The rule is used to process the list of all Events for the Subscription via Microsoft 365 API and to close obsolete Alerts in the Operations Manager.
The rule calls Microsoft 365 Management API to get the list of Resolved Incidents and Messages for the Subscription.
The rule also checks each Alert targeted to the Subscription in the Operations Manager, and verifies that a corresponding event exists in Microsoft 365 monitoring data.
The rule automatically closes all Alerts that have no corresponding Events (e.g. resolved incidents that have not been updated during the period specified by the threshold measured in seconds).
Additionally, the rule can be configured to close alerts for resolved incidents and messages, which appear to be older than a certain threshold (see 'Max Alert Age (seconds)' overrides).
You can disable this rule using Override to avoid automatic closing of the Alerts.
An error state is caused by having issues with connecting to Microsoft 365 API EndPoint. It can be caused by the following:
Issues with global connection to Microsoft 365 API EndPoint.
Credentials for Microsoft 365 Subscriptions account are not correct.
Microsoft 365 Subscriptions account is not allowed to get data from Microsoft 365 EndPoint API.
Resolution depends on the specific error. Verify and/or fix the following:
Connectivity to Microsoft 365 API, including firewall and proxy settings.
Credentials for Microsoft 365 subscription may need to be changed or updated.
Update permissions for the Microsoft 365 API subscription.
Target | Microsoft.SystemCenter.M365.Subscription | ||
Category | Alert | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Information | ||
Alert Priority | Low | ||
Remotable | True | ||
Alert Message |
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.SystemCenter.M365.DataSource.AlertAutoclose | Default |
Alert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.SystemCenter.M365.Rules.AlertAutoclose" Enabled="true" Target="Microsoft.SystemCenter.M365.Subscription" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Alert</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.SystemCenter.M365.DataSource.AlertAutoclose">
<TimeoutSeconds>300</TimeoutSeconds>
<IntervalSeconds>86400</IntervalSeconds>
<SyncTime/>
<SubscriptionId>$Target/Property[Type="Microsoft.SystemCenter.M365.Subscription"]/SubscriptionId$</SubscriptionId>
<MaxAlertAge>604800</MaxAlertAge>
<AuthorityUrl>$Target/Property[Type="Microsoft.SystemCenter.M365.Subscription"]/AuthorityUri$</AuthorityUrl>
<MicrosoftGraphUrl>$Target/Property[Type="Microsoft.SystemCenter.M365.Subscription"]/ManagementServiceUri$</MicrosoftGraphUrl>
<TenantId>$Target/Property[Type="Microsoft.SystemCenter.M365.Subscription"]/TenantId$</TenantId>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">
<Priority>0</Priority>
<Severity>0</Severity>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="Microsoft.SystemCenter.M365.AlertAutoclose.AlertMessage"]$</AlertMessageId>
</WriteAction>
</WriteActions>
</Rule>