This will raise an alert for new incident messages.
Will alert on new Service status messages.
?
The condition detection filters allow the user to determine which types of messages become collected/reported based on Classification and MessageType. The previously processed messages are cached in xml files that may be located in the following locations. Listed in order of liklihood but will depend on your environment:
C:\Windows\Temp\M365SSM\Services\ServiceMessages_<workloadName>.xml
C:\Users\<username>\AppData\Local\Temp\M365SSM\Services\ServiceMessages_<workloadName>.xml
If you wish to re-alert on all known/current messages, simply delete the related .xml file(s).
Use the corresponding agent task to test the service functionality.
M365 Supplemental - Get Service Incident Data
Name | Description | Default Value |
CD_ClassificationRegex |
Regex value for which a match will trigger the condition detection. | Incident|Advisory |
CD_MessageTypeRegex |
Regex value for which a match will trigger the condition detection. | quick|regular |
CD_StatusRegex |
Regex value for which a match will trigger the condition detection. | ^mitigatedExternal$|^mitigated$|^resolvedExternal$|^resolved$|^postIncidentReviewPublished$|^serviceOperational$|^serviceRestored$|^falsePositive$|^confirmed$ |
EventIDFilter | This can be used to filter which EventIDs get written by the workflow to the Operations Manager and Application event log. This is only relevant when logging is enabled. See 'WriteToEventLog'. Typically this is for customer support engineer use only. | |
IntervalSeconds | IntervalSeconds for the workflow is designed to be controlled by the target object property under normal circumstances. This override should only be modified for temporary troubleshooting or testing. | |
PoshLibraryPath | For customer support engineer use only. | |
ProbeActionTimeoutSeconds | If the workflow module does not exit gracefully by this time limit, the module will be forced to terminate. | 180 |
SyncTime | This can be set to force a workflow to synchronize its Interval to a specific start time. If no SyncTime value is provided to the workflow, the workflow will be initiated at the agent's earliest opportunity after receiving a configuration change or restarting. Typically no SyncTime is preferred. Format is 00:00. Example for 5:36pm: 17:36. Example for 2:15am: 02:15. | |
WorkflowName | This value gets passed into the datasource script and becomes noted in logged events (if logging is enabled). The value provided for this parameter gets appended to the ProbeAction/WriteAction name used for the datasource. If the datasource is used by more than one workflow an override value for this parameter could break cookdown. This could be used to differentiate/identify a specific instance of the scripted datasource. Typically this is for customer support engineer use only. | |
WriteToEventLog | This will enable/disable script logging to the Operations Manager event log. | false |
Target | M365SSVC.Services.Service | ||
Category | Alert | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Information | ||
Alert Priority | Normal | ||
Remotable | False | ||
Alert Message |
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | M365SSVC.ServiceMessages.DS | Default |
WA | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="M365SSVC.Service.IncidentMessages.Informational.AlertRule" Target="M365SSVC.Services.Service" Enabled="true" ConfirmDelivery="false" Remotable="false" Priority="Normal" DiscardLevel="100">
<Category>Alert</Category>
<DataSources>
<DataSource ID="DS" TypeID="M365SSVC.ServiceMessages.DS">
<CD_ClassificationRegex>Incident|Advisory</CD_ClassificationRegex>
<CD_MessageTypeRegex>quick|regular</CD_MessageTypeRegex>
<CD_StatusRegex>FalsePositive|mitigated|resolved|ServiceOperational|ServiceRestored</CD_StatusRegex>
<MgmtApiTokenScopeURL>$Target/Host/Property[Type="M365SSVC.Services.Role"]/MgmtApiTokenScopeURL$</MgmtApiTokenScopeURL>
<MgmtApiTokenURL>$Target/Host/Property[Type="M365SSVC.Services.Role"]/MgmtApiTokenURL$</MgmtApiTokenURL>
<MgmtApiURL>$Target/Host/Property[Type="M365SSVC.Services.Role"]/MgmtApiURL$</MgmtApiURL>
<M365_AccountName>$Target/Property[Type="M365SL!M365SL.M365ServiceComponent"]/M365_AccountName$</M365_AccountName>
<M365_AccountPassword>$Target/Property[Type="M365SL!M365SL.M365ServiceComponent"]/M365_AccountPassword$</M365_AccountPassword>
<M365_ClientID>$Target/Property[Type="M365SL!M365SL.M365ServiceComponent"]/M365_ClientID$</M365_ClientID>
<M365_ClientSecret>$Target/Property[Type="M365SL!M365SL.M365ServiceComponent"]/M365_ClientSecret$</M365_ClientSecret>
<EventIDFilter/>
<IntervalSeconds>$Target/Property[Type="M365SL!M365SL.M365ServiceComponent"]/IntervalSeconds$</IntervalSeconds>
<PoshLibraryPath/>
<ProbeActionTimeoutSeconds>180</ProbeActionTimeoutSeconds>
<ServiceID>$Target/Property[Type="M365SSVC.Services.Service"]/ID$</ServiceID>
<ServiceDisplayName>$Target/Property[Type="System!System.Entity"]/DisplayName$</ServiceDisplayName>
<SyncTime/>
<TenantName>$Target/Property[Type="M365SL!M365SL.M365ServiceComponent"]/TenantName$</TenantName>
<TLSVersion>$Target/Host/Host/Property[Type="M365SL!M365SL.WatcherNode"]/TLSVersion$</TLSVersion>
<WorkflowName/>
<WriteToEventLog>false</WriteToEventLog>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WA" TypeID="Health!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>0</Severity>
<AlertMessageId>$MPElement[Name="M365SSVC.Service.IncidentMessages.Informational.AlertRule.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/Property[@Name='Service']$</AlertParameter1>
<AlertParameter2>$Data/Property[@Name='Status']$</AlertParameter2>
<AlertParameter3>$Data/Property[@Name='Title']$</AlertParameter3>
<AlertParameter4>$Data/Property[@Name='ImpactDescription']$</AlertParameter4>
<AlertParameter5>$Data/Property[@Name='PublishedTime']$</AlertParameter5>
<AlertParameter6>$Data/Property[@Name='PublishedTimeLocal']$</AlertParameter6>
<AlertParameter7>$Data/Property[@Name='Classification']$</AlertParameter7>
<AlertParameter8>$Data/Property[@Name='ID']$</AlertParameter8>
<AlertParameter9>$Data/Property[@Name='MoreDetails']$</AlertParameter9>
</AlertParameters>
</WriteAction>
</WriteActions>
</Rule>