MP University is free 1 day online training event that focuses on SCOM and Azure. As you know for the past several weeks I have been blogging about Azure Monitor Alerts so when I was offered the opportunity to do online session on that topic – I was all in. Besides blogging I also like presenting. Being able to do that online is good for me due to my busy schedule (both personal and work one). So if you are interested on that topic and seeing more of what I have blogged or any of the other sessions in the event please go here and sign up.
We are getting to one of the last blog post of these series. I still haven’t decided how much more I will publish but this one won’t be the last one. If not else there will be at least another one after this one. Today we will cover Azure Sentinel alerts. To be honest I was not sure if I will cover these alert types. I have tons of feedback for Azure Sentinel in general and specifically for their alerts. That feedback focuses more on APIs and alignment with other Azure teams. I am sure that from security functionality perspective the service is doing great. But let’s start looking at Azure Sentinel alerts and I will express my feedback trough the blog post.
It is time for the third part of this blog series. This time we will cover two type of alerts to speed up the pace. Also as I have mentioned before these types of alerts are very similar to Administrative alerts and difference comes from properties section mainly. The alert types we will cover today are:
- Security Activity Log Alert
- Service Health Alert
Alerts are important part of our monitoring and probably the most important one. Getting data and visualizing it is the foundation for alerts but in order to move to actual monitoring you need alerts. I can tell you nobody sits all day in front of dashboard and looks at visualized data. Alerts are also our knowledge of our applications and infrastructure gathered to help us when things are not going as planned. I wanted to write this blog post series for quite some time and I think this is the right time to do it. The reason for that is Classic Azure alerts are being deprecated and the vision of unified alerting capabilities is coming together and becoming more powerful… sort of. I will comment on parts that I think could and should be improved and hopefully they will be. I also expect some new features around Ignite as usually that is when Microsoft reveals some new stuff. They actually do it all the time it just the end development of some features matches Ignite conference time frame.
Lately I have seen some questions and discussions that I have also been involved around which management services/tools should be used when you are doing multi-cloud. Before diving into that area let’s first dive into the multi-cloud thingy. RightScale has report for year 2019 called STATE OF THE CLOUDREPORT that give us what is the current state of companies in that area. If we look at the report we will see that multi-cloud strategy is rising but if we look in the details the strategy of having multiple public or private clouds is actually starting to decline, slightly but still decline. I think that decline will continue over the next years. For me it makes sense if you have the bigger part of your cloud workloads in a single public cloud and may be some small part into another public cloud. My opinion is that it is better to put your bets into a single public cloud. I do not think there are much of benefits if you do multi-public cloud strategy. As for putting workloads on-premises the hybrid cloud strategy I think will be still valid at least for the next 10 years. With that said never the less there are still companies that have multi-cloud strategy with multiple public clouds. And this brings us back to our topic. You have probably heard similar questions like: