Home
  •  

Office 365 Alert Autoclose rule

Microsoft.SystemCenter.O365.Rules.AlertAutoclose (Rule)

Rule is used to process list of all Events for the Subscription via Office 365 API and close obsolete Alerts in Operations Manager

Knowledge Base article:

Summary

The rule calls Office 365 Management API to get list of Resolved Incidents and Messages for the Subscription.

Rule also checks each Alert targeted to the Subscription in Operations Manager and verifies that corresponding Event, Incident or Message exists in Office 365 monitoring data.

Rule automatically closes all Alerts in Operations Manager that has no corresponding Events (e.g. obsolete Alerts)

Additionally rule can be configurated to close alerts for resolved incidents and messages older than certain threshold (see 'Max Alert Age' override).

You can disable this rule using Override to avoid automated Alerts closing.

Element properties:

TargetMicrosoft.SystemCenter.O365.Subscription
CategoryAlert
EnabledTrue
Alert GenerateTrue
Alert SeverityInformation
Alert PriorityLow
RemotableTrue
Alert Message
Resolved incident has been closed automatically
The incident does no longer exist and was closed

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.SystemCenter.O365.DataSource.AlertAutoclose Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.SystemCenter.O365.Rules.AlertAutoclose" Enabled="true" Target="Microsoft.SystemCenter.O365.Subscription" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Alert</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Microsoft.SystemCenter.O365.DataSource.AlertAutoclose">

      <TimeOut>300</TimeOut>

      <IntervalSeconds>86400</IntervalSeconds>

      <SyncTime/>

      <SubscriptionId>$Target/Property[Type="Microsoft.SystemCenter.O365.Subscription"]/SubscriptionId$</SubscriptionId>

      <MaxAlertAge>0</MaxAlertAge>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>0</Priority>

      <Severity>0</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.SystemCenter.O365.AlertAutoclose.AlertMessage"]$</AlertMessageId>

    </WriteAction>

  </WriteActions>

</Rule>