![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 50%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,285 questions
Hi Emdad,
Thanks for reaching out to Microsoft Q&A.
From the images and your description, it appears that you are facing two main issues:
- Alert based on "Initiate JIT Network Access Policy" Signal: You are attempting to set an alert based on the "Initiate JIT Network Access Policy" signal with the "Security" category, but the activity log shows that the event is categorized under "Administrative." As a result, the alert is not getting triggered since there is a mismatch between the alert condition and the actual event category. Why this happens:
- Azure Monitor Activity Log events are categorized based on their nature. JIT (Just-In-Time) requests, while they might seem like security-related events, are typically administrative operations (related to VM access control) and hence fall under the "Administrative" category, not "Security."
- The alert you are trying to configure is using the wrong event category (Security) for this type of event.
- Change the alert's condition to use the Administrative category instead of Security, as per the actual category of the JIT request events in your Activity Log.
- You can set the alert to trigger when the Activity Log has an event with Category='Administrative' and Signal name='Initiate JIT Network Access Policy'. This should ensure that the alert is properly triggered when a JIT request occurs.
- Scope Error: You encountered an issue with scope selection, as seen in the error message stating, "Couldn't find the selected scope." This typically happens when the resource or subscription you're trying to set the alert on either:
- Is not available or has been deleted.
- Does not have the appropriate permissions or access control settings.
- Double-check the subscription and resource group to ensure they are valid and accessible.
- Ensure that your role has sufficient permissions (like a Monitoring Contributor or Security Administrator) to set alerts on the selected resources.
- If the scope resource exists but you're still encountering this error, you might want to manually reselect the correct subscription/resource and retry.
- Is not available or has been deleted.
By adjusting the event category and resolving the scope issue, you should be able to configure the JIT access alert as desired.
Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.