Home DevOps Microsoft Azure — Azure Alerts & Action Groups
Intermediate 5 min · July 12, 2026

Microsoft Azure — Azure Alerts & Action Groups

Alert rules, action groups, SMS/email/push notifications, ITSM integration, and smart groups..

N
Naren Founder & Principal Engineer

20+ years shipping production infrastructure and CI/CD at scale. Everything here is grounded in real deployments.

Follow
Verified
production tested
July 12, 2026
last updated
1,983
articles · all by Naren
Before you start⏱ 25 min
  • Azure subscription, basic knowledge of Azure Monitor, familiarity with Azure portal, PowerShell or Azure CLI installed, Log Analytics workspace (for log alerts), Automation account (for remediation runbooks).
✦ Definition~90s read
What is Microsoft Azure?

Microsoft Azure — Azure Alerts & Action Groups is a core Azure service that handles alerts action groups in the Microsoft cloud ecosystem.

⚙ Browser compatibility
Latest versions — ✓ supported
ChromeFirefoxSafariEdge

Azure is Microsoft's cloud computing platform offering over 200 services. This article covers azure alerts & action groups with production-ready configurations, best practices, and hands-on examples.

Why Azure Alerts and Action Groups Matter in Production

In production, monitoring is not optional—it's the difference between a 5-minute outage and a 5-hour firefight. Azure Alerts paired with Action Groups form the backbone of incident response. Alerts detect anomalies (metric thresholds, log queries, activity events) and trigger notifications or automated remediation. Action Groups define who gets paged, which webhook fires, or which ITSM ticket gets created. Without them, you're flying blind. I've seen teams lose SLAs because they relied on manual dashboard watching. Automate your alerting from day one. The cost of a missed alert in production far exceeds the effort to set up proper Action Groups.

alert-rule-arm-template.jsonJSON
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Insights/metricAlerts",
      "apiVersion": "2018-03-01",
      "name": "CPU-Over-90-Percent",
      "location": "global",
      "properties": {
        "description": "Alert when CPU > 90% for 5 minutes",
        "severity": 1,
        "enabled": true,
        "scopes": [
          "[resourceId('Microsoft.Compute/virtualMachines', 'prod-vm-01')]"
        ],
        "evaluationFrequency": "PT1M",
        "windowSize": "PT5M",
        "criteria": {
          "allOf": [
            {
              "metricName": "Percentage CPU",
              "metricNamespace": "Microsoft.Compute/virtualMachines",
              "operator": "GreaterThan",
              "threshold": 90,
              "timeAggregation": "Average"
            }
          ]
        },
        "actions": [
          {
            "actionGroupId": "[resourceId('Microsoft.Insights/actionGroups', 'On-Call-Engineers')]"
          }
        ]
      }
    }
  ]
}
Output
Deploy via: az deployment group create --resource-group prod-rg --template-file alert-rule-arm-template.json
⚠ Don't alert on everything
Alert fatigue is real. Only create alerts for conditions that require human action. If it's informational, use a dashboard or log analytics query instead.
📊 Production Insight
In production, a misconfigured Action Group (e.g., wrong email alias) can delay incident response by hours. Always test with a live notification before deploying.
🎯 Key Takeaway
Azure Alerts detect issues; Action Groups route them to the right people or systems.

Anatomy of an Azure Alert Rule

An alert rule consists of a resource scope, condition (signal logic), severity, and action group. The signal can be a metric (e.g., CPU > 90%), a log query (e.g., errors > 100 in 5 min), or an activity log event (e.g., VM deletion). Severity ranges from 0 (Critical) to 4 (Verbose). Use severity 0-2 for actionable alerts; 3-4 for informational. The condition includes operator, threshold, aggregation granularity, and frequency of evaluation. For metric alerts, you can also use dynamic thresholds that adapt to historical patterns—useful for seasonal workloads. Always set a proper window size to avoid flapping. For example, a 5-minute window with 1-minute frequency means the alert fires only if the condition persists for 5 consecutive minutes.

create-metric-alert.ps1POWERSHELL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Create a metric alert for VM CPU
$resourceId = "/subscriptions/.../resourceGroups/prod-rg/providers/Microsoft.Compute/virtualMachines/prod-vm-01"
$actionGroupId = "/subscriptions/.../resourceGroups/prod-rg/providers/Microsoft.Insights/actionGroups/On-Call-Engineers"

$condition = New-AzMetricAlertRuleV2Criteria `
  -MetricName "Percentage CPU" `
  -TimeAggregation Average `
  -Operator GreaterThan `
  -Threshold 90

Add-AzMetricAlertRuleV2 `
  -Name "CPU-Over-90-Percent" `
  -ResourceGroupName "prod-rg" `
  -WindowSize (New-TimeSpan -Minutes 5) `
  -Frequency (New-TimeSpan -Minutes 1) `
  -TargetResourceId $resourceId `
  -Condition $condition `
  -ActionGroupId $actionGroupId `
  -Severity 1
Output
Alert rule 'CPU-Over-90-Percent' created successfully.
💡Use dynamic thresholds for variable workloads
If your app has predictable peaks (e.g., end-of-month batch jobs), dynamic thresholds adjust automatically, reducing false positives.
📊 Production Insight
I once saw an alert fire every 5 minutes because the window size was too short (1 minute). Always set window size to at least 5 minutes for metric alerts to avoid noise.
🎯 Key Takeaway
An alert rule is a combination of scope, condition, severity, and action group.

Action Groups: The Nerve Center of Incident Response

Action Groups are collections of notification channels and actions triggered by an alert. They can include email, SMS, voice call, webhook, Azure Function, Logic App, ITSM connector, or automation runbook. Each action type has its own use case: email for non-critical, SMS/voice for on-call, webhook for integrating with PagerDuty or Slack. You can also define multiple actions in one group—e.g., email the team and trigger a webhook to create a Jira ticket. Action Groups support role-based access control (RBAC) so only authorized users can modify them. In production, always have at least two notification channels (e.g., email + SMS) to avoid single points of failure. Test your Action Group by sending a test alert from the Azure portal.

action-group-arm-template.jsonJSON
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Insights/actionGroups",
      "apiVersion": "2021-09-01",
      "name": "On-Call-Engineers",
      "location": "Global",
      "properties": {
        "groupShortName": "oncall",
        "enabled": true,
        "emailReceivers": [
          {
            "name": "Team Email",
            "emailAddress": "oncall@contoso.com",
            "useCommonAlertSchema": true
          }
        ],
        "smsReceivers": [
          {
            "name": "Primary On-Call",
            "countryCode": "1",
            "phoneNumber": "555-1234"
          }
        ],
        "webhookReceivers": [
          {
            "name": "PagerDuty",
            "serviceUri": "https://events.pagerduty.com/integration/.../enqueue",
            "useCommonAlertSchema": true
          }
        ]
      }
    }
  ]
}
Output
Deploy via: az deployment group create --resource-group prod-rg --template-file action-group-arm-template.json
🔥Common Alert Schema
Enable 'Use common alert schema' for all receivers. It standardizes the payload, making integrations easier to maintain.
📊 Production Insight
In a past outage, our SMS provider had a regional failure. Because we also had email and webhook, we still got notified via Slack. Always diversify notification channels.
🎯 Key Takeaway
Action Groups route alerts to people and systems via multiple channels.

Log Alert Rules: Querying Your Way to Insight

Log alerts run Log Analytics queries at a defined frequency and fire when results meet a threshold. They're powerful for detecting patterns like error spikes, slow queries, or security events. The query can be over a fixed time range (e.g., last 5 minutes) and you can aggregate results (e.g., count > 100). You can also use dimensions to split alerts by resource or property. For example, alert when any VM has > 50 failed logins. Log alerts are charged per query execution, so optimize your queries to be efficient. Use the 'Number of results' or 'Metric measurement' alert logic. 'Metric measurement' allows grouping and alerting on each group independently—ideal for per-resource thresholds.

log-alert-query.kqlKQL
1
2
3
4
5
6
7
// Alert when any VM has > 50 failed logins in 5 minutes
let threshold = 50;
SigninLogs
| where TimeGenerated > ago(5m)
| where ResultType == "50074" // Failed login
| summarize FailedCount = count() by Identity, DeviceDetail.deviceId
| where FailedCount > threshold
Output
Returns rows where FailedCount > 50. If any row exists, alert fires.
⚠ Query cost and performance
Log alerts run against your Log Analytics workspace. Poorly written queries can be expensive and slow. Always test with 'Last 24 hours' before setting as an alert.
📊 Production Insight
We once had a log alert that queried all tables in the workspace. It cost $200/month. Scope your query to specific tables and use time filters to reduce cost.
🎯 Key Takeaway
Log alerts use KQL queries to detect complex patterns in log data.

Activity Log Alerts: Reacting to Azure Resource Changes

Activity log alerts fire when specific operations occur on Azure resources, such as VM creation, deletion, or security policy changes. They are essential for compliance and security monitoring. For example, alert when someone deletes a resource group or modifies a network security group. You can filter by resource type, operation name, status, and caller. Activity log alerts are free (no additional cost) and have near-real-time latency. They are ideal for detecting unauthorized changes or tracking critical operations. In production, I recommend creating activity log alerts for: resource deletion, role assignment changes, and security policy modifications. Combine with Action Groups to notify the security team immediately.

activity-log-alert-arm-template.jsonJSON
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "microsoft.insights/activityLogAlerts",
      "apiVersion": "2017-04-01",
      "name": "Resource-Group-Deleted",
      "location": "Global",
      "properties": {
        "enabled": true,
        "scopes": [
          "/subscriptions/..."
        ],
        "condition": {
          "allOf": [
            {
              "field": "category",
              "equals": "Administrative"
            },
            {
              "field": "operationName",
              "equals": "Microsoft.Resources/subscriptions/resourcegroups/delete"
            },
            {
              "field": "status",
              "equals": "Succeeded"
            }
          ]
        },
        "actions": {
          "actionGroups": [
            {
              "actionGroupId": "[resourceId('Microsoft.Insights/actionGroups', 'Security-Team')]"
            }
          ]
        }
      }
    }
  ]
}
Output
Deploy via: az deployment group create --resource-group prod-rg --template-file activity-log-alert-arm-template.json
🔥Activity log alerts are free
Unlike metric or log alerts, activity log alerts incur no additional cost. Use them liberally for security and compliance.
📊 Production Insight
A junior admin once accidentally deleted a production resource group. Our activity log alert fired within seconds, and we restored from backup before any data loss.
🎯 Key Takeaway
Activity log alerts notify you of changes to Azure resources themselves.

Smart Groups and Alert Processing Rules

Smart Groups automatically correlate related alerts into a single incident, reducing noise. They group alerts that share the same resource, alert rule, or time window. For example, if a VM goes down, you might get alerts for CPU, memory, and disk—Smart Groups combine them. Alert Processing Rules allow you to modify alert behavior at scale. You can suppress alerts during maintenance windows, apply action groups to all alerts in a subscription, or filter alerts by severity. For example, suppress all non-critical alerts during a planned deployment. Use these to manage alert fatigue and ensure only meaningful alerts reach on-call engineers.

alert-processing-rule-arm-template.jsonJSON
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.AlertsManagement/actionRules",
      "apiVersion": "2021-08-08",
      "name": "Maintenance-Window-Suppression",
      "location": "Global",
      "properties": {
        "scopes": [
          "/subscriptions/..."
        ],
        "conditions": {
          "severity": {
            "operator": "Equals",
            "values": ["Sev3", "Sev4"]
          }
        },
        "actions": [
          {
            "actionType": "Suppression",
            "suppressionConfig": {
              "recurrenceType": "Once",
              "schedule": {
                "startDate": "2026-07-12",
                "endDate": "2026-07-13",
                "startTime": "02:00:00",
                "endTime": "06:00:00"
              }
            }
          }
        ],
        "description": "Suppress non-critical alerts during maintenance window"
      }
    }
  ]
}
Output
Deploy via: az deployment group create --resource-group prod-rg --template-file alert-processing-rule-arm-template.json
💡Use alert processing rules for maintenance
Instead of disabling alerts manually, create a suppression rule for the maintenance window. This avoids forgetting to re-enable them.
📊 Production Insight
During a major release, we suppressed all Sev3+ alerts for 4 hours. This prevented alert fatigue and allowed the team to focus on deployment issues.
🎯 Key Takeaway
Smart Groups reduce noise; Alert Processing Rules give you control over alert behavior at scale.

Automated Remediation with Action Groups

Action Groups can trigger automated responses via Azure Automation runbooks, Azure Functions, or Logic Apps. For example, if a VM's CPU is high, you can scale up the VM or restart a service. This reduces mean time to resolution (MTTR). To implement, create an Automation account with a runbook, then add it as an action in your Action Group. The alert payload includes context (resource, condition) that the runbook can use. Be cautious: automated actions can cause cascading failures. Always include a check (e.g., verify the VM is still running) and add a manual approval step for critical actions. Test in a non-production environment first.

remediation-runbook.ps1POWERSHELL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
param(
    [object]$WebhookData
)

$alertContext = $WebhookData.RequestBody | ConvertFrom-Json
$vmName = $alertContext.data.context.resourceName
$resourceGroup = $alertContext.data.context.resourceGroupName

# Restart the VM
Stop-AzVM -Name $vmName -ResourceGroupName $resourceGroup -Force
Start-AzVM -Name $vmName -ResourceGroupName $resourceGroup

# Log the action
Write-Output "Restarted VM $vmName due to alert"
Output
Runbook executed. VM restarted successfully.
⚠ Avoid infinite loops
If your remediation restarts a service that triggers another alert, you'll get a loop. Add a cooldown period or check if the action was already taken.
📊 Production Insight
We automated scaling up a VM when CPU > 90%. But the scale operation itself caused a brief CPU spike, triggering another alert. We added a 10-minute cooldown to break the loop.
🎯 Key Takeaway
Automated remediation via Action Groups reduces MTTR but requires careful design.

Testing and Validating Your Alert Pipeline

Never assume your alerts work. Test them regularly. Azure provides a 'Test action group' feature that sends a sample alert to all configured actions. For metric alerts, you can manually trigger a condition (e.g., run a CPU stress test). For log alerts, run the query manually and verify it returns expected results. Also test the end-to-end pipeline: alert fires → Action Group triggers → notification received → automated remediation runs. Schedule quarterly 'fire drills' where you simulate an outage and verify the alerting chain. Document the test results and fix any gaps. In production, a broken alert is worse than no alert—it gives false confidence.

stress-cpu.shBASH
1
2
3
4
#!/bin/bash
# Stress CPU to trigger alert
apt-get update && apt-get install -y stress
stress --cpu 4 --timeout 120
Output
CPU usage spikes to 100% for 2 minutes. Alert should fire within 5 minutes.
🔥Test alerts in a non-production environment first
Use a separate resource group or subscription for testing. Avoid triggering real alerts in production that might wake up on-call engineers.
📊 Production Insight
We discovered during a fire drill that our SMS provider had changed its API endpoint. Because we tested quarterly, we caught it before a real outage.
🎯 Key Takeaway
Regular testing of alerts and Action Groups is critical to ensure they work when needed.

Cost Management and Best Practices

Azure Alerts have a pricing model: metric alerts are free up to a limit, log alerts are charged per query execution, and action group notifications (SMS, voice) have per-message costs. To control costs: use metric alerts where possible (free), optimize log queries to reduce execution frequency, and limit SMS/voice to critical alerts only. Use action groups with email for non-critical alerts. Monitor your alert costs in Azure Cost Management. Also, avoid creating duplicate alerts on the same condition. Use alert processing rules to suppress noisy alerts. Finally, document your alert rules and action groups in a runbook so the team understands the monitoring strategy.

cost-optimized-alert.jsonJSON
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
{
  "type": "Microsoft.Insights/metricAlerts",
  "apiVersion": "2018-03-01",
  "name": "Disk-Space-Low",
  "properties": {
    "description": "Alert when disk space < 10% for 15 minutes",
    "severity": 2,
    "enabled": true,
    "scopes": ["..."],
    "evaluationFrequency": "PT5M",
    "windowSize": "PT15M",
    "criteria": {
      "allOf": [{
        "metricName": "Percentage Free Space",
        "operator": "LessThan",
        "threshold": 10,
        "timeAggregation": "Minimum"
      }]
    },
    "actions": [{
      "actionGroupId": "..."
    }]
  }
}
Output
Deploy and monitor costs in Azure Cost Management.
💡Use metric alerts over log alerts when possible
Metric alerts are free and have lower latency. Reserve log alerts for complex conditions that can't be expressed as metrics.
📊 Production Insight
We reduced our monthly alerting cost by 40% by converting several log alerts to metric alerts and suppressing non-critical alerts during off-hours.
🎯 Key Takeaway
Optimize alert costs by using metric alerts, efficient log queries, and limiting expensive notification channels.

Integrating with ITSM and Incident Management Tools

Action Groups can integrate with IT Service Management (ITSM) tools like ServiceNow, Jira, or PagerDuty via webhooks or the ITSM connector. The ITSM connector supports bidirectional sync: Azure creates a ticket in the ITSM tool, and updates from the tool (e.g., resolution) can close the alert in Azure. This is critical for organizations that follow ITIL processes. To set up, configure the ITSM connection in Azure Monitor, then select it as an action in your Action Group. For webhook-based integrations, use the common alert schema for consistent payloads. Test the integration by sending a test alert. In production, ensure your ITSM tool can handle the alert volume—otherwise, it becomes a bottleneck.

itsm-action-group.jsonJSON
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{
  "type": "Microsoft.Insights/actionGroups",
  "apiVersion": "2021-09-01",
  "name": "ServiceNow-Integration",
  "properties": {
    "groupShortName": "snow",
    "enabled": true,
    "itsmReceivers": [
      {
        "name": "ServiceNow",
        "workspaceId": "...",
        "connectionId": "...",
        "ticketConfiguration": "{\"AssignmentGroup\":\"CloudOps\"}",
        "region": "EastUS"
      }
    ]
  }
}
Output
Deploy and test by triggering an alert. A ticket should appear in ServiceNow.
🔥ITSM connector requires a connection object
Create the ITSM connection in Azure Monitor under 'ITSM Connector' before referencing it in an Action Group.
📊 Production Insight
We integrated with ServiceNow, but the alert volume caused ticket storms. We added alert processing rules to group related alerts into a single ticket, reducing noise.
🎯 Key Takeaway
ITSM integration ensures alerts become tracked incidents with proper workflows.

Monitoring Alert Health and Metrics

Alerts themselves need monitoring. Azure provides metrics for alert rules: fired, resolved, and action group success/failure rates. Use these to detect if an alert is not firing or if notifications are failing. Set up a 'canary' alert—a simple metric alert that fires periodically (e.g., every hour) to verify the pipeline works. Monitor the alert rule's health via Azure Monitor metrics or log queries. For example, query the AzureActivity table for alert rule failures. If an action group consistently fails (e.g., email bounces), you need to fix it. In production, I've seen silent failures where an alert fired but the SMS provider rejected the message. Always have a dashboard showing alert health.

alert-health-query.kqlKQL
1
2
3
4
5
6
// Check for action group failures in last 24 hours
AzureActivity
| where TimeGenerated > ago(1d)
| where OperationName == "Microsoft.Insights/actionGroups/write"
| where ActivityStatus == "Failure"
| project TimeGenerated, Caller, Resource, FailureReason
Output
Returns any failed action group operations.
⚠ Don't ignore alert rule failures
If an alert rule fails to evaluate, it won't fire. Monitor the 'Alert Rule State' metric and set up an alert on it.
📊 Production Insight
We had a silent failure where the alert rule's query timed out due to a workspace scaling issue. We now monitor alert rule health with a separate alert.
🎯 Key Takeaway
Monitor your alerting infrastructure to ensure it's working correctly.

Putting It All Together: A Production Alerting Strategy

A robust alerting strategy combines all the pieces: define clear severity levels, use metric alerts for infrastructure, log alerts for application errors, activity log alerts for security, and action groups with multiple channels. Implement automated remediation for common issues (e.g., restart a service) but with safeguards. Use alert processing rules to suppress noise during maintenance. Test everything regularly. Document your alert rules and action groups in a runbook. Finally, review and tune alerts quarterly—remove stale ones, adjust thresholds, and add new ones as your system evolves. The goal is to have a system where every alert is actionable, and every action is reliable.

complete-alerting-strategy.jsonJSON
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
  "severityLevels": {
    "Sev0": "Critical - immediate human action required",
    "Sev1": "Error - needs attention within 15 minutes",
    "Sev2": "Warning - investigate within 1 hour",
    "Sev3": "Informational - no action needed"
  },
  "alertTypes": [
    {
      "type": "Metric",
      "examples": ["CPU > 90%", "Disk < 10% free"],
      "actionGroup": "On-Call-Engineers"
    },
    {
      "type": "Log",
      "examples": ["Error count > 100 in 5 min"],
      "actionGroup": "App-Team"
    },
    {
      "type": "Activity Log",
      "examples": ["Resource group deleted"],
      "actionGroup": "Security-Team"
    }
  ],
  "remediation": {
    "automated": ["Restart VM on high CPU"],
    "manual": ["Database failover requires approval"]
  }
}
Output
Use this as a template for your own strategy.
💡Start simple, iterate
Don't try to build the perfect system on day one. Start with a few critical alerts, then add more as you learn what matters.
📊 Production Insight
Our alerting strategy evolved over 2 years. We started with 5 alerts, now have 50. The key was regular reviews and removing alerts that no longer provided value.
🎯 Key Takeaway
A production alerting strategy is a living system that requires continuous refinement.
⚙ Quick Reference
12 commands from this guide
FileCommand / CodePurpose
alert-rule-arm-template.json{Why Azure Alerts and Action Groups Matter in Production
create-metric-alert.ps1$resourceId = "/subscriptions/.../resourceGroups/prod-rg/providers/Microsoft.Com...Anatomy of an Azure Alert Rule
action-group-arm-template.json{Action Groups
log-alert-query.kqllet threshold = 50;Log Alert Rules
activity-log-alert-arm-template.json{Activity Log Alerts
alert-processing-rule-arm-template.json{Smart Groups and Alert Processing Rules
remediation-runbook.ps1param(Automated Remediation with Action Groups
stress-cpu.shapt-get update && apt-get install -y stressTesting and Validating Your Alert Pipeline
cost-optimized-alert.json{Cost Management and Best Practices
itsm-action-group.json{Integrating with ITSM and Incident Management Tools
alert-health-query.kqlAzureActivityMonitoring Alert Health and Metrics
complete-alerting-strategy.json{Putting It All Together

Key takeaways

1
Azure Alerts detect issues; Action Groups route them
Alerts are the sensors, Action Groups are the nervous system. Both must work together for effective incident response.
2
Use the right alert type for the job
Metric alerts for infrastructure (free, fast), log alerts for complex patterns (costly, flexible), activity log alerts for resource changes (free, essential).
3
Automate remediation but with safeguards
Action Groups can trigger runbooks or functions to fix common issues, but always include cooldowns and checks to avoid cascading failures.
4
Test your alerting pipeline regularly
Broken alerts give false confidence. Use test features, fire drills, and monitor alert health metrics to ensure reliability.
FAQ · 6 QUESTIONS

Frequently Asked Questions

01
What is the difference between a metric alert and a log alert?
02
How do I test an Action Group without triggering a real alert?
03
Can I suppress alerts during a maintenance window?
04
How do I avoid alert fatigue?
05
What is the common alert schema and why should I use it?
06
How do I monitor the health of my alert rules?
N
Naren Founder & Principal Engineer

20+ years shipping production infrastructure and CI/CD at scale. Everything here is grounded in real deployments.

Follow
Verified
production tested
July 12, 2026
last updated
1,983
articles · all by Naren
🔥

That's Azure. Mark it forged?

5 min read · try the examples if you haven't

Previous
Microsoft Azure — Application Insights
52 / 55 · Azure
Next
Microsoft Azure — Azure Service Health & Advisor