Create an e-mail alert/sms when someone logging into an Azure Windows Virtual Machine
It is possible to create an alert and send to the desired email/sms etc. when a user logins the azure virtual machine.
Here is how I am setting it up to get an email alert to inform a logging alert.
In your azure console, open VM Blade >Monitoring> Diagnostic settings>Enable Guest Level Monitoring. Make sure that you have a storage account at the same region
‘Enable’ Insights under Monitoring>Insights
Monitoring>Alerts->Create New Alert Rule
Click Create Alert Rule
Select a Signal > Custom Log Search and add use the following query
VMConnection | where Direction == "inbound" | where Protocol == "tcp" | where DestinationPort == 3389
Create an Action Group to send alerts
Select the preferred way of getting alerts
The email address configured will receive a notification on the inclusion in the email alert list as below
Select the preferred Alert Logic
Set Alert details as per the preference
Now you are ready to save the alert rules. It may take couple of minutes to start getting the alerts. Then you will start receiving the alerts something like follows when there is an RDP connection detected like following message in your inbox
No responses yet