Azure Automation Runbook to enable and disable OMS Alerts

OMS is a hyper scale, hybrid and heterogenous monitoring system which can alert on thresholds from any system anywhere. The alerting can be either an email notification, a webhook or even a runbook.

Now what happens when you want to suspend alert during a maintenance window? SCOM has the ability of pausing workflows and suspending alerts for a period. In OMS you would have to disable the alerts one by one:

Or you can trigger or schedule a runbook to do it for you!

This blog takes you step by step on setting your runbook to start or stop a maintenance window.

First things first. You’ll need:

• OMS workspace with alerts configured
• Azure Automation

That’s it!

Step 1 – Create your SPN for authentication:

I use a service principal get a token for authentication.

You can find more details here: https://docs.microsoft.com/en-us/azure/resource-group-authenticate-service-principal

You can create it in the new portal, or via powershell:

$app = New-AzureRmADApplication -DisplayName "{app-name}" -HomePage "https://{your-domain}/{app-name}" -IdentifierUris "https://{your-domain}/{app-name}" -Password "{your-password}"
New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId
New-AzureRmRoleAssignment -RoleDefinitionName Contributer -ServicePrincipalName $app.ApplicationId.Guid

Or via the portal:

Click on Azure Active Directory, then choose “App Registrations”:

Click on Add, enter a name for the app, choose “Web App / API” and choose a Sign-on URL, then click on Create.

Click on the app, then settings and then “Keys”. Create a new key and click on save. Make sure you copy the key before you close the blade

Take note of the AppID and run this powershell line:

New-AzureRmRoleAssignment -RoleDefinitionName Contributer -ServicePrincipalName $app.ApplicationId.Guid

Step 2 – Add Assets to your Automation Account:

Add a connection asset for your SPN, with your Subscription ID, your Tenant ID, the SPN Application ID, the Application key (in the certificate thumbprint) called ‘AzureRunAsSPN’:

Add a variable for your OMS workspace details called “OMSWorkspaceName”:

And another one for the name of the resource group for your OMS called “OMS-Resource-Group-Name”:

Step 3 – Create your runbooks:

Create a Powershell runbook, called “Start-OMS-MaintenanceMode” with the following code:


$AlertsEnabled = "false"

$OMSResourceGroupId = Get-AutomationVariable -Name 'OMS-Resource-Group-Name'
$OMSWorkspaceName = Get-AutomationVariable -Name 'OMSWorkspaceName'

$SPNConnection = Get-AutomationConnection -Name 'AzureRunAsSPN'
$SubscriptionID = $SPNConnection.SubscriptionId
$TenantID = $SPNConnection.TenantID
$AzureUserNameForOMS = $SPNConnection.ApplicationId
$AzureUserPasswordForOMS = $SPNConnection.CertificateThumbprint

#region Get Access Token
$TokenEndpoint = {https://login.windows.net/{0}/oauth2/token} -f $TenantID
$ARMResource = "https://management.core.windows.net/";

$Body = @{
'resource'= $ARMResource
'client_id' = $AzureUserNameForOMS
'grant_type' = 'client_credentials'
'client_secret' = $AzureUserPasswordForOMS
}

$params = @{
ContentType = 'application/x-www-form-urlencoded'
Headers = @{'accept'='application/json'}
Body = $Body
Method = 'Post'
URI = $TokenEndpoint
}

$token = Invoke-RestMethod @params -UseBasicParsing
$Headers = @{'authorization'="Bearer $($Token.access_token)"}
#endregion

#get all saved searches
$savedSearches = (([string] (Invoke-WebRequest -Method Get -Uri "https://management.azure.com/subscriptions/$SubscriptionID/Resourcegroups/$OMSResourceGroupId/providers/Microsoft.OperationalInsights/workspaces/$OMSWorkspaceName/savedsearches?api-version=2015-03-20" -Headers $Headers -ContentType 'application/x-www-form-urlencoded' -UseBasicParsing).Content) | ConvertFrom-Json).Value.id

foreach ($savedSearch in $savedSearches)
{
#call for schedules associated with the saved searches
$schedules = ([string] (Invoke-WebRequest -Method Get -Uri "https://management.azure.com/$savedSearch/schedules?api-version=2015-03-20" -Headers $Headers -ContentType 'application/x-www-form-urlencoded' -UseBasicParsing).Content) | ConvertFrom-Json
#check if the saved search has a schedule
if ($schedules -ne $null)
{
$schedules.Properties.Enabled = $AlertsEnabled
$scheduleurl = $schedules.id + "?api-version=2015-03-20"
$body = $schedules | ConvertTo-Json
#set new property to schedule
Invoke-WebRequest -Method Put -Uri "https://management.azure.com/$scheduleurl" -Headers $Headers -ContentType 'application/json' -Body $Body -UseBasicParsing
}
}

You can now associate whatever schedule to suit you.

To stop maintenance mode, create another runbook called “Stop-OMS-MaintenanceMode”, changing the following line in the code:

From $AlertsEnabled = "false"

To $AlertsEnabled = "true"