Disable/Enable Azure monitor alert rules by azure automation powershell

Question

I have a azure monitoring alert rule where it will check the heartbeat of my virtual machine for every 5 minutes. But, the virtual machine itself will go offline everyday at 11 PM and will be started again on 9 AM on next day.

so I'm trying to use azure automation to disable/enable my alert rule at the same time. this is the code I've tried to use:

Write-Output "start job"
$vmResourceGroupName = <<resource_group>>
$vmName = <<vm_name>>

try
{
    # Connection
    Write-Output "connect to the VM"
    $Conn = Get-AutomationConnection -Name AzureRunAsConnection
    $rcConn = Connect-AzAccount -ServicePrincipal -TenantId $Conn.TenantID -ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint

    # Stop the VM
    Write-Output "Stop the VM"
    stop-AzVM -ResourceGroupName $vmResourceGroupName -Name $vmName -Force
    #first method that I use to disable my alert rules
    Get-AzAlertRule -ResourceGroupName $vmResourceGroupName -TargetResourceId <<my_resource_id>> -DisableRule
    #second method that I use to disable my alert rules
    Disable-AzureRmActivityLogAlert -Name <<my_alert_name>> -ResourceGroupName <<my_resource_group>>
}
catch
{
    if($_.Exception.Message)
   {
        Write-Error -Message "$($_.Exception.Message)" -ErrorAction Continue
    }
    else
    {
        Write-Error -Message "$($_.Exception)" -ErrorAction Continue
    }
    throw "$($_.Exception)"
}
finally
{
    Write-Output "end job"
}

both of the method which I use returning an error that said my alert rules are not found.

Answer 1

Anyone look for solution , below command works set the disable or enable flag in this manner => Enabled:$false

Update-AzScheduledQueryRule -Name 'xxxname' -ResourceGroupName 'xxxxrg' -Enabled:$false

Answer 2

answers from Joy and Khrisna helped me solve this problem. there's one thing on my end, because my Log Analytics Workspace was made last year, it didn't support Get-AzScheduledQuery API. to solve this problem you can either: 1. migrating your workspace to new workspace 2. update your workspace settings so it support Get-AzScheduledQuery. you can follow this tutorial to update the settings :

Tutorial

hope it helps!

Answer 3

Just wondering instead of developing the custom powershell code for this. If you create this suppression rule, you can skip the part of disabling the alert for the VM in your runbook.

Did you try to use the Alert Supression (Action rules ) option. Here is the documentation for this https://learn.microsoft.com/en-us/azure/azure-monitor/platform/alerts-action-rules. You can try to schedule this with daily recurrence some thing like below using the UI and this will suppress all the alerts between the specified time.

1) Azure Monitor -> Alerts -> Manage Actions -> Action Rules(Preview). You can setup a rule like as below it will automatically supress the alerts.

Currently there is no powershell command(still you can use the arm api call) to configure the action rule, i heard that they were coming with one soon in couple of months time.

Answer 4

I agree to what Joy has answered for newer metric alerts however if your alert is of 'Log Search' signal type instead of 'Metrics' signal type then you would have to disable the alert as shown below.

Update-AzScheduledQueryRule -ResourceGroupName "<resource group name>"  -Name "<alert name>" -Enabled 0

Illustration:

Related references:

1. Update-AzScheduledQueryRule
2. Add-AzMetricAlertRuleV2
3. Get-AzMetricAlertRuleV2
4. Get-AzScheduledQueryRule

Hope this helps!!

Answer 5

I suppose you mix the three type of alerts together, ActivityLogAlert, metric alert(classic), metric alert(new). They have different resource types, what you have created should be the metric alert(new), which you can find in azure portal -> Monitor -> Alerts -> Manage alert rules.

If so, try the command as below to disable the alert.

Get-AzMetricAlertRuleV2 -ResourceGroupName "<resource group name>"  -Name "<alert name>" | Add-AzMetricAlertRuleV2 -DisableRule

Update:

Your SIGNAL TYPE is Log Search, its resource type is microsoft.insights/scheduledqueryrules. I test it with an alert the same with you, the command as below should work, make sure you use the correct resource group name and rule name.

Get-AzScheduledQueryRule -ResourceGroupName <group name>  -Name "<rule name>" 

Update-AzScheduledQueryRule -ResourceGroupName <group name> -Name "<rule name>" -Enabled $false