Azure Monitor Alerts using webhook to Microsoft Teams - No messages to Teams

Question

I'm using Azure Monitor/Log Analytics to trigger alerts successfully. I'm trying to get the alerts into a Microsoft Teams channel (as well as a slack channel for debugging) with no success.

I've an alert that's successfully being triggered. I have an action group with my email, sms and azure app push configured. I've been receiving these messages each time the alert triggers.

I've got another action group with a couple of webhooks in for a Microsoft Teams and Slack channels. I'm not receiving anything on these channels.

I've enabled the custom 'Include custom Json payload for webhook' and pasted both the suggested json and the following { "AlertName":"#alertrulename", "AlertDescription":"#description", "LinkToSearchResults":"#linktosearchresults"}

I get the emails/sms/push notifications but not the messages to the web hooks. I've tried leaving the common alert schema set to no in the action group, the default (as well trying unsuccessfully on yes as well).

Suspecting it's something to do with the custom payload json as mention here https://azure.microsoft.com/en-gb/blog/webhooks-for-azure-alerts/

Any ideas on how I can get my alerts into teams?

Thanks

Answer 1

I'm also looking into doing this and get exactly the same results as @JohnFox

Pretty tragic it can't just do it.

I've read somewhere you have to set up a Function or Logic App to be an "inbetween" from Azure to Teams (or Slack)

I tried this workaround...

http://www.nibrasmanna.com/send-azure-outage-notifications-to-microsoft-teams/

...but it is unworkable, all of the messages do get through to Teams, but the emails are too large to display.

To be honest getting webhooks running seems to be hard work

If anyone comes across a decent tutorial of getting this up and running, please post back - Thanks

Answer 2

Managed to crack it and get it working everyone!

Using Azure Automation, a runbook/webhook.

Added the following as a runbook (update your uri):

param
(
    [Parameter (Mandatory=$false)]
    [object] $WebhookData
)
if ($WebhookData)
{
    # Get the data object from WebhookData.
    $WebhookBody = (ConvertFrom-Json -InputObject $WebhookData.RequestBody)
    $alertName = $WebhookBody.alertname
    $alertDescription = $WebhookBody.alertDescription
    $linkToSearch = $WebhookBody.linktosearchresults
    $query = $WebhookBody.searchquery
    $results = $WebhookBody.resultcount
    $AlertThreshold = $WebhookBody.AlertThreshold
    $AlertThresholdValue = $WebhookBody.AlertThresholdValue
    $StartTime = $WebhookBody.SearchStartTime
    $EndTime = $WebhookBody.SearchEndTime
    $formatLink = "[Link]($linkToSearch)"
    $formatMessage = "$alertName has exceeded the threshold $AlertThreshold $AlertThresholdValue. Results returned: $results"

    $uri = 'https://teams-connector-uri'

    $body = ConvertTo-Json -Depth 4 @{
    summary = $alertName
    sections = @(
        @{
            activityTitle = $alertName
            activitySubtitle = $alertDescription
            activityText =  $formatMessage           
        },
        @{
            title = 'Details'
            facts = @(
                @{
                name = 'Query time range. (UTC)'
                value = "$StartTime $EndTime"
                },
                @{
                name = 'Link to search results'
                value = $formatLink
                },
                @{
                name = 'Query Executed'
                value = $query
                }
            )
        }
    )
} 
    Invoke-RestMethod -uri $uri -Method Post -body $body -ContentType 'application/json'
}

Then generate a webhook for the runbook and add this into the Azure Alert.

In the azure alert i've set the custom payload to this:

{ "AlertName":"#alertrulename", "AlertDescription":"#description", "LinkToSearchResults":"#linktosearchresults"}

Bingo, triggered alert and alert came through