MSOMS Archives

Working with Azure Monitor Rest API

29/02/202007/01/2025
by Martin Ehrnst

It might be an edge case, or you are creating your own integration. But chances are, after fiddling around with Azure Monitor, you encounter a situation where you would have work with its API.
Personally, I have numerous situations over the last years, that required me to integrate directly with Azure Management APIs

In this blog post, I will help you get started using the APIs, hopefully making it less intimidating. All code examples will use PowerShell.

Create SPN and assign it to your subscription RBAC

I am using a service principal in order to connect programmatically to Azure. SPNs are created in Azure Active Directory as Application Registrations. You can choose whether you want to do this via the portal, or by using PowerShell.

After creating (or using an existing SPN) grant the application appropriate access. For simplicity, I am using contributor to my subscription. That might be best for you as well, but one should always use the least privileged assignment needed.

Consider the above as a prerequisite for you to continue.

At this point, you should have an application registration, a secret, and a role assignment on your subscription. We can now use this to acquire an access token and connect to Azure Monitor’s REST API.

Connect to Azure Monitor API using PowerShell

Azure Monitor APIs are a part of the Azure Management APIs. I will, therefore, use these names interchangeably. Also keep in mind, that all other APIs under Azure Management will follow the same methods I demonstrate for Azure Monitor.

To query data we need to authenticate. In the example below, I am using client credentials to acquire the access token. Microsoft’s official example is using the ADAL method, connecting with your identity. I have never had the use for this, as I am usually writing integrations service-to-service.
If you are creating an interactive portal and want to leverage the user’s authorization, ADAL (or MSAL) are probably better.

Retrieve Azure Monitor alert rules

I have no idea why you are exploring Azure Monitors API. Providing an integration solution is therefore not possible. But my gut feeling is that alerts and metrics is a good place to start.

When working with alerts, we need to work with multiple endpoints. Depending on what you are working on, these are the most common;

Alert rules*
Alert incidents
Metric Alerts
Metric Alert status

We can start with one of the basics, retrieve the current configured alert rules. To do that, we need to know what kind it is. The classic alert rules (old type) use a single endpoint, while the current use it’s own.

Below I have included three endpoints and a screenshot. As you can see, all the information that you expect is to be found in the output. From here we can start to explore the alert rule by accessing its properties.

Azure monitor rest api metric alert rule output

Get resource metrics from Azure Monitors API

Metrics is another fundamental in monitoring. When we work with the API in the context of metrics. You can explore the available metrics for each resource type by using the Metric Definitions endpoint.

Actual metrics values require a bit more when it comes to the actual query. The official documentation describes everything pretty well, but I have provided an example for a VM below. This example shows the basics of how you get data from one metric and one VM. You can add multiple metrics to one query, and do additional filtering using the OData filter.

Manage alerts, updating status, etc.

Viewing configured alert rules, looking at disk metrics for a VM. What about alerts. The actual things that send you emails- can we work with them using this API? Yes, you can.

Like I said. Providing an integration solution in this blog post isn’t possible. but most integrations I have seen with Azure Monitor or other monitoring solutions have had some kind of functionality to handle active alerts. Personally, I have created one for SquaredUp earlier, where we could acknowledge alerts in Azure Monitor as well as our on-premises SCOM installation.

Before we wrap up. Let’s take a look at how we can interact with an active alert. I have configured a very naggy alert rule, creating a lot of noise, and I want to change the status of those alerts. Armed with PowerShell and the alerts management endpoints everything is possible.

Summary

This blog post has covered the basics regarding the Azure Monitor REST API and PowerShell. With the examples above and the official documentation, you can start creating your own solutions and integrations.

While we have only covered how to get data out of Azure Monitor, you should know it’s also possible to inject data. By using the HTTP data collector API and the Metric store possibilities are ‘endless’.

Integrations ideas

Alert remediation/handling from a ticketing system
Dashboarding with third-party or custom web integration
Teams/Slack/IM connector
Custom application metrics or logs

In my examples, I have purposely not included how new alert rules are created, as I believe this should be done through ARM. If that is your use case, you should know it is possible and fully supported.

This blog post was originally published in November 2017. Rewritten for Azure Spring Clean 2020 and to reflect changes to Azure Monitor API

Operations Manager

SCOM 1801 released

08/02/201807/01/2025
by Martin Ehrnst

[Quick publish]

Today Microsoft released System Center 1801 which includes the semi-annual release for Operations Manager. That it self is a huge step for SCOM, but the latest release also includes a lot of fixes and many new features. Read the announcement here

SCOM 1801 Announced

What’s in System Center, version 1801?

System Center, version 1801 focuses on enhancements and features for System Center Operations Manager, Virtual Machine Manager, and Data Protection Manager. Additionally, security and bug fixes, as well as support for TLS 1.2, are available for all System Center components including Orchestrator, Service Management Automation, and Service Manager.

I am pleased to share the capabilities included in this release:

Support for additional Windows Server features in Virtual Machine Manager: Customers can now setup nested virtualization, software load balancer configuration, and storage QoS configuration and policy, as well as migrate VMware UEFI VM to Hyper-V VM. In addition to supporting Windows Server, version 1709, we have added support for host monitoring, host management, fall back HGS, configuration of encrypted SDN virtual network, Shielded Linux VMs on Hyper-V management, and backup capabilities.
Linux monitoring in Operations Manager: Linux monitoring has been significantly improved with the addition of a customizable FluentD-based Linux agent. Linux log file monitoring is now on par with that of Windows Server (Yes, we heard you! Kick the tires, it really works).
Improved web console experience in Operations Manager: The System Center Operations Manager web console is now built on HTML5 for a better experience and support across browsers.
Updates and recommendations for third-party Management Packs: System Center Operations Manager has been extended to support the discovery and update of third-party MPs.
Faster, cost-effective VMware backup: Using our Modern Backup Storage technology in Data Protection Manager, customers can backup VMware VMs faster and cut storage costs by up to 50%.
And much more including Linux Kerberos support and improved UI responsiveness when dealing with many management packs in Operations Manager. In Virtual Machine Manager, we have enabled SLB guest cluster floating IP support, added Storage QoS at VMM cloud, added Storage QoS extended to SAN storage, enabled Remote to VMs in Enhanced Session mode, added seamless update of non-domain host agent, and made host Refresher up to 10X faster.
As well as consistent evaluation and license experiences across components.
Customers should consider supplementing System Center with Azure security & management capabilities for enhanced on-premises management and for the management of Azure resources. We have included the following updates in System Center, version 1801:
• Service Map integration with Operations Manager: Using the Distributed Application Diagram function in SCOM, you can automatically see application, server, and network dependencies deduced from Service Map. This deeper endpoint monitoring from SCOM is surfaced in the diagram view for better diagnostics workflows.
Manage Azure ARM VMs and special regions: Using a Virtual Machine Manager add-in, you can now manage Azure ARM VMs, Azure Active Directory, and more regions (China, US Government, and Germany).
Service Manager integration with Azure: Using the Azure ITSM integration with Azure Action Groups you can set up rules to create incidents automatically in System Center Service Manager for alerts fired on Azure and non-Azure resources.

Operations Manager

Operations Manager and MSOMS 101

05/02/201807/01/2025
by Martin Ehrnst

Today I was collecting information for a colleague interesting in learning more about SCOM. Apart from sharing my own knowledge, I browsed “all” the known SCOM oriented blogs available collecting information. When I got to Kevin Greene‘s blog he had published a blog post saying that Antoni had rewritten his SCOM 101 PDF in to a new blog series . It is eight years ago since Antoni Hanus and Jesse Harris (Microsoft PFE) wrote an Operations Manager 101 for SCOM 2007. That Antoni have gotten around to rewrite this definitely deserves a blog post just to link to his blog.

Read the entire series here

ps: the original document can be downloaded here. Nostalgia!

Working with Azure Monitor Rest API

Create SPN and assign it to your subscription RBAC

Connect to Azure Monitor API using PowerShell

Retrieve Azure Monitor alert rules

Get resource metrics from Azure Monitors API

Manage alerts, updating status, etc.

Summary

Integrations ideas

Share this:

SCOM 1801 released

What’s in System Center, version 1801?

Share this:

Operations Manager and MSOMS 101

Share this: