Share via

How to get the exact alert messages in Notification for detailed Managed Identity operation in Container Apps

Mance, Romulo 0 Reputation points
2024-12-19T14:29:24.32+00:00

I would like to create an alert particularly turning ON/OFF on Managed Identity on Container Apps or any resources under Identity. See screenshot below.

User's image

I would like to filter or create alert the same as below notification messages if possible.

User's image

Azure Notification Hubs
Azure Notification Hubs
An Azure service that is used to send push notifications to all major platforms from the cloud or on-premises environments.
334 questions
Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
486 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. VINODH KUMAR T D 26,371 Reputation points MVP
    2024-12-22T06:29:24.26+00:00

    Hi ,

    Thanks for reaching out to Microsoft Q&A.

    To create an alert for Managed Identity operations, including turning ON/OFF System-Assigned or User-Assigned Managed Identities for Container Apps or other resources, follow these steps:

    1. Enable Diagnostic Settings:
      • Navigate to the Container App in the Azure portal.
      • Go to Diagnostic Settings. Add a diagnostic setting to log Administrative operations to Log Analytics, Event Hub, or Storage Account.
    2. Use Azure Activity Logs: The notifications you see are derived from Activity Logs. These logs capture all management operations. To filter for Managed Identity actions:
      • Go to Activity Logs for your Container App or subscription.
      • Use filters like Operation Name (example: Register managed identity, Deregister managed identity, Add user-assigned identity, Remove user-assigned identity).
      • Verify the detailed records for Managed Identity actions.
    3. Set Up Alerts:
      • Navigate to Monitor in the Azure portal.
      • Go to Alerts > Create > Alert Rule.
      • Select a Scope: Choose the specific Container App or subscription.
      • Add Condition: Use "Administrative operation" as the signal. Add filters for specific operation names (ex: Register managed identity, Deregister managed identity).
      • Configure Action Groups to send notifications (email, SMS, etc.).
      • Save and enable the alert.
    4. Query in Log Analytics: If you're logging diagnostic data to Log Analytics, you can write a KQL query to get specific Managed Identity events:

      AzureActivity | where ResourceProvider == "Microsoft.ManagedIdentity" | where OperationNameValue in ("Register managed identity", "Deregister managed identity", "Add user-assigned identity", "Remove user-assigned identity") | project TimeGenerated, OperationName, Resource, Caller, Status

    5. Test the Alert: Enable/disable the Managed Identity to generate a test log and ensure your alert triggers as expected.

    This will provide granular alerting and tracking for Managed Identity operations in Container Apps or other Azure resources.

    Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.