Azure Monitor Automation with DevOps and Tags

Monitor your Azure resources using Azure Monitor with DevOps and Tags for exceptions


In this blog post, I will show you how to monitor your Azure resources using a PowerShell script that is scheduled in Azure DevOps. The script creates the Azure Monitor Alert Rules based on a CSV configuration and Azure resource tags to identify exceptions. The Azure DevOps pipeline runs on a schedule so that the alert rules are updated based on tags that have been created with the new threshold for the alert rule.

Process flow

Why use PowerShell and Azure DevOps for monitoring?

You can use PowerShell to create, modify, and delete Azure Monitor Alert Rules, which are the rules that define the conditions and actions for monitoring your Azure resources. Azure Monitor Alert Rules can be based on metrics, logs, or activity logs, and can trigger notifications, runbooks, logic apps, or webhooks when the conditions are met. In my environment I have them triggering an action-group which has an email notification.

Azure DevOps is a cloud-based platform that provides various tools and services for software development and delivery. You can use Azure DevOps to create pipelines, which are workflows that automate the steps of building, testing, and deploying your code. You can also use Azure DevOps to schedule your pipelines to run at specific times or intervals, or to trigger them based on events or changes in your code.

By combining PowerShell and Azure DevOps, you can create a solution that automates the creation and update of your Azure Monitor Alert Rules based on your configuration and tags. This way, you can ensure that your monitoring settings are consistent and up-to-date across your Azure resources.

The PowerShell script

The script I am using is one I co-authored while I’ve been working at The [](Azure Monitor Automation Script) is a powershell script that is used to automatically set monitoring threshold on Azure resources. By default, the script applies to all metrics enabled for monitoring accross the entire subscription. You can restrict the scope by defining either a specific resource group, using the rgazresources variable, and/or a specific resource type, using the azrestype variable.

DevOps Repo Setup

  1. Clone the repo into your devops repo Clone Azure Monitoring Repo to your DevOps

  2. Create folders for each subscription, in this example i have 4 subscriptions I am monitoring Azure DevOps Subscription Folders

  3. Modify your Azure Monitor CSV to enable the relevant alerts for your subscription Azure Monitor CSV

  4. Create the Azure DevOps Pipeline for deployment, I created a pipeline for each subscription under monitoring Azure DevOps Pipeline YAML

# Azure Pipelines
  vmImage: ubuntu-latest

- task: AzurePowerShell@5
    azureSubscription: 'ServiceConnectionName'
    ScriptPath: '$(system.defaultworkingdirectory)/azuremonitoring.ps1'
    azurePowerShellVersion: 'LatestVersion'
  1. Create DevOps scheudling, I have two schedules configured
    • Execution based on commit to the subscription folder within the Repo Azure DevOps Pipeline Schedule Path

    • Execution based on a schedule to look for Tags, you can have multiple time based schedules to suit your needs Azure DevOps Pipeline Schedule Time

Azure Monitor

Now that the pipeline has executed we can now see the alert rules it has created for my virtual machines Azure Monitor Alert Rules

Based on the script it has created these alert rules, and associated the relevant action group which will then send me an email in the event that any of these alert rules are triggered.