M365 Monitoring – Filter Service Alerts with Selective Discovery

The current version of the management pack has really cool logic baked into the service incident alert rules so that only one alert should exist at any given time for a specific incident, regardless of how many updates are added to the incident. However, every time an update is provided, the previous alert is closed and replaced by the new one with the new information. This is powerful for staying on top of incident status. But what if you don’t want to be badgered by alerts for unimportant services? Simply don’t discover the unwanted services.

Don’t want alerts from specific Service objects? Don’t discover them.

You will notice that each service has a unique ID. You can modify the Services module configuration by adding a comma-separated list of services to ignore during discovery. When discovery runs next (which should be almost instantaneous if your agent behaves correctly), the unwanted services in the provided list will become UNdiscovered. You should no longer receive alerts for these things because they won’t exist. Any existing, related alerts should vanish.

The unique IDs:

Leave a Reply

Your email address will not be published. Required fields are marked *