MicrosoftDocs
diff --git a/‎articles/azure-monitor/alerts/alerts-logic-apps.md
Lines changed: 65 additions & 33 deletions b/‎articles/azure-monitor/alerts/alerts-logic-apps.md
Lines changed: 65 additions & 33 deletions
diff --git a/‎articles/azure-monitor/alerts/media/alerts-logic-apps/initialize-variable.png
49.4 KB b/‎articles/azure-monitor/alerts/media/alerts-logic-apps/initialize-variable.png
49.4 KB
@@ -3,12 +3,11 @@ title: Customize alert notifications using Logic Apps
 description: Learn how to create a logic app to process Azure Monitor alerts.
 author: EdB-MSFT
 ms.topic: conceptual
-ms.date: 09/07/2022
+ms.date: 02/09/2023
 ms.author: edbaynash
 ms.reviewer: edbaynash
 
 # Customer intent: As an administrator I want to create a logic app that is triggered by an alert so that I can send emails or Teams messages when an alert is fired.
-
 ---
 
 # Customize alert notifications using Logic Apps 
@@ -17,24 +16,28 @@ This article shows you how to create a Logic App and integrate it with an Azure
 
 [Azure Logic Apps](../../logic-apps/logic-apps-overview.md) allows you to build and customize workflows for integration. Use Logic Apps to customize your alert notifications.
 
-+ Customize the alerts email, using your own email subject and body format. 
-+ Customize the alert metadata by looking up tags for affected resources or fetching a log query search result. For information on how to access the search result rows containing alerts data, see: 
-  + [Azure Monitor Log Analytics API response format](../logs/api/response-format.md)
-  + [Query/management HTTP response](/azure/data-explorer/kusto/api/rest/response)
-+ Integrate with external services using existing connectors like Outlook, Microsoft Teams, Slack and PagerDuty, or by configuring the Logic App for your own services.
+- Customize the alerts email, using your own email subject and body format. 
+- Customize the alert metadata by looking up tags for affected resources or fetching a log query search result. For information on how to access the search result rows containing alerts data, see: 
+  - [Azure Monitor Log Analytics API response format](../logs/api/response-format.md)
+  - [Query/management HTTP response](/azure/data-explorer/kusto/api/rest/response)
+- Integrate with external services using existing connectors like Outlook, Microsoft Teams, Slack and PagerDuty, or by configuring the Logic App for your own services.
 
-In this example, we'll use the following steps to create a Logic App that uses the [common alerts schema](./alerts-common-schema.md) to send details from the alert. The example uses the following steps:
+In this example, the following steps create a Logic App that uses the [common alerts schema](./alerts-common-schema.md) to send details from the alert. The example uses the following steps:
 
 1. [Create a Logic App](#create-a-logic-app) for sending an email or a Teams post.
 1. [Create an alert action group](#create-an-action-group) that triggers the logic app.
 1. [Create a rule](#create-a-rule-using-your-action-group) the uses the action group.
+
 ## Create a Logic App
 
-1. Create a new Logic app. Set **Logic App name** , select **Consumption Plan type**.
+1. In the [portal](https://portal.azure.com/), create a new Logic app. In the **Search** bar at the top of the page, enter "Logic App".
+1. On the **Logic App** page, select **+Add**.
+1. Select the **Subscription** and **Resource group** for your Logic App.
+1. Set **Logic App name**, and select **Consumption Plan type**.
 1. Select **Review + create**, then select **Create**.
 1. Select **Go to resource** when the deployment is complete.
 :::image type="content" source="./media/alerts-logic-apps/create-logic-app.png" alt-text="A screenshot showing the create logic app page.":::
-1. On the Logic Apps Designer page, select **When a HTTP request is received**.  
+1. On the **Logic Apps Designer** page, select **When a HTTP request is received**.  
 :::image type="content" source="./media/alerts-logic-apps/logic-apps-designer.png" alt-text="A screenshot showing the Logic Apps designer start page.":::  
 
 1. Paste the common alert schema into the **Request Body JSON Schema** field from the following JSON:
@@ -105,10 +108,40 @@ In this example, we'll use the following steps to create a Logic App that uses t
     }
     ```
 
-1. Select the **+** icon to insert a new step.
-:::image type="content" source="./media/alerts-logic-apps/configure-http-request-received.png" alt-text="A screenshot showing the parameters for the when http request received step.":::
+    :::image type="content" source="./media/alerts-logic-apps/configure-http-request-received.png" alt-text="A screenshot showing the parameters for the http request received step.":::
+
+1. (Optional). You can customize the alert notification by extracting information about the affected resource on which the alert fired, e.g. the resource’s tags. You can then include those resource tags in the alert payload and use the information in your logical expressions for sending the notifications. To do this, we will:
+    - Create a variable for the affected resource IDs.
+    - Split the resource ID into in an array so we can use its various elements (e.g. subscription, resource group).
+    - Use the Azure Resource Manager connector to read the resource’s metadata.
+    - Fetch the resource’s tags which can then be used in subsequent steps of the Logic App.
+
+    1. Select **+** and **Add an action** to insert a new step.
+    1. In the **Search** field, search for and select **Initialize variable**.
+    1. In the **Name** field, enter the name of the variable, such as 'AffectedResources'.
+    1. In the **Type** field, select **Array**.
+    1. In the **Value** field, select **Add dynamic Content**. Select the **Expression** tab, and enter this string: `split(triggerBody()?['data']?['essentials']?['alertTargetIDs'][0], '/')`.
+
+        :::image type="content" source="./media/alerts-logic-apps/initialize-variable.png" alt-text="A screenshot showing the parameters for the initializing a variable in Logic Apps.":::
+
+    1. Select **+** and **Add an action** to insert another step.
+    1. In the **Search** field, search for and select **Azure Resource Manager**, and then **Read a resource**. 
+    1. Populate the fields of the **Read a resource** action with the array values from the `AffectedResources` variable. In each of the fields, click inside the field, and scroll down to **Enter a custom value**. Select **Add dynamic content**, and then select the **Expression** tab. Enter the strings from this table:
+
+        |Field|String value|
+        |---------|---------|
+        |Subscription|`variables('AffectedResource')[2]`|
+        |Resource Group|`variables('AffectedResource')[4]`|
+        |Resource Provider|`variables('AffectedResource')[6]`|
+        |Short Resource Id|`concat(variables('AffectedResource')[7], '/', variables('AffectedResource')[8]`)|
+        |Client Api Version|2021-06-01|
+
+    The dynamic content now includes tags from the affected resource. You can use those tags when you configure your notifications as described in the following steps.
 
 1. Send an email or post a Teams message.
+1. Select **+** and **Add an action** to insert a new step.
+
+    :::image type="content" source="./media/alerts-logic-apps/configure-http-request-received.png" alt-text="A screenshot showing the parameters for the when http request received step.":::
 
 ## [Send an email](#tab/send-email)
 
@@ -119,46 +152,45 @@ In this example, we'll use the following steps to create a Logic App that uses t
 1. Sign into Office 365 when prompted to create a connection.
 1. Create the email **Body** by entering static text and including content taken from the alert payload by choosing fields from the **Dynamic content** list.   
 For example:
-    - Enter *An alert has monitoring condition:* then select **monitorCondition** from the **Dynamic content** list.
-    - Then enter *Date fired:* and select **firedDateTime** from the **Dynamic content** list. 
-    - Enter *Affected resources:* and select **alterTargetIDs** from the **Dynamic content** list.  
-    
+    - Enter the text: `An alert has been triggered with this monitoring condition:`. Then, select **monitorCondition** from the **Dynamic content** list.
+    - Enter the text: `Date fired:`. Then, select **firedDateTime** from the **Dynamic content** list.
+    - Enter the text: `Affected resources:`. Then, select **alertTargetIDs** from the **Dynamic content** list.
+
 1. In the **Subject** field, create the subject text by entering static text and including content taken from the alert payload by choosing fields from the **Dynamic content** list.  
 For example:
-     - Enter *Alert:* and select **alertRule** from the **Dynamic content** list.
-     - Then enter *with severity:* and select **severity** from the **Dynamic content** list.
-     - Enter  *has condition:* and select **monitorCondition** from the **Dynamic content** list.  
-          
+     - Enter the text: `Alert:`. Then, select **alertRule** from the **Dynamic content** list.
+     - Enter the text: `with severity:`. Then, select **severity** from the **Dynamic content** list.
+     - Enter the text: `has condition:`. Then, select **monitorCondition** from the **Dynamic content** list.  
+
 1. Enter the email address to send the alert to in the **To** field.
 1. Select **Save**.
 
    :::image type="content" source="./media/alerts-logic-apps/configure-email.png" alt-text="A screenshot showing the parameters tab for the send email action.":::
 
-You've created a Logic App that will send an email to the specified address, with details from the alert that triggered it. 
+You've created a Logic App that sends an email to the specified address, with details from the alert that triggered it. 
 
 The next step is to create an action group to trigger your Logic App.
 
 ## [Post a Teams message](#tab/send-teams-message)
 
 1. In the search field, search for *Microsoft Teams*.  
-
 1. Select **Microsoft Teams**
     :::image type="content" source="./media/alerts-logic-apps/choose-operation-teams.png" alt-text="A screenshot showing add action page of the logic apps designer with Microsoft Teams selected.":::  
 1. Select **Post a message in a chat or channel** from the list of actions.
 1. Sign into Teams when prompted to create a connection.  
-1. Select *User*  from the **Post as** dropdown.
-1. Select *Group chat* from the **Post in** dropdown.
+1. Select **User**  from the **Post as** dropdown.
+1. Select **Group chat** from the **Post in** dropdown.
 1. Select your group from the **Group chat** dropdown.
-1. Create the message text in the **Message** field by entering static text and including content taken from the alert payload by choosing fields from the **Dynamic content** list.  
+1. Create the message text in the **Message** field by entering static text and including content taken from the alert payload by choosing fields from the **Dynamic content** list.
     For example:
-    - Enter *Alert:* then select **alertRule** from the **Dynamic content** list.
-    - Enter *with severity:* and select **severity** from the **Dynamic content** list.
-    - Enter *was fired at:* and select **firedDateTime** from the **Dynamic content** list.
-    - Add more fields according to your requirements.
+    1. Enter `Alert:` then select **alertRule** from the **Dynamic content** list.
+    1. Enter `with severity:` and select **severity** from the **Dynamic content** list.
+    1. Enter `was fired at:` and select **firedDateTime** from the **Dynamic content** list.
+    1. Add more fields according to your requirements.
 1. Select **Save**
     :::image type="content" source="./media/alerts-logic-apps/configure-teams-message.png" alt-text="A screenshot showing the parameters tab for the post a message in a chat or channel action.":::
 
-You've created a Logic App that will send a Teams message to the specified group, with details from the alert that triggered it. 
+You've created a Logic App that sends a Teams message to the specified group, with details from the alert that triggered it. 
 
 The next step is to create an action group to trigger your Logic App.
 
@@ -177,7 +209,7 @@ To trigger your Logic app, create an action group, then create an alert that use
 :::image type="content" source="./media/alerts-logic-apps/create-action-group.png" alt-text="A screenshot showing the actions tab of a create action group page.":::
 1. In the **Actions** tab under **Action type**, select **Logic App**.
 1. In the **Logic App** section, select your logic app from the dropdown.
-1. Set **Enable common alert schema** to *Yes*. If you select *No*, the alert type will determine which alert schema is used. For more information about alert schemas, see [Context specific alert schemas](./alerts-non-common-schema-definitions.md).
+1. Set **Enable common alert schema** to *Yes*. If you select *No*, the alert type determines which alert schema is used. For more information about alert schemas, see [Context specific alert schemas](./alerts-non-common-schema-definitions.md).
 1. Select **OK**.
 1. Enter a name in the **Name** field.
 1. Select **Review + create**, the **Create**.
@@ -193,9 +225,9 @@ To trigger your Logic app, create an action group, then create an alert that use
 
 :::image type="content" source="./media/alerts-logic-apps/test-action-group2.png" alt-text="A screenshot showing an action group details test page.":::
 
-The following email will be sent to the specified account:
+The following email is sent to the specified account:
 
-:::image type="content" source="./media/alerts-logic-apps/sample-output-email.png" alt-text="A screenshot showing an sample email sent by the test page.":::
+:::image type="content" source="./media/alerts-logic-apps/sample-output-email.png" alt-text="A screenshot showing a sample email sent by the test page.":::
 
 
 ## Create a rule using your action group