Create a Webhook from Azure Alerts to a Logic App

This is part 2 in the scenario Perform Automation Based on Device Enrollment in Microsoft Intune.

This post describes how to take the Azure Alert configured in Using Log Analytics to Generate Alerts for Each New Intune Device Enrollment, and send it to a webhook-enabled Logic App.

Remind me, Greg, why would I want to do such a thing?

This all goes back to the scenario, and our goal to create/update an asset record in ServiceNow based on a new device enrollment in Intune. For this post, we have an alert from part 1, so now we need to take that alert and generate a webhook to a Logic App.

Figure 1 – Creating a webhook from Azure Alerts to a Logic App

And that’s the high-level description. Now let’s get into the details for HOW to make this happen.

Prerequisites

To perform the steps in this post, complete all the steps and prerequisites in part 1, Using Log Analytics to Generate Alerts for Each New Intune Device Enrollment.

Create a Logic App with Webhook

First, we create the Logic App so that we can configure the Azure alert to call the webhook.

  1. In the Azure portal, navigate to Logic Apps and click Add.
  2. Select the desired Resource group (use the same one as in part 1!), Location, and enter a Logic App name of DeviceEnrollment as shown in Figure 2.
  3. Select Review + Create and then Create.
Figure 2 – Create a new Logic App
  1. Within a few seconds, you’ll receive the message that Your deployment is complete, then select Go to resource.
  2. The Logic Apps Designer page will appear with an option to Start with a common trigger. Choose the option When a HTTP request is received, as shown in Figure 3.
Figure 3 – Create a Logic App using the HTTP trigger
  1. The Logic Apps Designer will appear as shown in Figure 4. Leave it just as it is and click Save. You’ll notice that the text in the gray box will change to a real URL once you save the Logic App. (For this process, there’s no need to copy the URL, because this integrates nicely with Azure Monitor).
Figure 4 – Logic App with Webhook

Congrats! You created a Logic App! Granted, it’s pretty basic, but we’ll be building on it very soon.

Configure Azure Alert with HTTP Trigger

Now we’re going to configure the Azure Alert to call this webhook for the alert created in part 1.

  1. In the Azure portal, navigate to Alerts.
  2. Click Manage Alert Rules as shown in Figure 5
Figure 5 – Manage alert rules
  1. Locate the rule created in part 1 (we called it New Device Enrolled).
  2. In the ACTION GROUPS section, click Create as shown in Figure 6.
Figure 6 – Create a new action
  1. In the Add action group pane, enter an Action group name, Short name, Resource group (the same one used earlier) and enter DeviceEnroll for the action name, as shown in Figure 7.
Figure 7 – Add action group
  1. Next, select the drop-down for Action type and choose LogicApp.
  2. In the small frame, select the Resource group (the same one used earlier).
  3. In the Select a logic app option, choose the Logic App created earlier (we called it DeviceEnrollment).
  4. Select Yes for Enable the common alert schema. Click the link to Learn more about the common alert schema – we’ll need that information for the Logic App webhook integration.
  5. Verify settings as shown in Figure 8 and select OK.
  6. Click OK to save settings on the Add action group pane.
Figure 8 – Configure the Action Type

Congratulations! You now have an alert that will make a call to a Logic App! You have now configured everything in the blue box shown in Figure 9.

Figure 9 – Progress in the scenario to update ServiceNow based on Intune Device Enrollment

Stay tuned for the next post, where we’ll start processing the alert data.

Greg