Document Details
Automation Create Alert Triggered Runbook
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
powershell_heavy
⚠️
windows_first
⚠️
missing_linux_example
⚠️
windows_tools
Summary:
The documentation page demonstrates a strong Windows and PowerShell bias throughout. All code examples, including those for assigning permissions and the main runbook, are exclusively in PowerShell. The prerequisites and links reference Windows and PowerShell-specific tools and modules, with no mention of Bash, Azure CLI, or Linux-based automation. The only VM creation link points to a Windows VM via PowerShell. There are no examples or guidance for users working from Linux or using cross-platform tools.
Recommendations:
- Provide equivalent Azure CLI (az) examples for all PowerShell scripts, especially for assigning permissions and managing Automation accounts.
- Include Bash or cross-platform shell script examples where applicable.
- Update the prerequisites to mention both Windows and Linux environments, and link to both Windows and Linux VM creation guides.
- Offer guidance on how to use the Azure portal and Azure CLI for users who do not use PowerShell.
- Ensure that runbook examples are provided in both PowerShell and Python (supported in Azure Automation), or at least mention Python as an option.
- Explicitly state that the instructions are cross-platform where possible, or provide platform-specific sections for Windows and Linux users.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-07-12 23:44 | #41 | in_progress | ❌ Biased |
| 2025-07-12 00:58 | #8 | cancelled | ✅ Clean |
| 2025-07-10 05:06 | #7 | processing | ✅ Clean |
| 2025-07-09 23:22 | #6 | cancelled | ✅ Clean |
Flagged Code Snippets
# Sign in to your Azure subscription
$sub = Get-AzSubscription -ErrorAction SilentlyContinue
if(-not($sub))
{
Connect-AzAccount
}
# If you have multiple subscriptions, set the one to use
# Select-AzSubscription -SubscriptionId <SUBSCRIPTIONID>
$UAMI.ClientId
$resourceGroup = "resourceGroup"
$automationAccount = "AutomationAccount"
$userAssignedManagedIdentity = "userAssignedManagedIdentity"
$SAMI = (Get-AzAutomationAccount -ResourceGroupName $resourceGroup -Name $automationAccount).Identity.PrincipalId
New-AzRoleAssignment `
-ObjectId $SAMI `
-ResourceGroupName $resourceGroup `
-RoleDefinitionName "DevTest Labs User"
$UAMI = (Get-AzUserAssignedIdentity -ResourceGroupName $resourceGroup -Name $userAssignedManagedIdentity)
New-AzRoleAssignment `
-ObjectId $UAMI.PrincipalId `
-ResourceGroupName $resourceGroup `
-RoleDefinitionName "DevTest Labs User"
[OutputType("PSAzureOperationResponse")]
param
(
[Parameter (Mandatory=$false)]
[object] $WebhookData
)
$ErrorActionPreference = "stop"
if ($WebhookData)
{
# Get the data object from WebhookData
$WebhookBody = (ConvertFrom-Json -InputObject $WebhookData.RequestBody)
# Get the info needed to identify the VM (depends on the payload schema)
$schemaId = $WebhookBody.schemaId
Write-Verbose "schemaId: $schemaId" -Verbose
if ($schemaId -eq "azureMonitorCommonAlertSchema") {
# This is the common Metric Alert schema (released March 2019)
$Essentials = [object] ($WebhookBody.data).essentials
# Get the first target only as this script doesn't handle multiple
$alertTargetIdArray = (($Essentials.alertTargetIds)[0]).Split("/")
$SubId = ($alertTargetIdArray)[2]
$ResourceGroupName = ($alertTargetIdArray)[4]
$ResourceType = ($alertTargetIdArray)[6] + "/" + ($alertTargetIdArray)[7]
$ResourceName = ($alertTargetIdArray)[-1]
$status = $Essentials.monitorCondition
}
elseif ($schemaId -eq "AzureMonitorMetricAlert") {
# This is the near-real-time Metric Alert schema
$AlertContext = [object] ($WebhookBody.data).context
$SubId = $AlertContext.subscriptionId
$ResourceGroupName = $AlertContext.resourceGroupName
$ResourceType = $AlertContext.resourceType
$ResourceName = $AlertContext.resourceName
$status = ($WebhookBody.data).status
}
elseif ($schemaId -eq "Microsoft.Insights/activityLogs") {
# This is the Activity Log Alert schema
$AlertContext = [object] (($WebhookBody.data).context).activityLog
$SubId = $AlertContext.subscriptionId
$ResourceGroupName = $AlertContext.resourceGroupName
$ResourceType = $AlertContext.resourceType
$ResourceName = (($AlertContext.resourceId).Split("/"))[-1]
$status = ($WebhookBody.data).status
}
elseif ($schemaId -eq $null) {
# This is the original Metric Alert schema
$AlertContext = [object] $WebhookBody.context
$SubId = $AlertContext.subscriptionId
$ResourceGroupName = $AlertContext.resourceGroupName
$ResourceType = $AlertContext.resourceType
$ResourceName = $AlertContext.resourceName
$status = $WebhookBody.status
}
else {
# Schema not supported
Write-Error "The alert data schema - $schemaId - is not supported."
}
Write-Verbose "status: $status" -Verbose
if (($status -eq "Activated") -or ($status -eq "Fired"))
{
Write-Verbose "resourceType: $ResourceType" -Verbose
Write-Verbose "resourceName: $ResourceName" -Verbose
Write-Verbose "resourceGroupName: $ResourceGroupName" -Verbose
Write-Verbose "subscriptionId: $SubId" -Verbose
# Determine code path depending on the resourceType
if ($ResourceType -eq "Microsoft.Compute/virtualMachines")
{
# This is an Resource Manager VM
Write-Verbose "This is an Resource Manager VM." -Verbose
# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process
# Connect to Azure with system-assigned managed identity
$AzureContext = (Connect-AzAccount -Identity).context
# set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext
# Stop the Resource Manager VM
Write-Verbose "Stopping the VM - $ResourceName - in resource group - $ResourceGroupName -" -Verbose
Stop-AzVM -Name $ResourceName -ResourceGroupName $ResourceGroupName -DefaultProfile $AzureContext -Force
# [OutputType(PSAzureOperationResponse")]
}
else {
# ResourceType not supported
Write-Error "$ResourceType is not a supported resource type for this runbook."
}
}
else {
# The alert status was not 'Activated' or 'Fired' so no action taken
Write-Verbose ("No action taken. Alert status: " + $status) -Verbose
}
}
else {
# Error
Write-Error "This runbook is meant to be started from an Azure alert webhook only."
}