Create an an e-mail alert/sms when someone logging into an Azure Windows Virtual Machine

It is possible to create an alert and send to the desired email/sms etc. when a user logins the azure virtual machine.
Here is how I am setting it up to get an email alert to inform a logging alert.
In your azure console, open VM Blade >Monitoring> Diagnostic settings>Enable Guest Level Monitoring. Make sure that you have a storage account at the same region
181285-image.png
‘Enable’ Insights under Monitoring>Insights
181286-image.png

Monitoring>Alerts->Create New Alert Rule
181331-image.png

Click Create Alert Rule

Select a Signal > Custom Log Search and add use the following query

 VMConnection | where Direction == "inbound" | where Protocol == "tcp" | where DestinationPort == 3389
181341-image.png

Create an Action Group to send alerts
181294-image.png
Select the preferred way of getting alerts
181295-image.png

The email address configured will receive a notification on the inclusion in the email alert list as follows


Select the preferred Alert Logic
181351-image.png

Set Alert details as per the preference
181240-image.png

Now you are ready to save the alert rules. It may take couple of minutes to start getting the alerts. Then you will start receiving the alerts something like follows when there is an RDP connection detected like following message in your inbox
181288-image.png

Tags:

No responses yet

Leave a Reply

Your email address will not be published.

Recent Comments
Add External Contacts in Microsoft Teams