate": { "value": "true" }, + "VMHeartBeatRGcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMHeartBeatRGAutoResolve": { "value": "true" }, @@ -2405,11 +2412,6 @@ "VMHeartBeatRGTimeAggregation": { "value": "Count" }, - "VMHeartBeatRGComputersToInclude": { - "value": [ - "*" - ] - }, "VMHeartBeatRGFailingPeriods": { "value": "1" }, @@ -2425,6 +2427,9 @@ "VMNetworkInAutoMitigate": { "value": "true" }, + "VMNetworkIncheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMNetworkInAutoResolve": { "value": "true" }, @@ -2452,11 +2457,6 @@ "VMNetworkInFailingPeriods": { "value": "1" }, - "VMNetworkInComputersToInclude": { - "value": [ - "*" - ] - }, "VMNetworkOutAlertSeverity": { "value": "2" }, @@ -2469,6 +2469,9 @@ "VMNetworkOutAutoMitigate": { "value": "true" }, + "VMNetworkOutcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMNetworkOutAutoResolve": { "value": "true" }, @@ -2496,11 +2499,6 @@ "VMNetworkOutFailingPeriods": { "value": "1" }, - "VMNetworkOutComputersToInclude": { - "value": [ - "*" - ] - }, "VMOSDiskReadLatencyAlertSeverity": { "value": "2" }, @@ -2513,6 +2511,9 @@ "VMOSDiskReadLatencyAutoMitigate": { "value": "true" }, + "VMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMOSDiskReadLatencyAutoResolve": { "value": "true" }, @@ -2540,11 +2541,6 @@ "VMOSDiskReadLatencyFailingPeriods": { "value": "1" }, - "VMOSDiskReadLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "VMOSDiskWriteLatencyAlertSeverity": { "value": "2" }, @@ -2557,6 +2553,9 @@ "VMOSDiskWriteLatencyAutoMitigate": { "value": "true" }, + "VMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMOSDiskWriteLatencyAutoResolve": { "value": "true" }, @@ -2584,11 +2583,6 @@ "VMOSDiskWriteLatencyFailingPeriods": { "value": "1" }, - "VMOSDiskWriteLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "VMOSDiskSpaceAlertSeverity": { "value": "2" }, @@ -2601,6 +2595,9 @@ "VMOSDiskSpaceAutoMitigate": { "value": "true" }, + "VMOSDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMOSDiskSpaceAutoResolve": { "value": "true" }, @@ -2628,11 +2625,6 @@ "VMOSDiskSpaceFailingPeriods": { "value": "1" }, - "VMOSDiskSpaceComputersToInclude": { - "value": [ - "*" - ] - }, "VMPercentCPUAlertSeverity": { "value": "2" }, @@ -2645,6 +2637,9 @@ "VMPercentCPUAutoMitigate": { "value": "true" }, + "VMPercentCPUcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMPercentCPUAutoResolve": { "value": "true" }, @@ -2681,6 +2676,9 @@ "VMPercentMemoryAutoMitigate": { "value": "true" }, + "VMPercentMemorycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMPercentMemoryAutoResolve": { "value": "true" }, @@ -2717,6 +2715,9 @@ "VMDataDiskSpaceAutoMitigate": { "value": "true" }, + "VMDataDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMDataDiskSpaceAutoResolve": { "value": "true" }, @@ -2756,6 +2757,9 @@ "VMDataDiskReadLatencyAutoMitigate": { "value": "true" }, + "VMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMDataDiskReadLatencyAutoResolve": { "value": "true" }, @@ -2783,11 +2787,6 @@ "VMDataDiskReadLatencyFailingPeriods": { "value": "1" }, - "VMDataDiskReadLatencyComputersToInclude": { - "value": [ - "*" - ] - }, "VMDataDiskWriteLatencyAlertSeverity": { "value": "2" }, @@ -2800,6 +2799,9 @@ "VMDataDiskWriteLatencyAutoMitigate": { "value": "true" }, + "VMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "VMDataDiskWriteLatencyAutoResolve": { "value": "true" }, @@ -2826,11 +2828,6 @@ }, "VMDataDiskWriteLatencyFailingPeriods": { "value": "1" - }, - "VMDataDiskWriteLatencyComputersToInclude": { - "value": [ - "*" - ] } } }, @@ -2932,6 +2929,9 @@ "AppInsightsThrottlingLimitAutoMitigate": { "value": "true" }, + "AppInsightsThrottlingLimitcheckWorkspaceAlertsStorageConfigured": { + "value": "false" + }, "AppInsightsThrottlingLimitThreshold": { "value": "32000" }, diff --git a/patterns/alz/policyDefinitions/policies-Compute.json b/patterns/alz/policyDefinitions/policies-Compute.json index 6c231aca4..877627da3 100644 --- a/patterns/alz/policyDefinitions/policies-Compute.json +++ b/patterns/alz/policyDefinitions/policies-Compute.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "4220200191482263230" + "templateHash": "15846217315266102398" } }, "parameters": { @@ -115,9 +115,9 @@ "input": "[json(variables('processPolicySetDefinitionsAzureUSGovernment')[copyIndex('policySetDefinitionsAzureUSGovernment')])]" } ], - "$fxv#0": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_dataDiskReadLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Data Disk Read Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM dataDiskReadLatency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.7.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMdataDiskReadLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskReadLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#1": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_dataDiskSpace_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Data Disk Space Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM data Disk Space Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.7.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMdataDiskSpaceAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskSpace\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#10": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_Memory_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Memory Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM Memory Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMLowMemoryAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Memory\\\" and Name == \\\"AvailableMB\\\" | extend TotalMemory = toreal(todynamic(Tags)[\\\"vm.azm.ms/memorySizeMB\\\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-AvailableMemoryPercentage-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMMemoryAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMLowMemoryAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMLowMemoryAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine Memory\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Memory\\\" and Name == \\\"AvailableMB\\\" | extend TotalMemory = toreal(todynamic(Tags)[\\\"vm.azm.ms/memorySizeMB\\\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-AvailableMemoryPercentage-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#0": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_dataDiskReadLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Data Disk Read Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM dataDiskReadLatency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.8.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMdataDiskReadLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighDataDiskReadLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskReadLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#1": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_dataDiskSpace_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Data Disk Space Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM data Disk Space Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.8.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMdataDiskSpaceAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMLowDataDiskSpaceAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskSpace\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#10": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_Memory_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Memory Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM Memory Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.7.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMLowMemoryAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Memory\\\" and Name == \\\"AvailableMB\\\" | extend TotalMemory = toreal(todynamic(Tags)[\\\"vm.azm.ms/memorySizeMB\\\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-AvailableMemoryPercentage-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMMemoryAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMLowMemoryAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMLowMemoryAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine Memory\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Memory\\\" and Name == \\\"AvailableMB\\\" | extend TotalMemory = toreal(todynamic(Tags)[\\\"vm.azm.ms/memorySizeMB\\\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-AvailableMemoryPercentage-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#11": { "type": "Microsoft.Authorization/policySetDefinitions", "apiVersion": "2021-06-01", @@ -126,7 +126,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Azure Virtual Machines", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.", "metadata": { - "version": "1.0.2", + "version": "1.1.0", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -261,6 +261,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMHeartBeatRGcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Heart Beat Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMHeartBeatRGAutoResolve": { "type": "string", "defaultValue": "true", @@ -327,16 +335,6 @@ "description": "Time Aggregation for the alert" } }, - "VMHeartBeatRGComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Heart Beat RG Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMHeartBeatRGFailingPeriods": { "type": "string", "defaultValue": "1", @@ -401,6 +399,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMNetworkIncheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Network In Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMNetworkInAutoResolve": { "type": "string", "defaultValue": "true", @@ -483,16 +489,6 @@ "description": "Failing Periods for the alert" } }, - "VMNetworkInComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Network In Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMNetworkOutAlertSeverity": { "type": "String", "defaultValue": "2", @@ -549,6 +545,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMNetworkOutcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Network Out Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMNetworkOutAutoResolve": { "type": "string", "defaultValue": "true", @@ -631,16 +635,6 @@ "description": "Failing Periods for the alert" } }, - "VMNetworkOutComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Network Out Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskReadLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -697,6 +691,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM OS Disk Read Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMOSDiskReadLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -779,16 +781,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -845,6 +837,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM OS Disk Write Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMOSDiskWriteLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -927,16 +927,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskSpaceAlertSeverity": { "type": "String", "defaultValue": "2", @@ -993,6 +983,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMOSDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "true", + "metadata": { + "displayName": "VM OS Disk Space Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMOSDiskSpaceAutoResolve": { "type": "string", "defaultValue": "true", @@ -1075,16 +1073,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskSpaceComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Space Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMPercentCPUAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1141,6 +1129,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMPercentCPUcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Percent CPU Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMPercentCPUAutoResolve": { "type": "string", "defaultValue": "true", @@ -1275,6 +1271,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMPercentMemorycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Percent Memory Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMPercentMemoryAutoResolve": { "type": "string", "defaultValue": "true", @@ -1405,6 +1409,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMDataDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Data Disk Space Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMDataDiskSpaceAutoResolve": { "type": "string", "defaultValue": "true", @@ -1487,16 +1499,6 @@ "description": "Failing Periods for the alert" } }, - "VMDataDiskSpaceComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Data Disk Space Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMDataDiskReadLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1553,6 +1555,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Data Disk Read Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMDataDiskReadLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -1635,16 +1645,6 @@ "description": "Failing Periods for the alert" } }, - "VMDataDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Data Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMDataDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1701,6 +1701,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "true", + "metadata": { + "displayName": "VM Data Disk Write Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMDataDiskWriteLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -1782,16 +1790,6 @@ "displayName": "VM Data Disk Write Latency Failing Periods", "description": "Failing Periods for the alert" } - }, - "VMDataDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Data Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } } }, "policyDefinitions": [ @@ -1823,6 +1821,9 @@ "autoMitigate": { "value": "[[[parameters('VMHeartBeatRGAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('VMHeartBeatRGcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('VMHeartBeatRGAutoResolve')]" }, @@ -1844,9 +1845,6 @@ "timeAggregation": { "value": "[[[parameters('VMHeartBeatRGTimeAggregation')]" }, - "computersToInclude": { - "value": "[[[parameters('VMHeartBeatRGComputersToInclude')]" - }, "failingPeriods": { "value": "[[[parameters('VMHeartBeatRGFailingPeriods')]" }, @@ -1877,6 +1875,9 @@ "autoMitigate": { "value": "[[[parameters('VMNetworkInAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('VMNetworkIncheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('VMNetworkInAutoResolve')]" }, @@ -1904,9 +1905,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMNetworkInEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMNetworkInComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -1943,6 +1941,9 @@ "autoMitigate": { "value": "[[[parameters('VMNetworkOutAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('VMNetworkOutcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('VMNetworkOutAutoResolve')]" }, @@ -1970,9 +1971,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMNetworkOutEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMNetworkOutComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2009,6 +2007,9 @@ "autoMitigate": { "value": "[[[parameters('VMOSDiskReadLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('VMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('VMOSDiskReadLatencyAutoResolve')]" }, @@ -2036,9 +2037,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMOSDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMOSDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2075,6 +2073,9 @@ "autoMitigate": { "value": "[[[parameters('VMOSDiskWriteLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('VMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('VMOSDiskWriteLatencyAutoResolve')]" }, @@ -2102,9 +2103,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMOSDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMOSDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2141,6 +2139,9 @@ "autoMitigate": { "value": "[[[parameters('VMOSDiskSpaceAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('VMOSDiskSpacecheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('VMOSDiskSpaceAutoResolve')]" }, @@ -2168,9 +2169,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMOSDiskSpaceEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMOSDiskSpaceComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2207,6 +2205,9 @@ "autoMitigate": { "value": "[[[parameters('VMPercentCPUAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('VMPercentCPUcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('VMPercentCPUAutoResolve')]" }, @@ -2267,6 +2268,9 @@ "autoMitigate": { "value": "[[[parameters('VMPercentMemoryAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('VMPercentMemorycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('VMPercentMemoryAutoResolve')]" }, @@ -2327,6 +2331,9 @@ "autoMitigate": { "value": "[[[parameters('VMDataDiskSpaceAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('VMDataDiskSpacecheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('VMDataDiskSpaceAutoResolve')]" }, @@ -2354,9 +2361,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMDataDiskSpaceEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMDataDiskSpaceComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2393,6 +2397,9 @@ "autoMitigate": { "value": "[[[parameters('VMDataDiskReadLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('VMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('VMDataDiskReadLatencyAutoResolve')]" }, @@ -2420,9 +2427,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMDataDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMDataDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2459,6 +2463,9 @@ "autoMitigate": { "value": "[[[parameters('VMDataDiskWriteLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('VMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('VMDataDiskWriteLatencyAutoResolve')]" }, @@ -2486,9 +2493,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMDataDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMDataDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2511,14 +2515,14 @@ "policyDefinitionGroups": null } }, - "$fxv#2": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_dataDiskWriteLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Data Disk Write Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM dataDiskWriteLatency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.7.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMdataDiskWriteLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskWriteLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#3": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_HeartBeat_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM HeartBeat Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM HeartBeat Alert for all VMs in the subscription\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT6H\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHeartBeatAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); Heartbeat | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\\\"minute\\\",now(),TimeGenerated) | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-Heartbeat-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HeartBeatAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHeartBeatAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHeartBeatAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine Heartbeat\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); Heartbeat | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\\\"minute\\\",now(),TimeGenerated) | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-Heartbeat-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#4": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_NetworkIn_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Network Read Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM Network Read Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10000000\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighNetworkInAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"ReadBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadBytesPerSecond-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMNetworkInAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighNetworkInAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighNetworkInAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine NetworkIn\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"ReadBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadBytesPerSecond-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"NetworkInterface\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#5": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_NetworkOut_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Network Write Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM Network Out Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10000000\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighNetworkOutAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"WriteBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteBytesPerSecond-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMNetworkOutAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighNetworkOutAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighNetworkOutAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine NetworkOut\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"WriteBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteBytesPerSecond-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"NetworkInterface\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#6": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_OSDiskreadLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM OS Disk Read Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM OSDiskreadLatency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.7.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMOSDiskreadLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskreadLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#7": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_OSDiskSpace_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM OS Disk Space Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM OSDiskSpace Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.7.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMOSDiskSpaceAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskSpace\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#8": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_OSDiskwriteLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM OS Disk Write Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM OSDiskwriteLatency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.7.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMOSDiskwriteLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskwriteLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#9": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_CPU_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM CPU Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM CPU Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"85\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighCPUAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Processor\\\" and Name == \\\"UtilizationPercentage\\\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-UtilizationPercentage-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMCPUAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighCPUAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighCPUAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine CPU\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Processor\\\" and Name == \\\"UtilizationPercentage\\\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-UtilizationPercentage-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#2": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_dataDiskWriteLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Data Disk Write Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM dataDiskWriteLatency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.8.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMdataDiskWriteLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighDataDiskWriteLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskWriteLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#3": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_HeartBeat_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM HeartBeat Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM HeartBeat Alert for all VMs in the subscription\",\r\n \"metadata\": {\r\n \"version\": \"1.7.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT6H\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHeartBeatAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); Heartbeat | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\\\"minute\\\",now(),TimeGenerated) | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-Heartbeat-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HeartBeatAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHeartBeatAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHeartBeatAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine Heartbeat\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); Heartbeat | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\\\"minute\\\",now(),TimeGenerated) | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-Heartbeat-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#4": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_NetworkIn_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Network Read Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM Network Read Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.7.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10000000\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighNetworkInAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"ReadBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadBytesPerSecond-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMNetworkInAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighNetworkInAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighNetworkInAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine NetworkIn\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"ReadBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadBytesPerSecond-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"NetworkInterface\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#5": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_NetworkOut_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM Network Write Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM Network Out Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.7.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10000000\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighNetworkOutAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"WriteBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteBytesPerSecond-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMNetworkOutAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighNetworkOutAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighNetworkOutAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine NetworkOut\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"WriteBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteBytesPerSecond-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"NetworkInterface\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#6": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_OSDiskreadLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM OS Disk Read Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM OSDiskreadLatency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.8.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMOSDiskreadLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighOSDiskReadLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskreadLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#7": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_OSDiskSpace_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM OS Disk Space Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM OSDiskSpace Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.8.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMOSDiskSpaceAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMLowOSDiskSpaceAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskSpace\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#8": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_OSDiskwriteLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM OS Disk Write Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM OSDiskwriteLatency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.8.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMOSDiskwriteLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighOSDiskWriteLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskwriteLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#9": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VM_CPU_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Azure VM CPU Alert\",\r\n \"description\": \"Policy to audit/deploy Azure VM CPU Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"85\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-VMHighCPUAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Processor\\\" and Name == \\\"UtilizationPercentage\\\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-UtilizationPercentage-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"VMCPUAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-VMHighCPUAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-VMHighCPUAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine CPU\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.Compute/virtualMachines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Compute/virtualMachines\\\" | where isempty(properties.virtualMachineScaleSet) | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.Compute/virtualMachines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Processor\\\" and Name == \\\"UtilizationPercentage\\\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-UtilizationPercentage-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "cloudEnv": "[environment().name]", "defaultDeploymentLocationByCloudType": { "AzureCloud": "northeurope", diff --git a/patterns/alz/policyDefinitions/policies-Hybrid.json b/patterns/alz/policyDefinitions/policies-Hybrid.json index 408f6e164..acba80771 100644 --- a/patterns/alz/policyDefinitions/policies-Hybrid.json +++ b/patterns/alz/policyDefinitions/policies-Hybrid.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "2553000520978252878" + "templateHash": "11639493171656436066" } }, "parameters": { @@ -115,10 +115,10 @@ "input": "[json(variables('processPolicySetDefinitionsAzureUSGovernment')[copyIndex('policySetDefinitionsAzureUSGovernment')])]" } ], - "$fxv#0": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_dataDiskReadLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Data Disk Read Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Disk Read Latency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMdataDiskReadLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskReadLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#1": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_dataDiskSpace_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Data Disk Space Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Data Disk Space Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMdataDiskSpaceAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskSpace\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#10": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_Memory_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Memory Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Memory Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.4.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Memory\\\" and Name == \\\"AvailableMB\\\" | extend TotalMemory = toreal(todynamic(Tags)[\\\"vm.azm.ms/memorySizeMB\\\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-AvailableMemoryPercentage-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMMemoryAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine Memory\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Memory\\\" and Name == \\\"AvailableMB\\\" | extend TotalMemory = toreal(todynamic(Tags)[\\\"vm.azm.ms/memorySizeMB\\\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-AvailableMemoryPercentage-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#11": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_Disconnected_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Disconnected Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Disconnected Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"P1D\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT10M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT2H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT10M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"10m\",\r\n \"allowedValues\": [\r\n \"5m\",\r\n \"10m\",\r\n \"15m\",\r\n \"30m\",\r\n \"1h\",\r\n \"2h\",\r\n \"3h\",\r\n \"6h\",\r\n \"12h\",\r\n \"1d\",\r\n \"2d\",\r\n \"3d\",\r\n \"7d\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Hybrid VM Disconnected Threshold (expressed in timespan)\",\r\n \"description\": \"Threshold in timespan value for the Hybrid VM Disconnected alert\"\r\n }\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; arg(\\\"\\\").resources | where type == \\\"microsoft.hybridcompute/machines\\\" | where tostring(tags.[\\\"{1}\\\"]) !in~ (\\\"{2}\\\") | where tostring(properties.status) == \\\"Disconnected\\\" | extend lastContactedDate = todatetime(properties.lastStatusChange) | where lastContactedDate <= ago(totimespan(policyThresholdString)) | extend status = tostring(properties.status) | project id, Computer=name, status, lastContactedDate', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'))]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMDisconnectedAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]\",\r\n \"description\": \"Hybrid VM in disconnected state. Not being connected, prevents extensions to be correctly managed from the portal and Azure policies to be correctly applied. Ensure that both server the specific service (Azure Hybrid Instance Metadata Service on Windows or azcmagent on Linux) are running.\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; arg(\\\"\\\").resources | where type == \\\"microsoft.hybridcompute/machines\\\" | where tostring(tags.[\\\"{1}\\\"]) !in~ (\\\"{2}\\\") | where tostring(properties.status) == \\\"Disconnected\\\" | extend lastContactedDate = todatetime(properties.lastStatusChange) | where lastContactedDate <= ago(totimespan(policyThresholdString)) | extend status = tostring(properties.status) | project id, Computer=name, status, lastContactedDate', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'))]\",\r\n \"resourceIdColumn\": \"id\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#0": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_dataDiskReadLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Data Disk Read Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Disk Read Latency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMdataDiskReadLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskReadLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskReadLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#1": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_dataDiskSpace_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Data Disk Space Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Data Disk Space Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMdataDiskSpaceAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMLowDataDiskSpaceAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskSpace\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#10": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_Memory_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Memory Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Memory Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Memory\\\" and Name == \\\"AvailableMB\\\" | extend TotalMemory = toreal(todynamic(Tags)[\\\"vm.azm.ms/memorySizeMB\\\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-AvailableMemoryPercentage-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMMemoryAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMLowMemoryAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine Memory\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Memory\\\" and Name == \\\"AvailableMB\\\" | extend TotalMemory = toreal(todynamic(Tags)[\\\"vm.azm.ms/memorySizeMB\\\"]) | extend AvailableMemoryPercentage = (toreal(Val) / TotalMemory) * 100.0 | summarize AggregatedValue = avg(AvailableMemoryPercentage) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-AvailableMemoryPercentage-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#11": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_Disconnected_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Disconnected Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Disconnected Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.7.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"P1D\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT10M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT2H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT10M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"10m\",\r\n \"allowedValues\": [\r\n \"5m\",\r\n \"10m\",\r\n \"15m\",\r\n \"30m\",\r\n \"1h\",\r\n \"2h\",\r\n \"3h\",\r\n \"6h\",\r\n \"12h\",\r\n \"1d\",\r\n \"2d\",\r\n \"3d\",\r\n \"7d\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Hybrid VM Disconnected Threshold (expressed in timespan)\",\r\n \"description\": \"Threshold in timespan value for the Hybrid VM Disconnected alert\"\r\n }\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; arg(\\\"\\\").resources | where type == \\\"microsoft.hybridcompute/machines\\\" | where tostring(tags.[\\\"{1}\\\"]) !in~ (\\\"{2}\\\") | where tostring(properties.status) == \\\"Disconnected\\\" | extend lastContactedDate = todatetime(properties.lastStatusChange) | where lastContactedDate <= ago(totimespan(policyThresholdString)) | extend status = tostring(properties.status) | project id, Computer=name, status, lastContactedDate', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'))]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMDisconnectedAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMDisconnectedAlert')]\",\r\n \"description\": \"Hybrid VM in disconnected state. Not being connected, prevents extensions to be correctly managed from the portal and Azure policies to be correctly applied. Ensure that both server the specific service (Azure Hybrid Instance Metadata Service on Windows or azcmagent on Linux) are running.\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; arg(\\\"\\\").resources | where type == \\\"microsoft.hybridcompute/machines\\\" | where tostring(tags.[\\\"{1}\\\"]) !in~ (\\\"{2}\\\") | where tostring(properties.status) == \\\"Disconnected\\\" | extend lastContactedDate = todatetime(properties.lastStatusChange) | where lastContactedDate <= ago(totimespan(policyThresholdString)) | extend status = tostring(properties.status) | project id, Computer=name, status, lastContactedDate', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'))]\",\r\n \"resourceIdColumn\": \"id\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#12": { "type": "Microsoft.Authorization/policySetDefinitions", "apiVersion": "2021-06-01", @@ -127,7 +127,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Hybrid Virtual Machines", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers.", "metadata": { - "version": "1.1.2", + "version": "1.2.0", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -262,6 +262,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMHeartBeatRGcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Heart Beat RG Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMHeartBeatRGAutoResolve": { "type": "string", "defaultValue": "true", @@ -328,16 +336,6 @@ "description": "Time Aggregation for the alert" } }, - "HybridVMHeartBeatRGComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Heart Beat RG Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMHeartBeatRGFailingPeriods": { "type": "string", "defaultValue": "1", @@ -402,6 +400,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMNetworkIncheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Network In Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMNetworkInAutoResolve": { "type": "string", "defaultValue": "true", @@ -484,16 +490,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMNetworkInComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Network In Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMNetworkOutAlertSeverity": { "type": "String", "defaultValue": "2", @@ -550,6 +546,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMNetworkOutcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Network Out Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMNetworkOutAutoResolve": { "type": "string", "defaultValue": "true", @@ -632,16 +636,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMNetworkOutComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Network Out Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMOSDiskReadLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -698,6 +692,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM OS Disk Read Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMOSDiskReadLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -780,16 +782,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMOSDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMOSDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -846,6 +838,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM OS Disk Write Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMOSDiskWriteLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -928,16 +928,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMOSDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMOSDiskSpaceAlertSeverity": { "type": "String", "defaultValue": "2", @@ -994,6 +984,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMOSDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM OS Disk Space Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMOSDiskSpaceAutoResolve": { "type": "string", "defaultValue": "true", @@ -1076,16 +1074,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMOSDiskSpaceComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM OS Disk Space Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMPercentCPUAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1142,6 +1130,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMPercentCPUcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Percent CPU Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMPercentCPUAutoResolve": { "type": "string", "defaultValue": "true", @@ -1272,6 +1268,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMPercentMemorycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Percent Memory Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMPercentMemoryAutoResolve": { "type": "string", "defaultValue": "true", @@ -1402,6 +1406,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMDataDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Data Disk Space Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMDataDiskSpaceAutoResolve": { "type": "string", "defaultValue": "true", @@ -1484,16 +1496,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMDataDiskSpaceComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Data Disk Space Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMDataDiskReadLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1550,6 +1552,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Data Disk Read Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMDataDiskReadLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -1632,16 +1642,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMDataDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMDataDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1698,6 +1698,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Data Disk Write Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMDataDiskWriteLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -1780,16 +1788,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMDataDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMDisconnectedAlertSeverity": { "type": "String", "defaultValue": "1", @@ -1844,6 +1842,14 @@ "description": "Auto Mitigate for the Hybrid VM Disconnected alert" } }, + "HybridVMDisconnectedAlertcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Disconnected Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMDisconnectedAlertPolicyEffect": { "type": "string", "defaultValue": "deployIfNotExists", @@ -1955,6 +1961,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMHeartBeatRGAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMHeartBeatRGcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('HybridVMHeartBeatRGAutoResolve')]" }, @@ -1976,9 +1985,6 @@ "timeAggregation": { "value": "[[[parameters('HybridVMHeartBeatRGTimeAggregation')]" }, - "computersToInclude": { - "value": "[[[parameters('HybridVMHeartBeatRGComputersToInclude')]" - }, "failingPeriods": { "value": "[[[parameters('HybridVMHeartBeatRGFailingPeriods')]" }, @@ -2009,6 +2015,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMNetworkInAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMNetworkIncheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('HybridVMNetworkInAutoResolve')]" }, @@ -2036,9 +2045,6 @@ "evaluationPeriods": { "value": "[[[parameters('HybridVMNetworkInEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('HybridVMNetworkInComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2075,6 +2081,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMNetworkOutAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMNetworkOutcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('HybridVMNetworkOutAutoResolve')]" }, @@ -2102,9 +2111,6 @@ "evaluationPeriods": { "value": "[[[parameters('HybridVMNetworkOutEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('HybridVMNetworkOutComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2141,6 +2147,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMOSDiskReadLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('HybridVMOSDiskReadLatencyAutoResolve')]" }, @@ -2168,9 +2177,6 @@ "evaluationPeriods": { "value": "[[[parameters('HybridVMOSDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('HybridVMOSDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2207,6 +2213,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMOSDiskWriteLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('HybridVMOSDiskWriteLatencyAutoResolve')]" }, @@ -2234,9 +2243,6 @@ "evaluationPeriods": { "value": "[[[parameters('HybridVMOSDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('HybridVMOSDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2273,6 +2279,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMOSDiskSpaceAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMOSDiskSpacecheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('HybridVMOSDiskSpaceAutoResolve')]" }, @@ -2300,9 +2309,6 @@ "evaluationPeriods": { "value": "[[[parameters('HybridVMOSDiskSpaceEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('HybridVMOSDiskSpaceComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2339,6 +2345,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMPercentCPUAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMPercentCPUcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('HybridVMPercentCPUAutoResolve')]" }, @@ -2399,6 +2408,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMPercentMemoryAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMPercentMemorycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('HybridVMPercentMemoryAutoResolve')]" }, @@ -2459,6 +2471,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMDataDiskSpaceAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMDataDiskSpacecheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('HybridVMDataDiskSpaceAutoResolve')]" }, @@ -2486,9 +2501,6 @@ "evaluationPeriods": { "value": "[[[parameters('HybridVMDataDiskSpaceEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('HybridVMDataDiskSpaceComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2525,6 +2537,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMDataDiskReadLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('HybridVMDataDiskReadLatencyAutoResolve')]" }, @@ -2552,9 +2567,6 @@ "evaluationPeriods": { "value": "[[[parameters('HybridVMDataDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('HybridVMDataDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2591,6 +2603,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMDataDiskWriteLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[[parameters('HybridVMDataDiskWriteLatencyAutoResolve')]" }, @@ -2618,9 +2633,6 @@ "evaluationPeriods": { "value": "[[[parameters('HybridVMDataDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('HybridVMDataDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2657,6 +2669,9 @@ "autoMitigate": { "value": "[[[parameters('HybridVMDisconnectedAlertAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('HybridVMDisconnectedAlertcheckWorkspaceAlertsStorageConfigured')]" + }, "effect": { "value": "[[[parameters('HybridVMDisconnectedAlertPolicyEffect')]" }, @@ -2700,14 +2715,14 @@ "policyDefinitionGroups": null } }, - "$fxv#2": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_dataDiskWriteLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Data Disk Write Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Data Disk Write Latency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMdataDiskWriteLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskWriteLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#3": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_HeartBeat_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM HeartBeat Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM HeartBeat Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.4.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT6H\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); Heartbeat | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\\\"minute\\\",now(),TimeGenerated) | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-Heartbeat-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMHeartBeatAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine Heartbeat\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); Heartbeat | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\\\"minute\\\",now(),TimeGenerated) | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-Heartbeat-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#4": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_NetworkIn_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Network Read Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Nework Read Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.4.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10000000\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"ReadBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadBytesPerSecond-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMVMNetworkInAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine NetworkIn\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"ReadBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadBytesPerSecond-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"NetworkInterface\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#5": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_NetworkOut_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Network Write Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Network Out Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.4.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10000000\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"WriteBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteBytesPerSecond-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMVMNetworkOutAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine NetworkOut\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"WriteBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteBytesPerSecond-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"NetworkInterface\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#6": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_OSDiskreadLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM OS Disk Read Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM OS Disk Read Latency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMOSDiskreadLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskreadLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#7": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_OSDiskSpace_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM OS Disk Space Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM OS Disk Space Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMOSDiskSpaceAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskSpace\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#8": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_OSDiskwriteLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM OS Disk Write Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM OS Disk Write Latency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\",\r\n \"metadata\": {\r\n \"displayName\": \"Computers to be included to be monitored\",\r\n \"description\": \"Array of Computer to be monitored\"\r\n },\r\n \"defaultValue\": [\r\n \"*\"\r\n ]\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"computersToInclude\": {\r\n \"type\": \"array\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMOSDiskwriteLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskwriteLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": \"[[parameters('computersToInclude')]\"\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"computersToInclude\": {\r\n \"value\": \"[[parameters('computersToInclude')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#9": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_CPU_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM CPU Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM CPU Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.4.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"85\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighCPUAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Processor\\\" and Name == \\\"UtilizationPercentage\\\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-UtilizationPercentage-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMCPUAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighCPUAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighCPUAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine CPU\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Processor\\\" and Name == \\\"UtilizationPercentage\\\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-UtilizationPercentage-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#2": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_dataDiskWriteLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Data Disk Write Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Data Disk Write Latency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMdataDiskWriteLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighDataDiskWriteLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine dataDiskWriteLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk !in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-Data-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#3": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_HeartBeat_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM HeartBeat Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM HeartBeat Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT6H\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); Heartbeat | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\\\"minute\\\",now(),TimeGenerated) | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-Heartbeat-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMHeartBeatAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHeartBeatAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine Heartbeat\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); Heartbeat | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | summarize TimeGenerated=max(TimeGenerated) by Computer, _ResourceId | extend Duration = datetime_diff(\\\"minute\\\",now(),TimeGenerated) | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where Duration > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Duration, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-Heartbeat-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#4": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_NetworkIn_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Network Read Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Nework Read Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10000000\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"ReadBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadBytesPerSecond-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMVMNetworkInAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkInAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine NetworkIn\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"ReadBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadBytesPerSecond-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"NetworkInterface\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#5": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_NetworkOut_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM Network Write Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM Network Out Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10000000\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"WriteBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteBytesPerSecond-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMVMNetworkOutAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighNetworkOutAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine NetworkOut\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Network\\\" and Name == \\\"WriteBytesPerSecond\\\" | extend NetworkInterface=tostring(todynamic(Tags)[\\\"vm.azm.ms/networkDeviceId\\\"]) | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, NetworkInterface | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, NetworkInterface, AggregatedValue, appliedThreshold' , parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteBytesPerSecond-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"NetworkInterface\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#6": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_OSDiskreadLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM OS Disk Read Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM OS Disk Read Latency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMOSDiskreadLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskReadLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskreadLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"ReadLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-ReadLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-ReadLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#7": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_OSDiskSpace_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM OS Disk Space Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM OS Disk Space Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"10\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMOSDiskSpaceAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMLowOSDiskSpaceAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskSpace\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"FreeSpacePercentage\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue < appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-FreeSpacePercentage-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-DiskSpace_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#8": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_OSDiskwriteLatency_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM OS Disk Write Latency Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM OS Disk Write Latency Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.6.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"30\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMOSDiskwriteLatencyAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighOSDiskWriteLatencyAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine OSDiskwriteLatency\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"LogicalDisk\\\" and Name == \\\"WriteLatencyMs\\\" | extend Disk=tostring(todynamic(Tags)[\\\"vm.azm.ms/mountId\\\"]) | where Disk in (\\\"C:\\\", \\\"/\\\") | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId, Disk | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend excludedLogicalVolumes = iif(isnotempty(resourceTags.[\\\"{4}\\\"]),resourceTags.[\\\"{4}\\\"], \\\"No logical volumes excluded\\\") | where excludedLogicalVolumes !has Disk | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, Disk, AggregatedValue, appliedThreshold, excludedLogicalVolumes', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-WriteLatencyMs-OS-threshold-Override_', '_amba-ExcludedLogicalVolumes-WriteLatency_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n },\r\n {\r\n \"name\": \"Disk\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#9": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_Hybrid_VM_CPU_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Hybrid VM CPU Alert\",\r\n \"description\": \"Policy to audit/deploy Hybrid VM CPU Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.5.0\",\r\n \"category\": \"Hybrid Compute\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"PT24H\"\r\n ],\r\n \"defaultValue\": \"PT15M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Resolve\",\r\n \"description\": \"Auto Resolve time for the alert in ISO 8601 format\"\r\n },\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"85\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name to disable monitoring. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.HybridCompute/machines\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/displayName\",\r\n \"equals\": \"[[concat(subscription().displayName, '-HybridVMHighCPUAlert')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[subscription().id]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Processor\\\" and Name == \\\"UtilizationPercentage\\\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-UtilizationPercentage-threshold-Override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolve\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoResolveTime\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"HybridVMCPUAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(subscription().displayName, '-HybridVMHighCPUAlert')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(subscription().displayName, '-HybridVMHighCPUAlert')]\",\r\n \"description\": \"Log Alert for Virtual Machine CPU\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().Id]\"\r\n ],\r\n \"targetResourceTypes\": [\r\n \"Microsoft.HybridCompute/machines\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.HybridCompute/machines\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags); InsightsMetrics | where _ResourceId has \\\"Microsoft.HybridCompute/machines\\\" | where Origin == \\\"vm.azm.ms\\\" | where Namespace == \\\"Processor\\\" and Name == \\\"UtilizationPercentage\\\" | summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId | join hint.remote=left kind=inner (resourceTagging ) on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{3}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where AggregatedValue > appliedThreshold | project TimeGenerated, Computer, _ResourceId, AggregatedValue, appliedThreshold', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), '_amba-UtilizationPercentage-threshold-Override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Computer\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"ruleResolveConfiguration\": {\r\n \"autoResolved\": \"[[parameters('autoResolve')]\",\r\n \"timeToResolve\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"autoResolve\": {\r\n \"value\": \"[[parameters('autoResolve')]\"\r\n },\r\n \"autoResolveTime\": {\r\n \"value\": \"[[parameters('autoResolveTime')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "cloudEnv": "[environment().name]", "defaultDeploymentLocationByCloudType": { "AzureCloud": "northeurope", diff --git a/patterns/alz/policyDefinitions/policies-Monitoring.json b/patterns/alz/policyDefinitions/policies-Monitoring.json index 41ba8fc60..268d49fa6 100644 --- a/patterns/alz/policyDefinitions/policies-Monitoring.json +++ b/patterns/alz/policyDefinitions/policies-Monitoring.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "11764851659481456135" + "templateHash": "1113444255865471194" } }, "parameters": { @@ -117,7 +117,7 @@ ], "$fxv#0": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_activitylog_LAWorkspace_Delete\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Activity Log LA Workspace Delete Alert\",\r\n \"description\": \"Policy to Deploy Activity Log LA Workspace Delete Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"_deployed_by_amba\": true\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.OperationalInsights/workspaces\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"name\": \"ActivityLAWorkspaceDelete\",\r\n \"existenceScope\": \"resourcegroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Administrative\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"operationName\"\r\n },\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Microsoft.OperationalInsights/workspaces/delete\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 2\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ActivityLAWorkspaceDelete\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"ActivityLAWorkspaceDelete\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Activity Log LA Workspace Delete\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"Administrative\"\r\n },\r\n {\r\n \"field\": \"operationName\",\r\n \"equals\": \"Microsoft.OperationalInsights/workspaces/delete\"\r\n },\r\n {\r\n \"field\": \"status\",\r\n \"containsAny\": [\r\n \"succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#1": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_activitylog_LAWorkspace_KeyRegen\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Activity Log LA Workspace Regenerate Key Alert\",\r\n \"description\": \"Policy to Deploy Activity Log LA Workspace Regenerate Key Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"Project\": \"amba-monitoring\"\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.OperationalInsights/workspaces\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"name\": \"ActivityLAWorkspaceRegenKey\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Administrative\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"operationName\"\r\n },\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 2\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ActivityLAWorkspaceRegenKey\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"ActivityLAWorkspaceRegenKey\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Activity Log LA Workspace Regenerate Key\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"Administrative\"\r\n },\r\n {\r\n \"field\": \"operationName\",\r\n \"equals\": \"Microsoft.OperationalInsights/workspaces/regeneratesharedkey/action\"\r\n },\r\n {\r\n \"field\": \"status\",\r\n \"containsAny\": [\r\n \"succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#2": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_LAWorkspace_DailyCapLimitReached_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy LA Workspace Daily Cap Limit Reached Alert\",\r\n \"description\": \"Policy to audit/deploy LA Workspace Daily Cap Limit Reached Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.2.0\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT10M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT45M\",\r\n \"PT1H\",\r\n \"PT2H\",\r\n \"PT3H\",\r\n \"PT4H\",\r\n \"PT5H\",\r\n \"PT6H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"P1D\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT10M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT45M\",\r\n \"PT1H\",\r\n \"PT2H\",\r\n \"PT3H\",\r\n \"PT4H\",\r\n \"PT5H\",\r\n \"PT6H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT1H\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.OperationalInsights/workspaces\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold\",\r\n \"equals\": \"[[parameters('threshold')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.OperationalInsights/workspaces\\\" | where tags.[\\\"{0}\\\"] !in~ (\\\"{1}\\\") | project id, resourceTags = tags, customerId = tostring(properties.customerId), workspaceName = tostring(name)); Operation | where OperationCategory == \\\"Data Collection Status\\\" | where Detail has_any(\\\"RespectQuota\\\", \\\"OverQuota\\\") | summarize arg_max(TimeGenerated, *) by TenantId | where Detail has \\\"OverQuota\\\" | join hint.remote=left kind=inner resourceTagging on $left.TenantId == $right.customerId | project TimeGenerated, id, workspaceName, workspaceId = TenantId, Detail', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'))]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"resourceLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceLocation\",\r\n \"description\": \"Location of the resource\"\r\n }\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DailyCapLimitReachedAlert')]\",\r\n \"location\": \"[[parameters('resourceLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(parameters('resourceName'), '-DailyCapLimitReachedAlert')]\",\r\n \"description\": \"Log Alert for Daily Cap Limit Reached\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.OperationalInsights/workspaces\\\" | where tags.[\\\"{0}\\\"] !in~ (\\\"{1}\\\") | project id, resourceTags = tags, customerId = tostring(properties.customerId), workspaceName = tostring(name)); Operation | where OperationCategory == \\\"Data Collection Status\\\" | where Detail has_any(\\\"RespectQuota\\\", \\\"OverQuota\\\") | summarize arg_max(TimeGenerated, *) by TenantId | where Detail has \\\"OverQuota\\\" | join hint.remote=left kind=inner resourceTagging on $left.TenantId == $right.customerId | project TimeGenerated, id, workspaceName, workspaceId = TenantId, Detail', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'))]\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"workspaceName\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"resourceIdColumn\": \"id\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"resourceLocation\": {\r\n \"value\": \"[[field('location')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#2": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_LAWorkspace_DailyCapLimitReached_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy LA Workspace Daily Cap Limit Reached Alert\",\r\n \"description\": \"Policy to audit/deploy LA Workspace Daily Cap Limit Reached Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.3.0\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT10M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT45M\",\r\n \"PT1H\",\r\n \"PT2H\",\r\n \"PT3H\",\r\n \"PT4H\",\r\n \"PT5H\",\r\n \"PT6H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"P1D\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT10M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT45M\",\r\n \"PT1H\",\r\n \"PT2H\",\r\n \"PT3H\",\r\n \"PT4H\",\r\n \"PT5H\",\r\n \"PT6H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT1H\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.OperationalInsights/workspaces\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationalInsights/workspaces/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold\",\r\n \"equals\": \"[[parameters('threshold')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.OperationalInsights/workspaces\\\" | where tags.[\\\"{0}\\\"] !in~ (\\\"{1}\\\") | project id, resourceTags = tags, customerId = tostring(properties.customerId), workspaceName = tostring(name)); Operation | where OperationCategory == \\\"Data Collection Status\\\" | where Detail has_any(\\\"RespectQuota\\\", \\\"OverQuota\\\") | summarize arg_max(TimeGenerated, *) by TenantId | where Detail has \\\"OverQuota\\\" | join hint.remote=left kind=inner resourceTagging on $left.TenantId == $right.customerId | project TimeGenerated, id, workspaceName, workspaceId = TenantId, Detail', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'))]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"resourceLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceLocation\",\r\n \"description\": \"Location of the resource\"\r\n }\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DailyCapLimitReachedAlert')]\",\r\n \"location\": \"[[parameters('resourceLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(parameters('resourceName'), '-DailyCapLimitReachedAlert')]\",\r\n \"description\": \"Log Alert for Daily Cap Limit Reached\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.OperationalInsights/workspaces\\\" | where tags.[\\\"{0}\\\"] !in~ (\\\"{1}\\\") | project id, resourceTags = tags, customerId = tostring(properties.customerId), workspaceName = tostring(name)); Operation | where OperationCategory == \\\"Data Collection Status\\\" | where Detail has_any(\\\"RespectQuota\\\", \\\"OverQuota\\\") | summarize arg_max(TimeGenerated, *) by TenantId | where Detail has \\\"OverQuota\\\" | join hint.remote=left kind=inner resourceTagging on $left.TenantId == $right.customerId | project TimeGenerated, id, workspaceName, workspaceId = TenantId, Detail', parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'))]\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"workspaceName\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"resourceIdColumn\": \"id\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"parameters\": {\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"resourceLocation\": {\r\n \"value\": \"[[field('location')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "cloudEnv": "[environment().name]", "defaultDeploymentLocationByCloudType": { "AzureCloud": "northeurope", diff --git a/patterns/alz/policyDefinitions/policies-Web.json b/patterns/alz/policyDefinitions/policies-Web.json index 09b8414fe..56d3aede9 100644 --- a/patterns/alz/policyDefinitions/policies-Web.json +++ b/patterns/alz/policyDefinitions/policies-Web.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "11110796453811425251" + "templateHash": "10005747063104819358" } }, "parameters": { @@ -119,7 +119,7 @@ "$fxv#1": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_WSF_DiskQueueLength_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy App Service Plan Disk Queue Length Alert\",\r\n \"description\": \"Policy to audit/deploy App Service Plan Disk Queue Length Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.3.0\",\r\n \"category\": \"Web Services\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverfarms\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Web/serverfarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"DiskQueueLength\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation\",\r\n \"equals\": \"Average\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator\",\r\n \"equals\": \"GreaterThan\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity\",\r\n \"equals\": \"Medium\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DiskQueueLengthAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for App Service Plan Disk Queue Length\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"alertSensitivity\": \"Medium\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"name\": \"ServiceApiResult\",\r\n \"metricNamespace\": \"Microsoft.Web/serverfarms\",\r\n \"metricName\": \"DiskQueueLength\",\r\n \"operator\": \"GreaterThan\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"DynamicThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#2": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_WSF_HttpQueueLength_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy App Service Plan Http Queue Length Alert\",\r\n \"description\": \"Policy to audit/deploy App Service Plan Http Queue Length Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.3.0\",\r\n \"category\": \"Web Services\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"2\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverfarms\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Web/serverfarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"HttpQueueLength\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].timeAggregation\",\r\n \"equals\": \"Average\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.operator\",\r\n \"equals\": \"GreaterThan\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.alertSensitivity\",\r\n \"equals\": \"Medium\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-MultipleResourceMultipleMetricCriteria.allOf[*].DynamicThresholdCriterion.failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-HttpQueueLengthAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for App Service Plan Http Queue Length\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"alertSensitivity\": \"Medium\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"name\": \"ServiceApiResult\",\r\n \"metricNamespace\": \"Microsoft.Web/serverfarms\",\r\n \"metricName\": \"HttpQueueLength\",\r\n \"operator\": \"GreaterThan\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"DynamicThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#3": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_WSF_MemoryPercentage_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy App Service Plan Memory Percentage Alert\",\r\n \"description\": \"Policy to audit/deploy App Service Plan Memory Percentage Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.2.1\",\r\n \"category\": \"Web Services\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"85\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Web/serverfarms\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Web/serverfarms\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"MemoryPercentage\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].timeAggregation\",\r\n \"equals\": \"Average\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator\",\r\n \"equals\": \"GreaterThan\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.threshold\",\r\n \"equals\": \"[[if(contains(field('tags'), '_amba-MemoryPercentage-threshold-Override_'), field('tags._amba-MemoryPercentage-threshold-Override_'), parameters('threshold'))]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-MemoryPercentage')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for App Service Plan Memory Percentage\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"MemoryPercentage\",\r\n \"metricNamespace\": \"Microsoft.Web/serverfarms\",\r\n \"metricName\": \"MemoryPercentage\",\r\n \"operator\": \"GreaterThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[if(contains(field('tags'), '_amba-MemoryPercentage-threshold-Override_'), field('tags._amba-MemoryPercentage-threshold-Override_'), parameters('threshold'))]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#4": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_AppInsightsThrottlingLimit_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Application Insights Throttling Limit Reached Alert (Preview)\",\r\n \"description\": \"Policy to audit/deploy Application Insights Throttling Limit Reached Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT10M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT45M\",\r\n \"PT1H\",\r\n \"PT2H\",\r\n \"PT3H\",\r\n \"PT4H\",\r\n \"PT5H\",\r\n \"PT6H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"P1D\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT10M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT45M\",\r\n \"PT1H\",\r\n \"PT2H\",\r\n \"PT3H\",\r\n \"PT4H\",\r\n \"PT5H\",\r\n \"PT6H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT1H\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"32000\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/components\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold\",\r\n \"equals\": 0\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Insights/components\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags, name); AppSystemEvents | where _ResourceId =~ \\\"{3}\\\" | summarize numOfEvents = sum(toint(Measurements[\\\"BillingTelemetryCount\\\"])) by _ResourceId, Type, bin(TimeGenerated, 1h) | join hint.remote=left kind=inner resourceTagging on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{4}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where numOfEvents > appliedThreshold | project TimeGenerated, _ResourceId, name, numOfEvents', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), field('id'), '_amba-Throttling-threshold-override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"resourceLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceLocation\",\r\n \"description\": \"Location of the resource\"\r\n }\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-ApplicationInsightsThrottlingLimitReachedAlert')]\",\r\n \"location\": \"[[parameters('resourceLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(parameters('resourceName'), '-Application Insights Throttling Limit Reached (Preview)')]\",\r\n \"description\": \"Log Alert for Application Insights Throttling Limit Reached\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[reference(parameters('resourceId'),'2020-02-02').WorkspaceResourceId]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Insights/components\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags, name); AppSystemEvents | where _ResourceId =~ \\\"{3}\\\" | summarize numOfEvents = sum(toint(Measurements[\\\"BillingTelemetryCount\\\"])) by _ResourceId, Type, bin(TimeGenerated, 1h) | join hint.remote=left kind=inner resourceTagging on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{4}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where numOfEvents > appliedThreshold | project TimeGenerated, _ResourceId, name, numOfEvents', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), parameters('resourceId'), '_amba-Throttling-threshold-override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"name\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"resourceLocation\": {\r\n \"value\": \"[[field('location')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#4": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_AppInsightsThrottlingLimit_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Application Insights Throttling Limit Reached Alert (Preview)\",\r\n \"description\": \"Policy to audit/deploy Application Insights Throttling Limit Reached Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.2.0\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"\",\r\n \"metadata\": {\r\n \"description\": \"The resource Id of the user assigned managed identity.\",\r\n \"displayName\": \"User Assigned managed Identity resource Id.\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Operator\"\r\n },\r\n \"allowedValues\": [\r\n \"GreaterThan\",\r\n \"GreaterThanOrEqual\"\r\n ],\r\n \"defaultValue\": \"GreaterThan\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"TimeAggregation\"\r\n },\r\n \"allowedValues\": [\r\n \"Count\"\r\n ],\r\n \"defaultValue\": \"Count\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT10M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT45M\",\r\n \"PT1H\",\r\n \"PT2H\",\r\n \"PT3H\",\r\n \"PT4H\",\r\n \"PT5H\",\r\n \"PT6H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"P1D\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT5M\",\r\n \"PT10M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT45M\",\r\n \"PT1H\",\r\n \"PT2H\",\r\n \"PT3H\",\r\n \"PT4H\",\r\n \"PT5H\",\r\n \"PT6H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT1H\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Require a workspace linked storage\",\r\n \"description\": \"Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys).\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"false\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"32000\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Failing Periods\",\r\n \"description\": \"Number of failing periods before alert is fired\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Periods\",\r\n \"description\": \"The number of aggregated lookback points.\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Insights/components\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/evaluationFrequency\",\r\n \"equals\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/windowSize\",\r\n \"equals\": \"[[parameters('windowSize')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/severity\",\r\n \"equals\": \"[[parameters('severity')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/autoMitigate\",\r\n \"equals\": \"[[parameters('autoMitigate')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured\",\r\n \"equals\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold\",\r\n \"equals\": 0\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator\",\r\n \"equals\": \"[[parameters('operator')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].timeAggregation\",\r\n \"equals\": \"[[parameters('timeAggregation')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.numberOfEvaluationPeriods\",\r\n \"equals\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].failingPeriods.minFailingPeriodsToAlert\",\r\n \"equals\": \"[[parameters('failingPeriods')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].query\",\r\n \"equals\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Insights/components\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags, name); AppSystemEvents | where _ResourceId =~ \\\"{3}\\\" | summarize numOfEvents = sum(toint(Measurements[\\\"BillingTelemetryCount\\\"])) by _ResourceId, Type, bin(TimeGenerated, 1h) | join hint.remote=left kind=inner resourceTagging on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{4}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where numOfEvents > appliedThreshold | project TimeGenerated, _ResourceId, name, numOfEvents', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), field('id'), '_amba-Throttling-threshold-override_')]\"\r\n },\r\n {\r\n \"field\": \"identity.userAssignedIdentities\",\r\n \"containsKey\": \"[[parameters('UAMIResourceId')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"resourceLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceLocation\",\r\n \"description\": \"Location of the resource\"\r\n }\r\n },\r\n \"UAMIResourceId\": {\r\n \"type\": \"string\"\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n },\r\n \"operator\": {\r\n \"type\": \"String\"\r\n },\r\n \"timeAggregation\": {\r\n \"type\": \"String\"\r\n },\r\n \"failingPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/scheduledQueryRules\",\r\n \"apiVersion\": \"2022-08-01-preview\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-ApplicationInsightsThrottlingLimitReachedAlert')]\",\r\n \"location\": \"[[parameters('resourceLocation')]\",\r\n \"identity\": {\r\n \"type\": \"UserAssigned\",\r\n \"userAssignedIdentities\": {\r\n \"[[parameters('UAMIResourceId')]\": {}\r\n }\r\n },\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"[[concat(parameters('resourceName'), '-Application Insights Throttling Limit Reached (Preview)')]\",\r\n \"description\": \"Log Alert for Application Insights Throttling Limit Reached\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[reference(parameters('resourceId'),'2020-02-02').WorkspaceResourceId]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"query\": \"[[format('let policyThresholdString = \\\"{0}\\\"; let resourceTagging = (arg(\\\"\\\").resources | where type =~ \\\"Microsoft.Insights/components\\\" | where tags.[\\\"{1}\\\"] !in~ (\\\"{2}\\\") | project _ResourceId = tolower(id), resourceTags = tags, name); AppSystemEvents | where _ResourceId =~ \\\"{3}\\\" | summarize numOfEvents = sum(toint(Measurements[\\\"BillingTelemetryCount\\\"])) by _ResourceId, Type, bin(TimeGenerated, 1h) | join hint.remote=left kind=inner resourceTagging on _ResourceId | project-away _ResourceId1 | extend newThresholdString = tostring(resourceTags.[\\\"{4}\\\"]) | extend appliedThreshold = iif(isempty(newThresholdString), toint(policyThresholdString), toint(newThresholdString)) | where numOfEvents > appliedThreshold | project TimeGenerated, _ResourceId, name, numOfEvents', parameters('threshold'), parameters('MonitorDisableTagName'), join(parameters('MonitorDisableTagValues'), '\\\",\\\"'), parameters('resourceId'), '_amba-Throttling-threshold-override_')]\",\r\n \"threshold\": 0,\r\n \"operator\": \"[[parameters('operator')]\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"name\",\r\n \"operator\": \"Include\",\r\n \"values\": [\r\n \"*\"\r\n ]\r\n }\r\n ],\r\n \"resourceIdColumn\": \"_ResourceId\",\r\n \"timeAggregation\": \"[[parameters('timeAggregation')]\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": \"[[parameters('evaluationPeriods')]\",\r\n \"minFailingPeriodsToAlert\": \"[[parameters('failingPeriods')]\"\r\n }\r\n }\r\n ]\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"checkWorkspaceAlertsStorageConfigured\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\",\r\n \"parameters\": {\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"resourceLocation\": {\r\n \"value\": \"[[field('location')]\"\r\n },\r\n \"UAMIResourceId\": {\r\n \"value\": \"[[parameters('UAMIResourceId')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"checkWorkspaceAlertsStorageConfigured\": {\r\n \"value\": \"[[parameters('checkWorkspaceAlertsStorageConfigured')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n },\r\n \"operator\": {\r\n \"value\": \"[[parameters('operator')]\"\r\n },\r\n \"timeAggregation\": {\r\n \"value\": \"[[parameters('timeAggregation')]\"\r\n },\r\n \"failingPeriods\": {\r\n \"value\": \"[[parameters('failingPeriods')]\"\r\n },\r\n \"evaluationPeriods\": {\r\n \"value\": \"[[parameters('evaluationPeriods')]\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"value\": \"[[parameters('MonitorDisableTagName')]\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"value\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#5": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ActivityLog_AppInsights_Delete\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Activity Log Application Insights Delete Alert (Preview)\",\r\n \"description\": \"Policy to Deploy Activity Log Application Insights Delete Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"_deployed_by_amba\": true\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisableTagName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag name\",\r\n \"description\": \"Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n },\r\n \"MonitorDisableTagValues\": {\r\n \"type\": \"Array\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring disabled tag values(s)\",\r\n \"description\": \"Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled.\"\r\n },\r\n \"defaultValue\": [\r\n \"true\",\r\n \"Test\",\r\n \"Dev\",\r\n \"Sandbox\"\r\n ]\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.insights/components\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisableTagName'), ']')]\",\r\n \"notIn\": \"[[parameters('MonitorDisableTagValues')]\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"name\": \"ActivityAppInsightsDelete\",\r\n \"existenceScope\": \"resourcegroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Administrative\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"operationName\"\r\n },\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Microsoft.Insights/Components/Delete\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 2\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ActivityAppInsightsDeleteAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"ActivityAppInsightsDelete\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"displayName\": \"Application Insights Resource Delete Alert (Preview)\",\r\n \"description\": \"Activity Log Application Insights Delete Alert\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"Administrative\"\r\n },\r\n {\r\n \"field\": \"operationName\",\r\n \"equals\": \"Microsoft.Insights/Components/Delete\"\r\n },\r\n {\r\n \"field\": \"status\",\r\n \"containsAny\": [\r\n \"succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#6": { "type": "Microsoft.Authorization/policySetDefinitions", @@ -129,7 +129,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Web", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services.", "metadata": { - "version": "1.2.0", + "version": "1.3.0", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -621,6 +621,18 @@ ], "defaultValue": "true" }, + "AppInsightsThrottlingLimitcheckWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Application Insights Throttling Limit Reached Alert Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "AppInsightsThrottlingLimitThreshold": { "type": "String", "metadata": { @@ -1015,6 +1027,9 @@ "autoMitigate": { "value": "[[[parameters('AppInsightsThrottlingLimitAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('AppInsightsThrottlingLimitcheckWorkspaceAlertsStorageConfigured')]" + }, "threshold": { "value": "[[[parameters('AppInsightsThrottlingLimitThreshold')]" }, diff --git a/patterns/alz/policyDefinitions/policySets.json b/patterns/alz/policyDefinitions/policySets.json index 5b596a188..7cfcca2d0 100644 --- a/patterns/alz/policyDefinitions/policySets.json +++ b/patterns/alz/policyDefinitions/policySets.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "2331899988992697473" + "templateHash": "10089845342868886825" } }, "parameters": { @@ -1237,16 +1237,6 @@ "description": "Failing Periods for the alert" } }, - "VMNetworkInComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Network In Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMNetworkOutAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1385,16 +1375,6 @@ "description": "Failing Periods for the alert" } }, - "VMNetworkOutComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Network Out Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskReadLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1533,16 +1513,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1681,16 +1651,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskSpaceAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1829,16 +1789,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskSpaceComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Space Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMPercentCPUAlertSeverity": { "type": "String", "defaultValue": "2", @@ -2367,16 +2317,6 @@ "description": "Failing Periods for the alert" } }, - "VMDataDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Data Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMDataDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -2515,16 +2455,6 @@ "description": "Failing Periods for the alert" } }, - "VMDataDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Data Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "AGWApplicationGatewayTotalTimeAlertSeverity": { "type": "String", "defaultValue": "2", @@ -4558,9 +4488,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMNetworkInEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMNetworkInComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -4615,9 +4542,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMNetworkOutEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMNetworkOutComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -4672,9 +4596,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMOSDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMOSDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -4729,9 +4650,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMOSDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMOSDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -4786,9 +4704,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMOSDiskSpaceEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMOSDiskSpaceComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -4996,9 +4911,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMDataDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMDataDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -5053,9 +4965,6 @@ "evaluationPeriods": { "value": "[[[parameters('VMDataDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[[parameters('VMDataDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[[parameters('ALZMonitorResourceGroupName')]" }, @@ -5575,7 +5484,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Management", "description": "Initiative to deploy AMBA alerts relevant to the ALZ Management management group", "metadata": { - "version": "1.3.1", + "version": "1.4.0", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -5985,6 +5894,18 @@ ], "defaultValue": "true" }, + "LAWDailyCapLimitcheckWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "LAWDailyCapLimitThreshold": { "type": "String", "metadata": { @@ -6110,6 +6031,9 @@ "autoMitigate": { "value": "[[[parameters('LAWDailyCapLimitAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[[parameters('LAWDailyCapLimitcheckWorkspaceAlertsStorageConfigured')]" + }, "threshold": { "value": "[[[parameters('LAWDailyCapLimitThreshold')]" }, diff --git a/patterns/alz/policySetDefinitions/Deploy-HybridVM-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-HybridVM-Alerts.json index c24e285bf..673d52c27 100644 --- a/patterns/alz/policySetDefinitions/Deploy-HybridVM-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-HybridVM-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Hybrid Virtual Machines", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers.", "metadata": { - "version": "1.1.2", + "version": "1.2.0", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -141,6 +141,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMHeartBeatRGcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Heart Beat RG Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMHeartBeatRGAutoResolve": { "type": "string", "defaultValue": "true", @@ -207,16 +215,6 @@ "description": "Time Aggregation for the alert" } }, - "HybridVMHeartBeatRGComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Heart Beat RG Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMHeartBeatRGFailingPeriods": { "type": "string", "defaultValue": "1", @@ -281,6 +279,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMNetworkIncheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Network In Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMNetworkInAutoResolve": { "type": "string", "defaultValue": "true", @@ -363,16 +369,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMNetworkInComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Network In Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMNetworkOutAlertSeverity": { "type": "String", "defaultValue": "2", @@ -429,6 +425,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMNetworkOutcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Network Out Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMNetworkOutAutoResolve": { "type": "string", "defaultValue": "true", @@ -511,16 +515,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMNetworkOutComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Network Out Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMOSDiskReadLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -577,6 +571,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM OS Disk Read Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMOSDiskReadLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -659,16 +661,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMOSDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM OS Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMOSDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -725,6 +717,15 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM OS Disk Write Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, + "HybridVMOSDiskWriteLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -807,16 +808,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMOSDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM OS Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMOSDiskSpaceAlertSeverity": { "type": "String", "defaultValue": "2", @@ -873,6 +864,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMOSDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM OS Disk Space Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMOSDiskSpaceAutoResolve": { "type": "string", "defaultValue": "true", @@ -955,16 +954,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMOSDiskSpaceComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM OS Disk Space Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMPercentCPUAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1021,6 +1010,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMPercentCPUcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Percent CPU Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMPercentCPUAutoResolve": { "type": "string", "defaultValue": "true", @@ -1151,6 +1148,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMPercentMemorycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Percent Memory Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMPercentMemoryAutoResolve": { "type": "string", "defaultValue": "true", @@ -1281,6 +1286,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMDataDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Data Disk Space Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMDataDiskSpaceAutoResolve": { "type": "string", "defaultValue": "true", @@ -1363,16 +1376,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMDataDiskSpaceComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Data Disk Space Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMDataDiskReadLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1429,6 +1432,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Data Disk Read Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMDataDiskReadLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -1511,16 +1522,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMDataDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Data Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMDataDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1577,6 +1578,14 @@ "description": "Auto Mitigate for the alert" } }, + "HybridVMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Data Disk Write Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMDataDiskWriteLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -1659,16 +1668,6 @@ "description": "Failing Periods for the alert" } }, - "HybridVMDataDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "Hybrid VM Data Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "HybridVMDisconnectedAlertSeverity": { "type": "String", "defaultValue": "1", @@ -1723,6 +1722,14 @@ "description": "Auto Mitigate for the Hybrid VM Disconnected alert" } }, + "HybridVMDisconnectedAlertcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "Hybrid VM Disconnected Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "HybridVMDisconnectedAlertPolicyEffect": { "type": "string", "defaultValue": "deployIfNotExists", @@ -1834,6 +1841,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMHeartBeatRGAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMHeartBeatRGcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('HybridVMHeartBeatRGAutoResolve')]" }, @@ -1855,9 +1865,6 @@ "timeAggregation": { "value": "[[parameters('HybridVMHeartBeatRGTimeAggregation')]" }, - "computersToInclude": { - "value": "[[parameters('HybridVMHeartBeatRGComputersToInclude')]" - }, "failingPeriods": { "value": "[[parameters('HybridVMHeartBeatRGFailingPeriods')]" }, @@ -1888,6 +1895,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMNetworkInAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMNetworkIncheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('HybridVMNetworkInAutoResolve')]" }, @@ -1915,9 +1925,6 @@ "evaluationPeriods": { "value": "[[parameters('HybridVMNetworkInEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('HybridVMNetworkInComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -1954,6 +1961,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMNetworkOutAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMNetworkOutcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('HybridVMNetworkOutAutoResolve')]" }, @@ -1981,9 +1991,6 @@ "evaluationPeriods": { "value": "[[parameters('HybridVMNetworkOutEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('HybridVMNetworkOutComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2020,6 +2027,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMOSDiskReadLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('HybridVMOSDiskReadLatencyAutoResolve')]" }, @@ -2047,9 +2057,6 @@ "evaluationPeriods": { "value": "[[parameters('HybridVMOSDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('HybridVMOSDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2086,6 +2093,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMOSDiskWriteLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('HybridVMOSDiskWriteLatencyAutoResolve')]" }, @@ -2113,9 +2123,6 @@ "evaluationPeriods": { "value": "[[parameters('HybridVMOSDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('HybridVMOSDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2152,6 +2159,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMOSDiskSpaceAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMOSDiskSpacecheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('HybridVMOSDiskSpaceAutoResolve')]" }, @@ -2179,9 +2189,6 @@ "evaluationPeriods": { "value": "[[parameters('HybridVMOSDiskSpaceEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('HybridVMOSDiskSpaceComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2218,6 +2225,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMPercentCPUAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMPercentCPUcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('HybridVMPercentCPUAutoResolve')]" }, @@ -2278,6 +2288,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMPercentMemoryAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMPercentMemorycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('HybridVMPercentMemoryAutoResolve')]" }, @@ -2338,6 +2351,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMDataDiskSpaceAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMDataDiskSpacecheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('HybridVMDataDiskSpaceAutoResolve')]" }, @@ -2365,9 +2381,6 @@ "evaluationPeriods": { "value": "[[parameters('HybridVMDataDiskSpaceEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('HybridVMDataDiskSpaceComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2404,6 +2417,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMDataDiskReadLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('HybridVMDataDiskReadLatencyAutoResolve')]" }, @@ -2431,9 +2447,6 @@ "evaluationPeriods": { "value": "[[parameters('HybridVMDataDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('HybridVMDataDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2470,6 +2483,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMDataDiskWriteLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('HybridVMDataDiskWriteLatencyAutoResolve')]" }, @@ -2497,9 +2513,6 @@ "evaluationPeriods": { "value": "[[parameters('HybridVMDataDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('HybridVMDataDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2536,6 +2549,9 @@ "autoMitigate": { "value": "[[parameters('HybridVMDisconnectedAlertAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('HybridVMDisconnectedAlertcheckWorkspaceAlertsStorageConfigured')]" + }, "effect": { "value": "[[parameters('HybridVMDisconnectedAlertPolicyEffect')]" }, diff --git a/patterns/alz/policySetDefinitions/Deploy-LandingZone-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-LandingZone-Alerts.json index 92d9c1b72..73b2a0c2d 100644 --- a/patterns/alz/policySetDefinitions/Deploy-LandingZone-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-LandingZone-Alerts.json @@ -1120,16 +1120,6 @@ "description": "Failing Periods for the alert" } }, - "VMNetworkInComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Network In Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMNetworkOutAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1268,16 +1258,6 @@ "description": "Failing Periods for the alert" } }, - "VMNetworkOutComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Network Out Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskReadLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1416,16 +1396,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1564,16 +1534,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskSpaceAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1712,16 +1672,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskSpaceComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Space Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMPercentCPUAlertSeverity": { "type": "String", "defaultValue": "2", @@ -2250,16 +2200,6 @@ "description": "Failing Periods for the alert" } }, - "VMDataDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Data Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMDataDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -2398,16 +2338,6 @@ "description": "Failing Periods for the alert" } }, - "VMDataDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Data Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "AGWApplicationGatewayTotalTimeAlertSeverity": { "type": "String", "defaultValue": "2", @@ -4441,9 +4371,6 @@ "evaluationPeriods": { "value": "[[parameters('VMNetworkInEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMNetworkInComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -4498,9 +4425,6 @@ "evaluationPeriods": { "value": "[[parameters('VMNetworkOutEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMNetworkOutComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -4555,9 +4479,6 @@ "evaluationPeriods": { "value": "[[parameters('VMOSDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMOSDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -4612,9 +4533,6 @@ "evaluationPeriods": { "value": "[[parameters('VMOSDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMOSDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -4669,9 +4587,6 @@ "evaluationPeriods": { "value": "[[parameters('VMOSDiskSpaceEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMOSDiskSpaceComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -4879,9 +4794,6 @@ "evaluationPeriods": { "value": "[[parameters('VMDataDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMDataDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -4936,9 +4848,6 @@ "evaluationPeriods": { "value": "[[parameters('VMDataDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMDataDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, diff --git a/patterns/alz/policySetDefinitions/Deploy-Management-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-Management-Alerts.json index ea9299128..8748ba579 100644 --- a/patterns/alz/policySetDefinitions/Deploy-Management-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-Management-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Management", "description": "Initiative to deploy AMBA alerts relevant to the ALZ Management management group", "metadata": { - "version": "1.3.1", + "version": "1.4.0", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -416,6 +416,18 @@ ], "defaultValue": "true" }, + "LAWDailyCapLimitcheckWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Log Analytics Workspace Daily Cap Limit Reached Alert Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "LAWDailyCapLimitThreshold": { "type": "String", "metadata": { @@ -541,6 +553,9 @@ "autoMitigate": { "value": "[[parameters('LAWDailyCapLimitAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('LAWDailyCapLimitcheckWorkspaceAlertsStorageConfigured')]" + }, "threshold": { "value": "[[parameters('LAWDailyCapLimitThreshold')]" }, diff --git a/patterns/alz/policySetDefinitions/Deploy-VM-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-VM-Alerts.json index 66d1736a3..20b0b5f17 100644 --- a/patterns/alz/policySetDefinitions/Deploy-VM-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-VM-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Azure Virtual Machines", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.", "metadata": { - "version": "1.0.2", + "version": "1.1.0", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -141,6 +141,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMHeartBeatRGcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Heart Beat Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMHeartBeatRGAutoResolve": { "type": "string", "defaultValue": "true", @@ -207,16 +215,6 @@ "description": "Time Aggregation for the alert" } }, - "VMHeartBeatRGComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Heart Beat RG Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMHeartBeatRGFailingPeriods": { "type": "string", "defaultValue": "1", @@ -281,6 +279,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMNetworkIncheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Network In Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMNetworkInAutoResolve": { "type": "string", "defaultValue": "true", @@ -363,16 +369,6 @@ "description": "Failing Periods for the alert" } }, - "VMNetworkInComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Network In Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMNetworkOutAlertSeverity": { "type": "String", "defaultValue": "2", @@ -429,6 +425,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMNetworkOutcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Network Out Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMNetworkOutAutoResolve": { "type": "string", "defaultValue": "true", @@ -511,16 +515,6 @@ "description": "Failing Periods for the alert" } }, - "VMNetworkOutComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Network Out Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskReadLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -577,6 +571,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM OS Disk Read Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMOSDiskReadLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -659,16 +661,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -725,6 +717,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM OS Disk Write Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMOSDiskWriteLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -807,16 +807,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMOSDiskSpaceAlertSeverity": { "type": "String", "defaultValue": "2", @@ -873,6 +863,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMOSDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "true", + "metadata": { + "displayName": "VM OS Disk Space Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMOSDiskSpaceAutoResolve": { "type": "string", "defaultValue": "true", @@ -955,16 +953,6 @@ "description": "Failing Periods for the alert" } }, - "VMOSDiskSpaceComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM OS Disk Space Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMPercentCPUAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1021,6 +1009,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMPercentCPUcheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Percent CPU Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMPercentCPUAutoResolve": { "type": "string", "defaultValue": "true", @@ -1155,6 +1151,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMPercentMemorycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Percent Memory Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMPercentMemoryAutoResolve": { "type": "string", "defaultValue": "true", @@ -1285,6 +1289,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMDataDiskSpacecheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Data Disk Space Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMDataDiskSpaceAutoResolve": { "type": "string", "defaultValue": "true", @@ -1367,16 +1379,6 @@ "description": "Failing Periods for the alert" } }, - "VMDataDiskSpaceComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Data Disk Space Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMDataDiskReadLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1433,6 +1435,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "false", + "metadata": { + "displayName": "VM Data Disk Read Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMDataDiskReadLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -1515,16 +1525,6 @@ "description": "Failing Periods for the alert" } }, - "VMDataDiskReadLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Data Disk Read Latency Computers To Include", - "description": "Computers To Include for the alert" - } - }, "VMDataDiskWriteLatencyAlertSeverity": { "type": "String", "defaultValue": "2", @@ -1581,6 +1581,14 @@ "description": "Auto Mitigate for the alert" } }, + "VMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured": { + "type": "string", + "defaultValue": "true", + "metadata": { + "displayName": "VM Data Disk Write Latency Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + } + }, "VMDataDiskWriteLatencyAutoResolve": { "type": "string", "defaultValue": "true", @@ -1662,18 +1670,8 @@ "displayName": "VM Data Disk Write Latency Failing Periods", "description": "Failing Periods for the alert" } - }, - "VMDataDiskWriteLatencyComputersToInclude": { - "type": "array", - "defaultValue": [ - "*" - ], - "metadata": { - "displayName": "VM Data Disk Write Latency Computers To Include", - "description": "Computers To Include for the alert" - } } - }, + }, "policyDefinitions": [ { "policyDefinitionReferenceId": "ALZ_VMHeartBeatRG", @@ -1703,6 +1701,9 @@ "autoMitigate": { "value": "[[parameters('VMHeartBeatRGAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('VMHeartBeatRGcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('VMHeartBeatRGAutoResolve')]" }, @@ -1724,9 +1725,6 @@ "timeAggregation": { "value": "[[parameters('VMHeartBeatRGTimeAggregation')]" }, - "computersToInclude": { - "value": "[[parameters('VMHeartBeatRGComputersToInclude')]" - }, "failingPeriods": { "value": "[[parameters('VMHeartBeatRGFailingPeriods')]" }, @@ -1757,6 +1755,9 @@ "autoMitigate": { "value": "[[parameters('VMNetworkInAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('VMNetworkIncheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('VMNetworkInAutoResolve')]" }, @@ -1784,9 +1785,6 @@ "evaluationPeriods": { "value": "[[parameters('VMNetworkInEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMNetworkInComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -1823,6 +1821,9 @@ "autoMitigate": { "value": "[[parameters('VMNetworkOutAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('VMNetworkOutcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('VMNetworkOutAutoResolve')]" }, @@ -1850,9 +1851,6 @@ "evaluationPeriods": { "value": "[[parameters('VMNetworkOutEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMNetworkOutComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -1889,6 +1887,9 @@ "autoMitigate": { "value": "[[parameters('VMOSDiskReadLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('VMOSDiskReadLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('VMOSDiskReadLatencyAutoResolve')]" }, @@ -1916,9 +1917,6 @@ "evaluationPeriods": { "value": "[[parameters('VMOSDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMOSDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -1955,6 +1953,9 @@ "autoMitigate": { "value": "[[parameters('VMOSDiskWriteLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('VMOSDiskWriteLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('VMOSDiskWriteLatencyAutoResolve')]" }, @@ -1982,9 +1983,6 @@ "evaluationPeriods": { "value": "[[parameters('VMOSDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMOSDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2021,6 +2019,9 @@ "autoMitigate": { "value": "[[parameters('VMOSDiskSpaceAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('VMOSDiskSpacecheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('VMOSDiskSpaceAutoResolve')]" }, @@ -2048,9 +2049,6 @@ "evaluationPeriods": { "value": "[[parameters('VMOSDiskSpaceEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMOSDiskSpaceComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2087,6 +2085,9 @@ "autoMitigate": { "value": "[[parameters('VMPercentCPUAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('VMPercentCPUcheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('VMPercentCPUAutoResolve')]" }, @@ -2147,6 +2148,9 @@ "autoMitigate": { "value": "[[parameters('VMPercentMemoryAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('VMPercentMemorycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('VMPercentMemoryAutoResolve')]" }, @@ -2207,6 +2211,9 @@ "autoMitigate": { "value": "[[parameters('VMDataDiskSpaceAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('VMDataDiskSpacecheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('VMDataDiskSpaceAutoResolve')]" }, @@ -2234,9 +2241,6 @@ "evaluationPeriods": { "value": "[[parameters('VMDataDiskSpaceEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMDataDiskSpaceComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2273,6 +2277,9 @@ "autoMitigate": { "value": "[[parameters('VMDataDiskReadLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('VMDataDiskReadLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('VMDataDiskReadLatencyAutoResolve')]" }, @@ -2300,9 +2307,6 @@ "evaluationPeriods": { "value": "[[parameters('VMDataDiskReadLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMDataDiskReadLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -2339,6 +2343,9 @@ "autoMitigate": { "value": "[[parameters('VMDataDiskWriteLatencyAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('VMDataDiskWriteLatencycheckWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('VMDataDiskWriteLatencyAutoResolve')]" }, @@ -2366,9 +2373,6 @@ "evaluationPeriods": { "value": "[[parameters('VMDataDiskWriteLatencyEvaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('VMDataDiskWriteLatencyComputersToInclude')]" - }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, diff --git a/patterns/alz/policySetDefinitions/Deploy-Web-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-Web-Alerts.json index b05634222..ab7f709ca 100644 --- a/patterns/alz/policySetDefinitions/Deploy-Web-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-Web-Alerts.json @@ -6,7 +6,7 @@ "displayName": "Deploy Azure Monitor Baseline Alerts for Web", "description": "This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services.", "metadata": { - "version": "1.2.0", + "version": "1.3.0", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -498,6 +498,18 @@ ], "defaultValue": "true" }, + "AppInsightsThrottlingLimitcheckWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Application Insights Throttling Limit Reached Alert Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "AppInsightsThrottlingLimitThreshold": { "type": "String", "metadata": { @@ -892,6 +904,9 @@ "autoMitigate": { "value": "[[parameters('AppInsightsThrottlingLimitAutoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('AppInsightsThrottlingLimitcheckWorkspaceAlertsStorageConfigured')]" + }, "threshold": { "value": "[[parameters('AppInsightsThrottlingLimitThreshold')]" }, diff --git a/services/Compute/virtualMachines/Deploy-VM-DataDiskReadLatency-Alert.json b/services/Compute/virtualMachines/Deploy-VM-DataDiskReadLatency-Alert.json index bbf19ba8e..7e56c90a0 100644 --- a/services/Compute/virtualMachines/Deploy-VM-DataDiskReadLatency-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-DataDiskReadLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Azure VM Data Disk Read Latency Alert", "description": "Policy to audit/deploy Azure VM dataDiskReadLatency Alert", "metadata": { - "version": "1.7.0", + "version": "1.8.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/Compute/virtualMachines/Deploy-VM-DataDiskSpace-Alert.json b/services/Compute/virtualMachines/Deploy-VM-DataDiskSpace-Alert.json index 238212661..519110e2a 100644 --- a/services/Compute/virtualMachines/Deploy-VM-DataDiskSpace-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-DataDiskSpace-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Azure VM Data Disk Space Alert", "description": "Policy to audit/deploy Azure VM data Disk Space Alert", "metadata": { - "version": "1.7.0", + "version": "1.8.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/Compute/virtualMachines/Deploy-VM-DataDiskWriteLatency-Alert.json b/services/Compute/virtualMachines/Deploy-VM-DataDiskWriteLatency-Alert.json index 8310db738..19c426847 100644 --- a/services/Compute/virtualMachines/Deploy-VM-DataDiskWriteLatency-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-DataDiskWriteLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Azure VM Data Disk Write Latency Alert", "description": "Policy to audit/deploy Azure VM dataDiskWriteLatency Alert", "metadata": { - "version": "1.7.0", + "version": "1.8.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/Compute/virtualMachines/Deploy-VM-HeartBeat-Alert.json b/services/Compute/virtualMachines/Deploy-VM-HeartBeat-Alert.json index 19b4b8033..c23d6b6a9 100644 --- a/services/Compute/virtualMachines/Deploy-VM-HeartBeat-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-HeartBeat-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Azure VM HeartBeat Alert", "description": "Policy to audit/deploy Azure VM HeartBeat Alert for all VMs in the subscription", "metadata": { - "version": "1.6.0", + "version": "1.7.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] } ], "failingPeriods": { @@ -462,6 +470,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -488,6 +497,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -506,9 +518,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -563,6 +572,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -587,9 +599,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/Compute/virtualMachines/Deploy-VM-NetworkIn-Alert.json b/services/Compute/virtualMachines/Deploy-VM-NetworkIn-Alert.json index 997f4c149..3fbb50e78 100644 --- a/services/Compute/virtualMachines/Deploy-VM-NetworkIn-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-NetworkIn-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Azure VM Network Read Alert", "description": "Policy to audit/deploy Azure VM Network Read Alert", "metadata": { - "version": "1.6.0", + "version": "1.7.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "NetworkInterface", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/Compute/virtualMachines/Deploy-VM-NetworkOut-Alert.json b/services/Compute/virtualMachines/Deploy-VM-NetworkOut-Alert.json index f360809b0..35847c1f6 100644 --- a/services/Compute/virtualMachines/Deploy-VM-NetworkOut-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-NetworkOut-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Azure VM Network Write Alert", "description": "Policy to audit/deploy Azure VM Network Out Alert", "metadata": { - "version": "1.6.0", + "version": "1.7.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "NetworkInterface", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/Compute/virtualMachines/Deploy-VM-OSDiskReadLatency-Alert.json b/services/Compute/virtualMachines/Deploy-VM-OSDiskReadLatency-Alert.json index dcb6bb125..940527f62 100644 --- a/services/Compute/virtualMachines/Deploy-VM-OSDiskReadLatency-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-OSDiskReadLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Azure VM OS Disk Read Latency Alert", "description": "Policy to audit/deploy Azure VM OSDiskreadLatency Alert", "metadata": { - "version": "1.7.0", + "version": "1.8.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/Compute/virtualMachines/Deploy-VM-OSDiskSpace-Alert.json b/services/Compute/virtualMachines/Deploy-VM-OSDiskSpace-Alert.json index d39e0748c..6132bf92f 100644 --- a/services/Compute/virtualMachines/Deploy-VM-OSDiskSpace-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-OSDiskSpace-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Azure VM OS Disk Space Alert", "description": "Policy to audit/deploy Azure VM OSDiskSpace Alert", "metadata": { - "version": "1.7.0", + "version": "1.8.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/Compute/virtualMachines/Deploy-VM-OSDiskWriteLatency-Alert.json b/services/Compute/virtualMachines/Deploy-VM-OSDiskWriteLatency-Alert.json index 09e488b86..a16f9f63d 100644 --- a/services/Compute/virtualMachines/Deploy-VM-OSDiskWriteLatency-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-OSDiskWriteLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Azure VM OS Disk Write Latency Alert", "description": "Policy to audit/deploy Azure VM OSDiskwriteLatency Alert", "metadata": { - "version": "1.7.0", + "version": "1.8.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/Compute/virtualMachines/Deploy-VM-PercentCPU-Alert.json b/services/Compute/virtualMachines/Deploy-VM-PercentCPU-Alert.json index 3a017240c..41faf2701 100644 --- a/services/Compute/virtualMachines/Deploy-VM-PercentCPU-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-PercentCPU-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Azure VM CPU Alert", "description": "Policy to audit/deploy Azure VM CPU Alert", "metadata": { - "version": "1.5.0", + "version": "1.6.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -272,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -330,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -451,6 +470,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -477,6 +497,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -549,6 +572,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, diff --git a/services/Compute/virtualMachines/Deploy-VM-PercentMemory-Alert.json b/services/Compute/virtualMachines/Deploy-VM-PercentMemory-Alert.json index d7cf6833a..3bda030d7 100644 --- a/services/Compute/virtualMachines/Deploy-VM-PercentMemory-Alert.json +++ b/services/Compute/virtualMachines/Deploy-VM-PercentMemory-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Azure VM Memory Alert", "description": "Policy to audit/deploy Azure VM Memory Alert", "metadata": { - "version": "1.6.0", + "version": "1.7.0", "category": "Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -272,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -330,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -451,6 +470,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -477,6 +497,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -549,6 +572,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskReadLatency-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskReadLatency-Alert.json index 2d523e689..7318ce7af 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskReadLatency-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskReadLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM Data Disk Read Latency Alert", "description": "Policy to audit/deploy Hybrid VM Disk Read Latency Alert", "metadata": { - "version": "1.5.0", + "version": "1.6.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskSpace-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskSpace-Alert.json index dd5106e62..ee248435e 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskSpace-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskSpace-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM Data Disk Space Alert", "description": "Policy to audit/deploy Hybrid VM Data Disk Space Alert", "metadata": { - "version": "1.5.0", + "version": "1.6.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskWriteLatency-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskWriteLatency-Alert.json index 34f515b66..02f91571c 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskWriteLatency-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-DataDiskWriteLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM Data Disk Write Latency Alert", "description": "Policy to audit/deploy Hybrid VM Data Disk Write Latency Alert", "metadata": { - "version": "1.5.0", + "version": "1.6.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-Disconnected-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-Disconnected-Alert.json index 3404f5c38..ba29209c1 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-Disconnected-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-Disconnected-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM Disconnected Alert", "description": "Policy to audit/deploy Hybrid VM Disconnected Alert", "metadata": { - "version": "1.6.0", + "version": "1.7.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "enabled": { "type": "String", "metadata": { @@ -267,6 +279,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -325,6 +341,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "enabled": { "type": "String" }, @@ -440,6 +459,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "parameters": { "alertResourceGroupName": { "value": "[[parameters('alertResourceGroupName')]" @@ -462,6 +482,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "enabled": { "value": "[[parameters('enabled')]" }, @@ -528,6 +551,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "enabled": { "value": "[[parameters('enabled')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-HeartBeat-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-HeartBeat-Alert.json index d3bbceab8..9a61c8b44 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-HeartBeat-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-HeartBeat-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM HeartBeat Alert", "description": "Policy to audit/deploy Hybrid VM HeartBeat Alert", "metadata": { - "version": "1.4.0", + "version": "1.5.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] } ], "failingPeriods": { @@ -462,6 +470,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -488,6 +497,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -506,9 +518,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -563,6 +572,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -587,9 +599,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-NetworkIn-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-NetworkIn-Alert.json index 4b792bbae..2fdca3ae4 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-NetworkIn-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-NetworkIn-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM Network Read Alert", "description": "Policy to audit/deploy Hybrid VM Nework Read Alert", "metadata": { - "version": "1.4.0", + "version": "1.5.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "NetworkInterface", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-NetworkOut-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-NetworkOut-Alert.json index a031914ea..e0537f6ec 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-NetworkOut-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-NetworkOut-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM Network Write Alert", "description": "Policy to audit/deploy Hybrid VM Network Out Alert", "metadata": { - "version": "1.4.0", + "version": "1.5.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "NetworkInterface", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskReadLatency-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskReadLatency-Alert.json index 99fbee7b1..311efb3ef 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskReadLatency-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskReadLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM OS Disk Read Latency Alert", "description": "Policy to audit/deploy Hybrid VM OS Disk Read Latency Alert", "metadata": { - "version": "1.5.0", + "version": "1.6.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskSpace-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskSpace-Alert.json index 6022359ac..312586a82 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskSpace-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskSpace-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM OS Disk Space Alert", "description": "Policy to audit/deploy Hybrid VM OS Disk Space Alert", "metadata": { - "version": "1.5.0", + "version": "1.6.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskWriteLatency-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskWriteLatency-Alert.json index 6f5b52a9c..e287ae5c8 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskWriteLatency-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-OSDiskWriteLatency-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM OS Disk Write Latency Alert", "description": "Policy to audit/deploy Hybrid VM OS Disk Write Latency Alert", "metadata": { - "version": "1.5.0", + "version": "1.6.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -185,16 +197,6 @@ }, "defaultValue": "1" }, - "computersToInclude": { - "type": "array", - "metadata": { - "displayName": "Computers to be included to be monitored", - "description": "Array of Computer to be monitored" - }, - "defaultValue": [ - "*" - ] - }, "effect": { "type": "String", "metadata": { @@ -282,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -340,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -364,9 +373,6 @@ "evaluationPeriods": { "type": "String" }, - "computersToInclude": { - "type": "array" - }, "MonitorDisableTagName": { "type": "String" }, @@ -451,7 +457,9 @@ { "name": "Computer", "operator": "Include", - "values": "[[parameters('computersToInclude')]" + "values": [ + "*" + ] }, { "name": "Disk", @@ -469,6 +477,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -495,6 +504,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -513,9 +525,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, @@ -570,6 +579,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -594,9 +606,6 @@ "evaluationPeriods": { "value": "[[parameters('evaluationPeriods')]" }, - "computersToInclude": { - "value": "[[parameters('computersToInclude')]" - }, "MonitorDisableTagName": { "value": "[[parameters('MonitorDisableTagName')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-PercentCPU-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-PercentCPU-Alert.json index 60d15375a..39bc42511 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-PercentCPU-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-PercentCPU-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM CPU Alert", "description": "Policy to audit/deploy Hybrid VM CPU Alert", "metadata": { - "version": "1.4.0", + "version": "1.5.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -272,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -330,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -451,6 +470,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -477,6 +497,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -549,6 +572,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, diff --git a/services/HybridCompute/machines/Deploy-Hybrid-VM-PercentMemory-Alert.json b/services/HybridCompute/machines/Deploy-Hybrid-VM-PercentMemory-Alert.json index 7b154b8c8..ed53f067b 100644 --- a/services/HybridCompute/machines/Deploy-Hybrid-VM-PercentMemory-Alert.json +++ b/services/HybridCompute/machines/Deploy-Hybrid-VM-PercentMemory-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Hybrid VM Memory Alert", "description": "Policy to audit/deploy Hybrid VM Memory Alert", "metadata": { - "version": "1.4.0", + "version": "1.5.0", "category": "Hybrid Compute", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -129,6 +129,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "autoResolve": { "type": "String", "metadata": { @@ -272,6 +284,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].operator", "equals": "[[parameters('operator')]" @@ -330,6 +346,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "autoResolve": { "type": "String" }, @@ -451,6 +470,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "ruleResolveConfiguration": { "autoResolved": "[[parameters('autoResolve')]", "timeToResolve": "[[parameters('autoResolveTime')]" @@ -477,6 +497,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, @@ -549,6 +572,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "autoResolve": { "value": "[[parameters('autoResolve')]" }, diff --git a/services/Insights/components/Deploy-AppInsightsThrottlingLimit-Alert.json b/services/Insights/components/Deploy-AppInsightsThrottlingLimit-Alert.json index ea853c5aa..43920fe1b 100644 --- a/services/Insights/components/Deploy-AppInsightsThrottlingLimit-Alert.json +++ b/services/Insights/components/Deploy-AppInsightsThrottlingLimit-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy Application Insights Throttling Limit Reached Alert (Preview)", "description": "Policy to audit/deploy Application Insights Throttling Limit Reached Alert", "metadata": { - "version": "1.1.0", + "version": "1.2.0", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -118,6 +118,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "enabled": { "type": "String", "metadata": { @@ -230,6 +242,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", "equals": 0 @@ -303,6 +319,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "enabled": { "type": "String" }, @@ -379,6 +398,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "parameters": { "UAMIResourceId": { "value": "[[parameters('UAMIResourceId')]" @@ -395,6 +415,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "enabled": { "value": "[[parameters('enabled')]" }, @@ -449,6 +472,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "enabled": { "value": "[[parameters('enabled')]" }, diff --git a/services/OperationalInsights/workspaces/Deploy-LAWorkspace-DailyCapLimitReached-Alert.json b/services/OperationalInsights/workspaces/Deploy-LAWorkspace-DailyCapLimitReached-Alert.json index f1e18a88c..189ed4183 100644 --- a/services/OperationalInsights/workspaces/Deploy-LAWorkspace-DailyCapLimitReached-Alert.json +++ b/services/OperationalInsights/workspaces/Deploy-LAWorkspace-DailyCapLimitReached-Alert.json @@ -8,7 +8,7 @@ "displayName": "Deploy LA Workspace Daily Cap Limit Reached Alert", "description": "Policy to audit/deploy LA Workspace Daily Cap Limit Reached Alert", "metadata": { - "version": "1.2.0", + "version": "1.3.0", "category": "Monitoring", "source": "https://github.com/Azure/azure-monitor-baseline-alerts/", "alzCloudEnvironments": [ @@ -118,6 +118,18 @@ ], "defaultValue": "true" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String", + "metadata": { + "displayName": "Require a workspace linked storage", + "description": "Don't create the alert rule if the Log Analytics workspace doesn't have a configured linked storage account (relevant if you're using Customer Managed Keys)." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, "enabled": { "type": "String", "metadata": { @@ -234,6 +246,10 @@ "field": "Microsoft.Insights/scheduledQueryRules/autoMitigate", "equals": "[[parameters('autoMitigate')]" }, + { + "field": "Microsoft.Insights/scheduledQueryRules/checkWorkspaceAlertsStorageConfigured", + "equals": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, { "field": "Microsoft.Insights/scheduledQueryRules/criteria.allOf[*].threshold", "equals": "[[parameters('threshold')]" @@ -307,6 +323,9 @@ "autoMitigate": { "type": "String" }, + "checkWorkspaceAlertsStorageConfigured": { + "type": "String" + }, "enabled": { "type": "String" }, @@ -383,6 +402,7 @@ ] }, "autoMitigate": "[[parameters('autoMitigate')]", + "checkWorkspaceAlertsStorageConfigured": "[[parameters('checkWorkspaceAlertsStorageConfigured')]", "parameters": { "UAMIResourceId": { "value": "[[parameters('UAMIResourceId')]" @@ -399,6 +419,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "enabled": { "value": "[[parameters('enabled')]" }, @@ -453,6 +476,9 @@ "autoMitigate": { "value": "[[parameters('autoMitigate')]" }, + "checkWorkspaceAlertsStorageConfigured": { + "value": "[[parameters('checkWorkspaceAlertsStorageConfigured')]" + }, "enabled": { "value": "[[parameters('enabled')]" },