在 Azure 门户中创建和管理器操作组Create and manage action groups in the Azure portal

操作组是由 Azure 订阅的所有者定义的通知首选项的集合。An action group is a collection of notification preferences defined by the owner of an Azure subscription. Azure Monitor 和服务运行状况警报使用操作组来通知用户某个警报已触发。Azure Monitor and Service Health alerts use action groups to notify users that an alert has been triggered. 各种警报可以使用相同的操作组或不同的操作组,具体取决于用户的要求。Various alerts may use the same action group or different action groups depending on the user's requirements. 可以在订阅中最多配置 2,000 个操作组。You may configure up to 2,000 action groups in a subscription.

当配置操作来通过电子邮件或短信通知某个人员时,该人员将收到确认,指出其已被添加到操作组。You configure an action to notify a person by email or SMS, they receive a confirmation indicating they have been added to the action group.

本文演示如何在 Azure 门户中创建和管理操作组。This article shows you how to create and manage action groups in the Azure portal.

每个操作包含以下属性:Each action is made up of the following properties:

  • 名称:操作组中的唯一标识符。Name: A unique identifier within the action group.
  • 操作类型:执行的操作。Action type: The action performed. 示例包括发送语音呼叫、短信、电子邮件,或者触发各种类型的自动化操作。Examples include sending a voice call, SMS, email; or triggering various types of automated actions. 请参阅本文下文中的“类型”。See types later in this article.
  • 详细信息:因“操作类型”而异的相应详细信息。Details: The corresponding details that vary by action type.

有关如何使用 Azure 资源管理器模板以配置操作组的信息,请参阅操作组资源管理器模板For information on how to use Azure Resource Manager templates to configure action groups, see Action group Resource Manager templates.

使用 Azure 门户创建操作组Create an action group by using the Azure portal

  1. Azure 门户中,搜索并选择“监视器” 。In the Azure portal, search for and select Monitor. “监视器” 窗格将所有监视设置和数据合并到一个视图中。The Monitor pane consolidates all your monitoring settings and data in one view.

  2. 依次选择“警报” 、“管理操作” 。Select Alerts then select Manage actions.


  3. 选择“添加操作组” ,并填写字段。Select Add action group, and fill in the fields.


  4. 在“操作组名称” 框中输入名称,然后在“短名称” 框中输入名称。Enter a name in the Action group name box, and enter a name in the Short name box. 使用此组发送通知时,短名称被用来代替完整的操作组名称。The short name is used in place of a full action group name when notifications are sent using this group.


  5. “订阅” 框会自动填充当前订阅。The Subscription box autofills with your current subscription. 此“订阅”是在其中保存操作组的订阅。This subscription is the one in which the action group is saved.

  6. 选择在其中保存操作组的“资源组” 。Select the Resource group in which the action group is saved.

  7. 定义一个操作列表。Define a list of actions. 为每个操作提供以下信息:Provide the following for each action:

    1. 名称:输入此操作的唯一标识符。Name: Enter a unique identifier for this action.

    2. 操作类型:选择电子邮件/短信/推送/语音、逻辑应用、Webhook、ITSM 或自动化 Runbook。Action Type: Select Email/SMS/Push/Voice, Logic App, Webhook, ITSM, or Automation Runbook.

    3. 详细信息:根据操作类型,输入电话号码、电子邮件地址、webhook URI、Azure 应用、ITSM 连接或自动化 runbook。Details: Based on the action type, enter a phone number, email address, webhook URI, Azure app, ITSM connection, or Automation runbook. 对于 ITSM 操作,另外指定 ITSM 工具需要的“工作项” 和其他字段。For ITSM Action, additionally specify Work Item and other fields your ITSM tool requires.

    4. 常见警报架构:可以选择启用常见警报架构,它的优点是可以跨 Azure Monitor 中的所有警报服务提供单个可扩展且统一的警报有效负载。Common alert schema: You can choose to enable the common alert schema, which provides the advantage of having a single extensible and unified alert payload across all the alert services in Azure Monitor.

  8. 选择“确定” 创建操作组。Select OK to create the action group.

管理操作组Manage your action groups

创建操作组后,它会显示在“监视器” 边栏选项卡的“操作组” 部分中。After you create an action group, it's visible in the Action groups section of the Monitor pane. 选择要管理的操作组:Select the action group you want to manage to:

  • 添加、编辑或删除操作。Add, edit, or remove actions.
  • 删除操作组。Delete the action group.

特定于操作的信息Action specific information


有关以下每项的数值限制,请参阅用于监视的订阅服务限制See Subscription Service Limits for Monitoring for numeric limits on each of the items below.

Azure 应用推送通知Azure app Push Notifications

一个操作组中可以存在有限数量的 Azure 应用操作。You may have a limited number of Azure app actions in an Action Group.


将从以下电子邮件地址发送电子邮件。Emails will be sent from the following email addresses. 确保电子邮件筛选正确配置Ensure that your email filtering is configured appropriately

  • azure-noreply@microsoft.com
  • azureemail-noreply@microsoft.com
  • alerts-noreply@mail.windowsazure.com

一个操作组中可以存在有限数量的电子邮件操作。You may have a limited number of email actions in an Action Group. 请参阅速率限制信息一文。See the rate limiting information article.

电子邮件 Azure 资源管理器角色Email Azure Resource Manager Role

向订阅角色的成员发送电子邮件。Send email to the members of the subscription's role.

一个操作组中可以存在有限数量的电子邮件操作。You may have a limited number of email actions in an Action Group. 请参阅速率限制信息一文。See the rate limiting information article.


配置为操作的 Function App 的函数密钥通过函数 API 读取。目前,这需要 v2 函数应用将应用设置“AzureWebJobsSecretStorageType”配置为“files”。The function keys for Function Apps configured as actions are read through the Functions API, which currently requires v2 function apps to configure the app setting “AzureWebJobsSecretStorageType” to “files”. 有关详细信息,请参阅 Functions V2 中对密钥管理的更改For more information, see Changes to Key Management in Functions V2.

一个操作组中可以存在有限数量的 Function 操作。You may have a limited number of Function actions in an Action Group.

逻辑应用Logic App

一个操作组中可以存在有限数量的逻辑应用操作。You may have a limited number of Logic App actions in an Action Group.

安全 WebhookSecure Webhook

安全 Webhook 功能目前为预览版。The Secure Webhook functionality is currently in Preview.

可以通过“操作组 Webhook”操作利用 Azure Active Directory 来保护操作组和受保护 Web API(Webhook 终结点)之间的连接。The Action Groups Webhook action enables you to take advantage of Azure Active Directory to secure the connection between your action group and your protected web API (webhook endpoint). 利用此功能的完整工作流如下所述。The overall workflow for taking advantage of this functionality is described below. 有关 Azure AD 应用程序和服务主体的概述,请参阅 Microsoft 标识平台 (v2.0) 概述For an overview of Azure AD Applications and service principals, see Microsoft identity platform (v2.0) overview.

  1. 针对受保护的 Web API 创建 Azure AD 应用程序。Create an Azure AD Application for your protected web API. 请参阅See here.

    • 将受保护的 API 配置为通过守护程序应用进行调用。Configure your protected API to be called by a daemon app.
  2. 允许操作组使用 Azure AD 应用程序。Enable Action Groups to use your Azure AD Application.


    你必须是 Azure AD 应用程序管理员角色的成员才能执行此脚本。You must be a member of the Azure AD Application Administrator role to execute this script.

    • 修改 PowerShell 脚本的 Connect-AzureAD 调用,以便使用 Azure AD 租户 ID。Modify the PowerShell script's Connect-AzureAD call to use your Azure AD Tenant ID.
    • 修改 PowerShell 脚本的变量 $myAzureADApplicationObjectId,以便使用 Azure AD 应用程序的对象 ID。Modify the PowerShell script's variable $myAzureADApplicationObjectId to use the Object ID of your Azure AD Application
    • 运行修改的脚本。Run the modified script.
  3. 配置操作组保护 Webhook 操作。Configure the Action Group Secure Webhook action.

    • 从脚本中复制 $myApp.ObjectId 值,将其输入 Webhook 操作定义的“应用程序对象 ID”字段中。Copy the value $myApp.ObjectId from the script and enter it in the Application Object ID field in the Webhook action definition.

    保护 Webhook 操作

保护 Webhook PowerShell 脚本Secure Webhook PowerShell Script

Connect-AzureAD -TenantId "<provide your Azure AD tenant ID here>"
# This is your Azure AD Application's ObjectId. 
$myAzureADApplicationObjectId = "<the Object Id of your Azure AD Application>"
# This is the Action Groups Azure AD AppId
$actionGroupsAppId = "461e8683-5575-4561-ac7f-899cc907d62a"
# This is the name of the new role we will add to your Azure AD Application
$actionGroupRoleName = "ActionGroupsSecureWebhook"
# Create an application role of given name and description
Function CreateAppRole([string] $Name, [string] $Description)
    $appRole = New-Object Microsoft.Open.AzureAD.Model.AppRole
    $appRole.AllowedMemberTypes = New-Object System.Collections.Generic.List[string]
    $appRole.DisplayName = $Name
    $appRole.Id = New-Guid
    $appRole.IsEnabled = $true
    $appRole.Description = $Description
    $appRole.Value = $Name;
    return $appRole
# Get my Azure AD Application, it's roles and service principal
$myApp = Get-AzureADApplication -ObjectId $myAzureADApplicationObjectId
$myAppRoles = $myApp.AppRoles
$actionGroupsSP = Get-AzureADServicePrincipal -Filter ("appId eq '" + $actionGroupsAppId + "'")

Write-Host "App Roles before addition of new role.."
Write-Host $myAppRoles
# Create the role if it doesn't exist
if ($myAppRoles -match "ActionGroupsSecureWebhook")
    Write-Host "The Action Groups role is already defined.`n"
    $myServicePrincipal = Get-AzureADServicePrincipal -Filter ("appId eq '" + $myApp.AppId + "'")
    # Add our new role to the Azure AD Application
    $newRole = CreateAppRole -Name $actionGroupRoleName -Description "This is a role for Action Groups to join"
    Set-AzureADApplication -ObjectId $myApp.ObjectId -AppRoles $myAppRoles
# Create the service principal if it doesn't exist
if ($actionGroupsSP -match "AzNS AAD Webhook")
    Write-Host "The Service principal is already defined.`n"
    # Create a service principal for the Action Groups Azure AD Application and add it to the role
    $actionGroupsSP = New-AzureADServicePrincipal -AppId $actionGroupsAppId
New-AzureADServiceAppRoleAssignment -Id $myApp.AppRoles[0].Id -ResourceId $myServicePrincipal.ObjectId -ObjectId $actionGroupsSP.ObjectId -PrincipalId $actionGroupsSP.ObjectId
Write-Host "My Azure AD Application ($myApp.ObjectId): " + $myApp.ObjectId
Write-Host "My Azure AD Application's Roles"
Write-Host $myApp.AppRoles

后续步骤Next steps