In this document, I'll show you how to be alerted when a VM is created or updated inside your Azure environment. Please note that updated means started, stopped, restarted, have their size or any characteristic changed.
To do this, we will be using the Azure Activity Logs that is part of the Azure platform logs and provides insights into subscription-level events.
Just as a reminder, please note that the Azure Activity Logs are enabled by default and stored in the Azure platform for 90 days. If you want to have retained from more than 90 days, you should configure to send the data to a Log Analytics Workspace if you want enable features of Azure Monitor Logs, to Event Hubs if you want to send the data outside of Azure or to Azure Storage if you want to retain the log data for audit, static analysis or backup.
-
First of all, ensure you are sending the Activity Logs to a Log Analytics Workspace.
-
Then go to the Azure Monitor > Alerts and click to + New alert rule
- Select your subscription as Scope:
Please note that for the purpose of this document we will be monitoring the entire subscription. But if you want, you can filter by resource type and/or location and monitor only a specific resource group/resource/location.
- In Condition search by "Create or update Virtual Machine" then select the first result:
Note that you can search for different options to see other alternatives available. Just as example, if you want be alerted only for added VMs, you can filter by "Add Virtual Machines".
- In the second screen that will show-up, choose the Chart period then click Done:
- Now set the Action group and the Alert rule details then click to Create alert rule:
- If everything is ok, you may have something like this:
- Now, when a new VM is created or changed into your subscription, you will receive those kind of alerts by e-mail (if this was your choice - remember you can be alerted also by sms or through a webhook):
