Document Details
Automation Create Alert Triggered Runbook
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
powershell_heavy
⚠️
windows_first
⚠️
missing_linux_example
⚠️
windows_tools
Summary:
The documentation is heavily focused on PowerShell and Windows-centric tools and patterns. All code examples, instructions, and prerequisites are written for PowerShell, with no mention of Linux, Bash, or cross-platform alternatives. The only VM creation link points to a Windows VM via PowerShell, and there are no references to Linux VMs or Bash/Azure CLI usage. This creates a strong Windows bias and may alienate users working in Linux or cross-platform environments.
Recommendations:
- Provide equivalent examples using Azure CLI (az) and Bash scripts, especially for steps like assigning permissions, creating runbooks, and managing VMs.
- Include links to both Windows and Linux VM quickstart guides, not just Windows/PowerShell.
- When listing prerequisites, mention both PowerShell and Azure CLI as supported options.
- Show how to create and trigger runbooks using Bash or Azure CLI, not just PowerShell.
- Add a section or callouts for Linux users, clarifying any differences or additional steps.
- Ensure that runbook examples are language-agnostic where possible, or provide both PowerShell and Python (or Bash) samples.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-08-17 00:01 | #83 | in_progress | ✅ Clean |
| 2025-07-13 21:37 | #48 | completed | ✅ Clean |
| 2025-07-09 13:09 | #3 | cancelled | ✅ Clean |
| 2025-07-08 04:23 | #2 | cancelled | ❌ Biased |
Flagged Code Snippets
# Sign in to your Azure subscription
$sub = Get-AzSubscription -ErrorAction SilentlyContinue
if(-not($sub))
{
Connect-AzAccount
}
# If you have multiple subscriptions, set the one to use
# Select-AzSubscription -SubscriptionId <SUBSCRIPTIONID>
$resourceGroup = "resourceGroup"
$automationAccount = "AutomationAccount"
$userAssignedManagedIdentity = "userAssignedManagedIdentity"
$SAMI = (Get-AzAutomationAccount -ResourceGroupName $resourceGroup -Name $automationAccount).Identity.PrincipalId
New-AzRoleAssignment `
-ObjectId $SAMI `
-ResourceGroupName $resourceGroup `
-RoleDefinitionName "DevTest Labs User"
$UAMI = (Get-AzUserAssignedIdentity -ResourceGroupName $resourceGroup -Name $userAssignedManagedIdentity)
New-AzRoleAssignment `
-ObjectId $UAMI.PrincipalId `
-ResourceGroupName $resourceGroup `
-RoleDefinitionName "DevTest Labs User"
$UAMI.ClientId
[OutputType("PSAzureOperationResponse")]
param
(
[Parameter (Mandatory=$false)]
[object] $WebhookData
)
$ErrorActionPreference = "stop"
if ($WebhookData)
{
# Get the data object from WebhookData
$WebhookBody = (ConvertFrom-Json -InputObject $WebhookData.RequestBody)
# Get the info needed to identify the VM (depends on the payload schema)
$schemaId = $WebhookBody.schemaId
Write-Verbose "schemaId: $schemaId" -Verbose
if ($schemaId -eq "azureMonitorCommonAlertSchema") {
# This is the common Metric Alert schema (released March 2019)
$Essentials = [object] ($WebhookBody.data).essentials
# Get the first target only as this script doesn't handle multiple
$alertTargetIdArray = (($Essentials.alertTargetIds)[0]).Split("/")
$SubId = ($alertTargetIdArray)[2]
$ResourceGroupName = ($alertTargetIdArray)[4]
$ResourceType = ($alertTargetIdArray)[6] + "/" + ($alertTargetIdArray)[7]
$ResourceName = ($alertTargetIdArray)[-1]
$status = $Essentials.monitorCondition
}
elseif ($schemaId -eq "AzureMonitorMetricAlert") {
# This is the near-real-time Metric Alert schema
$AlertContext = [object] ($WebhookBody.data).context
$SubId = $AlertContext.subscriptionId
$ResourceGroupName = $AlertContext.resourceGroupName
$ResourceType = $AlertContext.resourceType
$ResourceName = $AlertContext.resourceName
$status = ($WebhookBody.data).status
}
elseif ($schemaId -eq "Microsoft.Insights/activityLogs") {
# This is the Activity Log Alert schema
$AlertContext = [object] (($WebhookBody.data).context).activityLog
$SubId = $AlertContext.subscriptionId
$ResourceGroupName = $AlertContext.resourceGroupName
$ResourceType = $AlertContext.resourceType
$ResourceName = (($AlertContext.resourceId).Split("/"))[-1]
$status = ($WebhookBody.data).status
}
elseif ($schemaId -eq $null) {
# This is the original Metric Alert schema
$AlertContext = [object] $WebhookBody.context
$SubId = $AlertContext.subscriptionId
$ResourceGroupName = $AlertContext.resourceGroupName
$ResourceType = $AlertContext.resourceType
$ResourceName = $AlertContext.resourceName
$status = $WebhookBody.status
}
else {
# Schema not supported
Write-Error "The alert data schema - $schemaId - is not supported."
}
Write-Verbose "status: $status" -Verbose
if (($status -eq "Activated") -or ($status -eq "Fired"))
{
Write-Verbose "resourceType: $ResourceType" -Verbose
Write-Verbose "resourceName: $ResourceName" -Verbose
Write-Verbose "resourceGroupName: $ResourceGroupName" -Verbose
Write-Verbose "subscriptionId: $SubId" -Verbose
# Determine code path depending on the resourceType
if ($ResourceType -eq "Microsoft.Compute/virtualMachines")
{
# This is an Resource Manager VM
Write-Verbose "This is an Resource Manager VM." -Verbose
# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process
# Connect to Azure with system-assigned managed identity
$AzureContext = (Connect-AzAccount -Identity).context
# set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext
# Stop the Resource Manager VM
Write-Verbose "Stopping the VM - $ResourceName - in resource group - $ResourceGroupName -" -Verbose
Stop-AzVM -Name $ResourceName -ResourceGroupName $ResourceGroupName -DefaultProfile $AzureContext -Force
# [OutputType(PSAzureOperationResponse")]
}
else {
# ResourceType not supported
Write-Error "$ResourceType is not a supported resource type for this runbook."
}
}
else {
# The alert status was not 'Activated' or 'Fired' so no action taken
Write-Verbose ("No action taken. Alert status: " + $status) -Verbose
}
}
else {
# Error
Write-Error "This runbook is meant to be started from an Azure alert webhook only."
}