Thursday, November 29, 2018

SCOM - New Version Agnostic Naming Convention for Microsoft Management Packs

Microsoft today announced a change for the naming convention of future SCOM management packs.


In the past, when you wanted a management pack for a specific operating system or application version, you would search for something like 'Windows Server Operating System 2008 Management Pack' or 'DNS Server 2016'.

Going forward, all new Microsoft management packs will follow a new version-agnostic naming convention whereby the name will detail the minimum supported version and higher (plus) versions.

For example, the Windows OS MP will be named like - "Microsoft System Center Management Pack for Windows Server Operating System 2016 and 1709 Plus".

This change is required due to the new licensing options people have for Windows Server and System Center where the same management pack has to support two very similar and current versions of the same workload (e.g. Windows Server 2019 and Windows Server 1901).

You can see these new version-agnostic naming conventions already in place for some of the more common Microsoft management packs listed on the SCOM MP Wiki here.

If we look on the SCOM MP Wiki site for the DHCP Server Management Pack, we can see that the older 2008 R2 and 2012 versions are still there as separate downloads but the newest version is listed as "Windows Server DHCP 2016 and 1709 Plus".


This new naming convention isn't exactly a show-stopper that you need to consider when deploying or managing your SCOM environments but it should hopefully help you quickly identify the the most current supported workloads that management packs can monitor.

You can read the full post from Microsoft on this topic here.

Wednesday, September 26, 2018

Speaking at Experts Live Europe 2018

This week, I'm over at the Microsoft Ignite conference learning as much as I can about the many new releases announced in the Azure and System Center world. All this information is an excellent way to prepare for my upcoming presentation at the awesome Experts Live Europe conference in Prague next month.


If you haven't heard of Experts Live Europe or just haven't had a chance to attend in previous years, this is a community-driven conference with a focus on Microsoft cloud, datacenter and workplace management. Hosted this year from October 24th -26th in the amazing city of Prague, Czech Republic - it really is one of the best Microsoft-focused conferences in Europe where attendees get to hang out and learn with top speakers from around the world.

Speakers

With over 40 speakers flying in from across the globe, you'll be treated to deeply technical and highly engaging presentations from Microsoft MVP's, Microsoft Regional Directors, Microsoft employees and well-know Community Champions. You can check out the full list of speakers here.

Pre-Conference Day

For the first time at an Experts Live Europe event, this year will host a Pre-Conference Day on October 24th with the following three parallel all-day deep-dive sessions:

  • Cloud & Cloud Security (delivered by Microsoft MVP Pete Zerger)
  • DevOps (delivered by Microsoft MVP Damian Flynn)
  • Enterprise Client Management (delivered by Microsoft MVP's Kent Agerlund and Marius Skovli)

Each of the pre-conference day instructors are highly skilled experts in their chosen fields and well-placed to set you on your learning journey over the full day.

Tracks

The main conference (running from October 25th - 26th) gives attendees 6 parallel tracks to choose from. With over 70 breakout sessions, plenty of community theater sessions and a packed exhibitor area, this conference has you covered for what you need to take your career to the next level.

My Session

On the Friday morning, I'll be presenting a session titled 'What’s New in the World of Microsoft Monitoring?' and in it, I'll help you get up to speed with all of the latest happenings in the Microsoft Monitoring world. There'll be loads of demo's to see on the newest Azure monitoring capabilities  and we'll also cover what's new in the latest release of SCOM.

Getting Registered

With over a month to go, there's still time to submit your business case to your boss so you can attend this really cool learning event. There's a number of registration options that you can choose from (depending on whether or not you wish to attend the pre-conference day) and there's also an opportunity to get access to the exclusive VIP Party in the Cloud event on the Wednesday.

To choose your ticket and get registered for Experts Live Europe, check out all the information you need here.

If you're attending, please take some time to chat with me and some of the other presenters during the conference. See you guys there!


Saturday, September 22, 2018

SCOM - GSM to Azure Application Insights Migration Walkthrough (Part 1)

In my previous post, I talked about the recently announced retirement of the Global Service Monitor (GSM) feature and the need to start migrating your existing web application tests to Azure Application Insights. In this post, I'll walk through the migration process to help get you started.


Prerequisites

The migration script has the following prerequisites:
  • Azure Subscription -  your subscription name can be found in the Subscriptions view within the Azure portal.
  • ResourceGroupName - refers to the resource group in Azure where all the tests will be migrated to. If you don't have a resource group created in Azure, the script will create a resource group with the name you provided in the parameters.
  • ResourceLocation - refers to the location of the resource group metadata in Azure.
  • Azure PowerShell Module - needs to be installed (download available here). Be aware that his module requires PowerShell version 5 or higher to be installed so if you're installing on a Windows Server 2012 R2 server, there's a good change that you'll need to reboot to meet this requirement.
  • SCOM PowerShell Module - needs to be installed if you're running the script from anywhere other than a SCOM server (installer can be found on the SCOM media).
  • Internet Connectivity - you'll need a working internet connection on the computer that you choose to launch the migration script from.

Limitations

You'll also need to be aware of the following limitations in Application Insights:
  • Application Insights has a maximum capacity of 800 web availability tests per resource group and there's a limit of 100 web availability tests for each application component you need to monitor.
  • GSM allows you to enable alerts based on a specific HTTP status code. For HTTP status code 200 in Application Insights, you will see a Success returned and for all other codes, they will show a Failure.
  • GSM allows you to create Alerts on content match. Application Insights only supports the 'Content must contain' parameter.
  • GSM allows Performance monitoring for a website based on a number of performance metrics (shown in the following screenshot) however, Application Insights does not have a mapping to automatically collect these performance metrics for websites. You would only see the Response Time for tests; the other Performance metrics on the list will not be monitored.

Reviewing GSM Test Configurations

Before you kick off the migration script, it'd be a good idea to take a note of the existing configuration settings of your GSM tests in SCOM so you can validate those configuration settings come over to Azure Application Insights. For my demo SCOM environment, I've currently got the following two GSM web application tests configured....


One of these GSM tests performs external monitoring for a legacy demo web application (DinnerNow) that I sometimes use in my Application Performance Monitoring (APM) presentations and the other GSM test is monitoring the URL to this blog. In the following few screenshots, we'll dig into the configuration of the GSM test that's monitoring my blog URL.

This screenshot shows the actual URL that is to be monitored with GSM....


Here, we can see all of the external locations that GSM is configured to monitor my blog URL from. I've chosen five different locations around the globe and my expectation would be that if I migrate this test up to Azure Application Insights, these locations would be configured there as external monitoring points for the test.


In the next screenshot, I get a summary of the test locations along with an understanding of the Test Frequency (1 hour) and estimated monthly external transaction count (3,600). The lower I configure the Test Frequency setting here, the higher the number of monthly transactions. Again, these configuration settings are something that I would expect the migration over to Azure Application Insights to retain.


Here's a final summary of the configuration settings for my external blog URL monitor....


Once you've confirmed the configuration settings of your existing GSM tests, it's time to get down to the migration stage.

Note: Keep in mind that if things go horribly wrong with the migration, your existing GSM tests still remain unchanged in SCOM and there's no 'point-of-no-return' stage whereby you have to confirm deletion of them.

Running the Migration Script

The following steps will walk you through what you need to do to get the migration of your GSM tests to Azure Application Insights kicked off (these steps assume you have all prerequisites configured and in place)..

Login to your subscription in the Azure portal and create a new resource group to be used for the newly migrated GSM tests.

Note: Manually creating a new resource group is an optional step and the migration script will do this automatically for you if you have specified a resource group name that doesn't exist. For testing purposes, I prefer to keep control of where my resources are created and if things go wrong with the migration, I can always then just delete the resource group and start again.

Here's a screenshot of a new empty resource group titled GSM2AppInsights - which I've created specifically for this migration demo...


Save the script from the Microsoft Download Center here to a local folder on the machine that you want to run the tool from (we’ll use a SCOM Management Server in this example).

Launch a PowerShell session with Administrative permissions, browse to the directory that you’ve saved the script to and run the following command (example shown in the following screenshot):
.\MigrateGSMToAI.ps1 -SubscriptionName "<AZURE_SUBSCRIPTION_NAME>" -AzureResourceGroupName "<RESOURCE_GROUP_NAME>" -ResourceLocation "<RESOURCE_LOCATION>"


At the Security Warning prompt, type R to run the script once as shown here....


When the Sign in window presents itself, key in the relevant credentials with access to the Azure subscription you wish to migrate the GSM test to.


After the script launches, you'll be presented with various pieces of information on its progress - similar to what's shown in the following screenshot....


The script shouldn't take too long to run (dependent of course, on the number of GSM tests you have to migrate) and soon, you should be presented with a message stating that everything has been migrated successfully along with a reference to where you can find the migration log file.


If I browse to the location on my server where the log file can be found, I can see that there's a specific log file for each migrated GSM test as well as the MigrationLog.txt file shown here...


Clicking in to MigrationLog.txt gives me confidence that my tests have all been migrated to Azure Application Insights successfully.


Confirming the Migration

Once the script has completed and the log files have been checked, it's time to jump back into the Azure portal to take a look at our newly migrated GSM tests.

In the following screenshot we can see that the script has created two new Azure Application Insights web application tests within my GSM2AppInsights resource group.


After a short while of waiting, I can see each of my GSM tests light up with availability data. Here's the two migrated GSM tests now actively monitoring web availability within Azure Application Insights...


From there, I can pivot into the specific web availability test that I had configured to monitor my blog URL. All of the external locations that the original GSM test was configured for can now be seen as monitoring locations within Application Insights as shown here....


If I edit this test, I can see all of the original settings that I had in GSM have been migrated over.


Clicking on any of the green (or red) dots from within the Application Insights availability test view, I'm presented with an End-to-End view of the transaction - including details about each of the response headers the test has encountered (awesome!)


Conclusion

After working through this migration process from start-to-finish in less than an hour, I can confirm that the GSM migration script works really well and as expected. The script leaves your existing GSM tests in place and working back in SCOM so if things don't quite work out for you the first time round, you can always delete the resources in Azure and start it again.

In my next post on this topic, I'll walk through configuring Azure alerts for the newly migrated web application tests along with demonstrating how to get visibility of these tests back in SCOM using the latest Azure Management Pack.


Thursday, September 20, 2018

Presenting at Cloud Camp 2018

It’s coming around to that time of year again when conference season kicks into full swing and over the coming months, I’ll be attending and presenting at some of the best Cloud and Datacenter conferences on the planet.


First up is Cloud Camp - Ireland’s best Microsoft Cloud and Windows Server conference. Put together by MicroWarehouse and kicking off on October 17th in Dublin’s National Convention Centre, this inaugural event plays host to 20 speakers over 4 different tracks -all in 1 day! Topics covered include the latest about digital transformation, IT modernization, productivity, security, compliance & governance, private cloud using Microsoft Azure, Microsoft 365 (Office 365, EMS, and Windows 10), hybrid cloud scenarios – and there's loads to learn about the new features of Windows Server 2019.

Throw in the fact that there’s an after-party hosted in an Irish brewery with a specially commissioned recording of the super-popular Windows Weekly podcast (hosted by Mary Jo Foley and Paul Thurrott) and you just know this will be an awesome event!


Speakers

The speaker line-up is one of the best I've seen in recent years for an Irish event and the selection brings a number of Galáctico-style presenters from the Microsoft world over to Dublin for a day of discussions and learning. With a mix of current and past MVP's, along with some very well-known Cloud-Ninja's presenting on the day - I'm already anticipating the challenge of trying to attend multiple sessions at the same time!


Breakout Tracks

Due to the sheer breadth of cloud-content available to choose from, it makes sense for the organisers to create the following four breakout tracks to run simultaneously throughout the day:
  • Azure IaaS (Infrastructure-as-a-Service): Focusing on infrastructure solutions built in Microsoft Azure.
  • Azure PaaS (Platform-as-a-Service): Complete the digital transformation using platform and serverless features of Azure for modern business solutions.
  • Productivity & Security: Microsoft 365 is the focus area, covering productivity, security and compliance solutions based on Office 365, EMS, and Windows 10.
  • Windows Server 2019 & Hybrid: This track is a launch for the latest version of Windows Server, and will include hybrid cloud scenarios and solutions such as Azure Stack private cloud.

My Session

On the day, I'll be presenting a session titled 'All-In with Azure Monitoring' and I'll show you everything you need to know to get started using Microsoft Azure to monitor your IT estate.

You can read the session highlight of my presentation - with write-up from Aidan Finn (event co-organiser and good friend) here.


Tickets and Registration

If you haven't yet purchased your tickets, you can get sign up for them here.

Registration will begin at 08:15 on Wednesday October 17th. The keynote will start at 09:15. Breakout sessions will continue throughout the day with breaks for morning & afternoon coffee, lunch, and sufficient time to move between the tracks. A closing keynote, with special guests Mary Jo Foley and Paul Thurrott, will start at approximately 16:30 and continue until approximately 17:30.


Hopefully I'll see some of you guys there!

Monday, September 17, 2018

SCOM - Global Service Monitor Heads to the Retirement Home

Last week, Microsoft announced that Global Service Monitor (GSM) -  the cool add-on for SCOM that gave us 'Outside-In' monitoring capability - will be hanging up its synthetic transactions and heading to the legacy solutions retirement home on 7th November 2018.


This solution was a very useful addition to our SCOM deployments when we wanted to get an external perspective of the health and performance of our web applications from locations across the globe and I've been blogging about it on and off for the best part of six years now.

The retirement announcement doesn't come as a massive surprise though as earlier this year, myself and a number of other MVP's began to notice that the tool had stopped working due to DNS resolution errors and although those issues were resolved, the writing was on the wall for its end-of-life.

So What Happens Now?

To be fair to Microsoft, they might be retiring GSM - but they're not removing the 'Outside-In' monitoring capabilities that we've become accustomed to and as part of the retirement announcement for GSM, they've also announced a new tool/script that will help you migrate your existing GSM tests over to the awesome Azure Application Insights platform.

This is a nice alternative to have as Application Insights supports the same single URL ping and multi-step web tests that GSM supported, the same frequency of the tests can be configured and the same geo-locations are also supported.

In true Microsoft monitoring fashion and as a final nod to GSM's integration with SCOM, after the expiry date in November, you'll receive an alert in the SCOM console notifying you that GSM will no longer work and that it has been retired!

Integrating the Migrated Tests with SCOM

If you're thinking that this all sounds well and good but a migration away from GSM and into Application Insights means you no longer get visibility of your external web application tests in SCOM, then Microsoft have you covered here too.

Using the brand new CTP version of the Azure Management pack (accessible here), you can integrate with your Application Insights resource group and view the alerts from the newly migrated web tests directly within the SCOM console.

How Much Will It Cost?

The nice thing about this migration process is that Microsoft have committed in their original post on the retirement of GSM that any web application tests that get migrated over to Azure Application Insights will not incur any additional costs! Here's a couple of snippets about this free-of-charge offer that I've taken directly from that post:

"GSM was provided as a software assurance benefit of your System Center purchase. When you migrate to Azure Application Insights, Microsoft will transition migrated tests and alert rules at no additional charge."

"Only the tests which are migrated using the script, would be provided at no additional charge in Azure Application Insights."

Conclusion

I think that with the rapid pace of cloud adoption, the sheer power and scale of Azure and factoring in the guarantee from Microsoft that these migrated tests won't cost anything extra in your Azure subscription, migrating them to Application Insights is a no-brainer.

You can download the new GSM to Azure Application Insights migration script and its associated documentation from here.

In my next post on this topic, I'll walk through the process of configuring and deploying the new script to ensure a smooth migration of those GSM web application tests to Azure. Click the link below for more information:

SCOM - GSM to Azure Application Insights Migration Walkthrough (Part 1)


Wednesday, July 25, 2018

SCOM - New Management Packs for Connecting to OMS

Microsoft have just announced the following three new management packs to connect your SCOM environments to Azure Log Analytics/OMS:

  • For SCOM 1801, download the management pack from here. 
  • For SCOM 2016, download the management pack from here. 
  • For SCOM 2012 R2, download the management packs from here.

These new MP's contain a new on-boarding wizard (shown below) that enables your SCOM environments to communicate with the new OMS/Azure API's.


For all new SCOM to OMS connections, you need to import the relevant management pack to your environment first.

If you've already configured an OMS connection, then you don't need to deploy the new management pack for now however, if you need to reconfigure that connection again, you will then need to import it.


SCOM 1807 - What's New

Yesterday, Microsoft announced the General Availability of the latest release of our favourite monitoring platform - SCOM 1807.

SCOM 1807 is the second release this year in Microsoft's new Semi-Annual Channel licensing model and it follows hot on the heels of its predecessor SCOM 1801.

As promised by Microsoft, I found the in-place upgrade process from 1801 to 1807 seamless and not much different than deploying a typical Update Rollup to your SCOM environment.

Key Features

This release comes bundled with a lot of new useful features to play with. Here's a rundown on what you get:

New HTML5 dashboard PowerShell Widget

Use this new PowerShell widget to execute scripts for a more customised visualisation within your HTML5 dashboards.

Effective Configuration Web Console Dashboard Drill Down

Clicking on a monitored object from the HTML5 dashboard console now gives users the option to view the effective configuration information of specific rules or monitors.



Scheduled Maintenance Mode from the Web Console

This is a feature that people have been requesting for quite some time and since SCOM 2016, it has been possible to create and configure scheduled maintenance mode from the full console. With SCOM 1807, we now get this functionality in the HTML5 web console.



Create and Manage HTML5 Dashboards from My Workspace

If you wish to use the built-in Role Based Access Control feature of SCOM to restrict operator access to just the areas of monitoring they need to see, then with SCOM 1807, those operators can use the My Workspace area to configure user-specific dashboards that are only applicable to themselves.



Improved Network Monitoring from the Web Console

A key area of monitoring for most customers is to gain visibility of the health and performance of their network devices and although the full SCOM console has some very handy network monitoring capabilites, there was very little you could work with from the web console. This has changed in SCOM 1807 and now, we can pivot from a monitored network device in one of our custom dashboards such as this....


To a new Network Summary dashboard like this....


Then from there, we can drill down even further to an interface performance dashboard like this...



Cleaner Alert Resolution Management from the Web Console

If you drill down into an alert from the HTML5 web console, you now get a cleaner management experience for changing the resolution state and viewing all properties of the alert from one screen.



Icon Sizing in the Topology Widget

This is a simple but very useful new feature for anyone who uses the 'Topology Widget' for their dashboards. With SCOM 1807, we can now re-size the icons that we use to display health status for our objects (small or large are the only two options at the moment)...



Enable/Disable the APM Feature During Agent Deployment

Now, this is something that could have really saved a lot of time and hassle when SCOM 2016 first launched. I blogged at the time about how the SCOM 2016 agent was crashing IIS application pools and this caused a lot of pain for us when we realised it was the APM feature that comes bundled into the agent installer and can only be removed using command line/scripting.

Although that issue was resolved in SCOM 2016 through an Update Rollup release, there are still a number of other reason why you might want to not install the APM component of the agent onto your SCOM-monitored servers and with SCOM 1807, you can now enable or disable the APM feature during initial installation as shown here....



Linux Agent Log Rotation

In the past, customers have complained about the SCX log frequently filling up on their Linux agents - causing the system disk space to run out and the system becoming unresponsive. The only solution then was to manually clear out the logs but in SCOM 1807, Microsoft have introduced a logrotate feature to address this issue and stop system disk space from filling up.

SQL Support

If you're looking to deploy SCOM 1807 as a fresh installation and want to deploy the latest release of SQL alongside it, then you might be disappointed to know that you can't install it directly onto a fresh deployment of SQL 2017. Instead, you must first install SQL 2016 and then upgrade that installation to SQL 2017.

Also, if you're currently running SCOM 1801 with SQL 2016 and wish to upgrade to both SCOM 1807 and SQL 2017, then you must first carry out the SCOM 1801 to 1807 in-place upgrade and once that's complete, then you can upgrade SQL 2016 to SQL 2017.


Conclusion

I was already a big fan of SCOM 1801 and after working through the simple in-place upgrade to 1807 and playing around with all of these new features and enhancements, I'm really looking forward to working with our customers and getting this release deployed on a wider scale. This experience also bodes well for the Semi-Annual Channel licensing model as it's the first time I have performed an in-place upgrade of SCOM in production without it breaking anything!


Friday, July 6, 2018

Awarded Microsoft MVP 2018 for Cloud and Datacenter Management!

Last Sunday (1st July) I received a very welcome email into my inbox stating I'd been renewed as a Cloud and Datacenter Management MVP for 2018!


This email from Microsoft confirms that I'm now moving into my 7th year as an MVP and it's always a relief when it comes in as there's no guarantee that any of us will get renewed - no matter how much you think you've contributed to the community over the past year.

The MVP program enables me to network and interact with some of the best technical brains in the industry and I'm very lucky to work for an employer (Ergo) that supports me on this journey. Each year, they have given me the projects, tools and time that I need to enable me work with Cloud and Datacenter technologies in the Microsoft space - which in turn, helps me to contribute back to the community through this blog, my social media channels and to attend/speak at conferences where I can maximize my learning curve.

Due to some internal changes to the MVP award program, this year is the first time my renewal has come up in July (I'm originally an October awardee) and as such, it's 18 months since my last renewal date. Over those last 18 months, I've kept myself busy in the community by presenting at conferences such as Experts Live Europe, the Cloud and Datacenter Conference Germany, Experts Live NL and SCOM Day Sweden. I've also spent some time authoring with some awesome MVP friends on the 'Inside the Microsoft Operations Management Suite (v2)' book.

Thanks to my family, to everyone in Microsoft and the MVP community for their help and advice over the last year and also thanks to my friends and work colleagues at Ergo for helping me get this far in the program!

Friday, June 15, 2018

Azure Monitor - Alerting Gets an Upgrade

Earlier this week, Microsoft announced some upgrades to the alerts experience inside Azure Monitor and if you've ever worked with SCOM, then a few of these changes will have a pretty familiar look about them.


New Alert Enumeration Experience
There's a new Alert Enumeration feature which delivers a centralized view of all the alerts that have occurred across your various Azure deployments. You can query alerts across multiple subscriptions and sort them based on severity, signal types, resource type, and even resolution state. The enhanced alert enumeration feature is a serious upgrade on the previous Azure Monitor Alerts experience shown in the following image...


To upgrade to the new feature, click the purple banner at the top of the old Monitor - Alerts view and you will be presented with the following new enhanced user interface...


When you've upgraded, the first thing you will notice (assuming you've already got a few alerts present across your subscriptions), is that Azure Monitor has gathered all of your alerts into a central view and sorted them by Severity.

Now, if you've used SCOM Alert Rules in the past, you'll be familiar with Microsoft's method of defining severity levels using integers (where Critical = 2, Warning = 1 and Informational = 0). In Azure Monitor, Microsoft use a similar mapping process however, the lower numbered severity is the most important (which is the opposite to SCOM). You can read more about the exact Azure Monitor Alert Severity Mappings in my previous blog post here.

Clicking on any of the Severity links will then pivot you into the All Alerts page with a filter that's scoped to that particular severity.


Additional filters can then be applied to scope the view even further with options such as subscriptions, resource groups, time range and conditions to choose from.

Alert State Management

The next addition to Azure Monitor alerting is the new Alert State Management feature. These are essentially very similar to SCOM Alert Resolution States and in Azure Monitor, three alert resolution states are currently supported - New, Acknowledged and Closed.

You can manage the alert resolution state by drilling into an alert in the All Alerts view and clicking the Change Alert State button shown in the following image...


From there, you can use the drop-down menu to change the alert resolution state from New to either Acknowledged or Closed as shown here..


After that, you have the option to add a comment as to why you're changing the resolution state before then returning to the All Alerts view - where you should see the new Alert Resolution State assigned to your alert.

If you need to bulk-edit the resolution state of a number of alerts, then Microsoft have made this easy for you too. All you need to do is select each of the alerts that you need to modify, then hit the Change State button as shown in the following image...


Then modify your resolution state, add your comment and hit OK to return to the All Alerts view. Alert resolution states should now be easy to identify for all alerts that you've modified.

Something to keep in mind when working with these new Alert States is that they are completely separate from the Monitoring Condition - which supports two values - Fired and Resolved.  The Monitoring Condition indicates whether or not the condition that created a metric alert has subsequently been resolved.

To define the Monitoring Condition, the metric alert rules sample a particular metric at regular intervals and if the criteria in the alert rule is met, then a new alert is created with a condition of Fired. When the metric is sampled again and if the criteria is still the same, then nothing happens. However, if the criteria is not met, then the condition of the alert is changed to Resolved. The next time that the criteria is met, then a new alert is created with a condition of Fired.

Putting my SCOM hat back on again, the Monitoring Condition is a similar process to how SCOM Alert Monitors fire when a specific threshold is breached and then auto-close when that threshold is no longer breached.

One gotcha that might catch people out however, is that even though the system may set the Monitor Condition to Resolved, the alert state isn't changed until the user changes it manually and vice-versa. For example, if I modify an alert resolution state for a number of alerts and I set the resolution state to Closed, the Monitoring Condition will still show that the alert is still in a Fired state. The following image shows this exact scenario - where I've set the resolution state of a couple of my alerts to Closed, but as the metric that fired the alert in the first place is still present, the alerts are still displaying a Monitoring Condition of Fired.


Smart Groups

The final new alerting feature that I wanted to post about is Smart Groups. These contain alerts that were automatically grouped together based on either similarity, historical patterns or a combination of both. Smart Groups are automatically created using machine learning algorithms looking for similarity and co-occurrence patterns among alerts originating from a monitor service such as Log Analytics or across the rest of the Azure platform.

There's a couple of ways that you can view/access Smart Groups. The first method is to simply click the Smart Groups button from the All Alerts view in the new Alert Enumeration feature shown here...


The second method is to open the All Alerts view then click the blue banner as shown in this image...


Using Smart Groups, you can significantly reduce the number of alerts to analyze by focusing on only a handful of groups with some handy alert correlation in place.

As an example, if a performance counter such as CPU or RAM spikes on multiple virtual machines in your Azure subscription at the same time, this will generate a lot of alerts in Azure Monitor. When you click the Smart Groups feature, those alerts will get automatically grouped into a single Smart Group - offering up a much clearer picture of a common root cause.

In the following image, you can see a Smart Group that Azure Monitor has automatically created in my subscription where it has correlated 25 alerts together based on the reason that they are very similar to other alerts that have fired. From here, I can change the alert resolution state of individual alerts or I can use the Change Smart Group State button to change the resolution state of all alerts contained in the group.


Microsoft kicked the tires with alert correlation in SCOM when they released the Exchange 2010 management pack a few years ago and although it was quite noisy, the event correlation engine it came with was a similar concept to what we now have with Smart Groups. I think this is a pretty handy feature to have in your Azure monitoring toolbox and along with all the other features that have just launched, things are looking good for the next generation of Microsoft monitoring!



Azure Monitor Alert Severity Mappings



When I first started using SCOM, one of the things that I had to quickly get my head around was how alerts that were generated by rules were defined with a Severity that mapped to an integer value (e.g. Critical = 2, Warning = 1, and Informational = 0).

With alerts in Azure Monitor, Microsoft have taken a similar approach where they have defined five alert severity levels - each one mapping to it's own integer. These severity levels have been color-coded to help quickly identify alerts that should be treated as more important than others but for clarity, I've detailed the exact mappings as follows:

Azure Monitor Alert Severity Levels

Sev 0 = Critical
Sev 1 = Error
Sev 2 = Warning
Sev 3 = Informational
Sev 4 = Verbose


As you can see from the mappings above, in Azure, the lower the integer, the higher the severity - which is the opposite to alert rule severity mappings in SCOM. Hopefully this post will prove useful for any SCOM administrators who are dipping more into the Azure Monitor world over the coming year and might get slightly confused by the reverse numbering mapping between the two platforms.

If you'd like to read more about some newly announced feature enhancements in Azure Monitor, then check out my recent post here.