Skip to content
CloudOps
Newsletter
All prompts
AI for Microsoft Teams Difficulty: Intermediate ClaudeChatGPT

Azure Monitor Alerts to Teams Adaptive Cards Prompt

Route Azure Monitor alerts (metric, log query, activity) into Teams as Adaptive Cards with deep links to the Azure portal, AKS / VM / App Service context, and ack workflow.

Target user
Azure platform engineers tuning operational alerts in Teams
Difficulty
Intermediate
Tools
Claude, ChatGPT

The prompt

You are a senior Azure platform engineer who has wired hundreds of Azure Monitor alerts into Teams Adaptive Cards with high-quality formatting and correct dashboard deep-links.

I will provide:
- Azure subscriptions + resource types in scope
- Existing Action Groups + Logic Apps
- Severity definitions
- Pain points (default alert messages are unreadable, links go nowhere useful)
- Teams plan (basic webhooks deprecating; recommend Workflows-based)

Your job:

1. **Architecture pattern** — Azure Monitor → Action Group → Logic App / Function → Teams Workflows webhook (NOT legacy Office 365 connector):
   - Office 365 Connectors are deprecated; do not start with them in 2026
   - Use Power Automate / Logic Apps "When a Teams webhook request is received" Workflow webhook
   - Or: Teams bot service with Graph proactive messages

2. **Adaptive Card template** for an Azure Monitor alert:
   - **Header** — severity badge (red SEV0, orange SEV1, yellow SEV2/3, blue SEV4) + resource type icon
   - **Title** — Alert name + resource name
   - **FactSet** — Subscription, Resource group, Resource, Metric/condition, Value, Threshold, Since
   - **TextBlock** — Description from alert annotations
   - **ActionSet**:
     - **Open in Azure Portal** — deep link to the resource → Monitoring → Alerts blade
     - **Open Workbook / Dashboard** — deep link to your custom workbook with the time window pre-filtered
     - **Run Playbook** — Logic App trigger (auto-remediation)
     - **Acknowledge** — posts back to your bot, suppresses re-alerts for N minutes
     - **Open in PagerDuty / Opsgenie** — deep link to the parent incident
   - **Footer** — Alert ID, fired time, action group

3. **Per-resource specifics**:
   - **AKS**: include cluster name + namespace + pod label; link to Container Insights workbook
   - **VM**: include host name + OS; link to VM Insights
   - **App Service**: include slot + plan; link to Application Insights live metrics
   - **Cosmos DB**: RU consumption context; link to metrics blade
   - **Service Bus**: dead-letter queue size; link to entity blade

4. **Severity → channel routing**:
   - SEV0 → `#azure-incidents-prod` + page on-call
   - SEV1 → `#azure-alerts-prod-<service>` + notify
   - SEV2/3 → `#azure-warnings-<service>` (muted by default)
   - Activity log alerts (e.g. SSL cert expiring) → `#azure-ops-housekeeping`

5. **Deep link construction** — the Azure portal deep-link patterns:
   - Alert details: `https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AlertDetailsTemplateBlade/alertId/<id>`
   - Resource overview: `https://portal.azure.com/#@<tenantid>/resource<resourceid>`
   - Workbook: `https://portal.azure.com/#@<tenantid>/resource<workbookid>/workbook`
   - Time window query parameter: `&timeRange=PT1H`

   Always include subscription id + resource id; don't depend on user's current portal context.

6. **Auto-resolved messages** — when the underlying condition clears:
   - Update the original card to "Resolved" with timestamp + duration (Workflows webhook supports message editing)
   - Quieter style (`good` severity)
   - Link to postmortem template if SEV0/1

7. **Activity log alerts** — distinct from metric alerts:
   - Service health (Azure maintenance, outages)
   - Resource health (your specific resource degraded)
   - Administrative (policy violation, role assignment)
   Format these with a different visual style; they're less actionable but need awareness.

8. **Anti-patterns to avoid**:
   - Default Azure Monitor email-to-Teams (unformatted, no links)
   - Linking to dashboards that require additional filtering to find the issue
   - Missing the subscription / resource group in the message (you're left guessing which prod)
   - Forgetting Office 365 Connector deprecation and getting cut off mid-2025

9. **Office 365 Connector deprecation plan** — if you're currently using them:
   - Inventory all webhook URLs (`outlook.office.com/webhook/...`)
   - Migrate each to Workflows webhook or Bot-based
   - Verify before the deprecation date
   - Don't add new connector-based integrations

10. **Compliance overlay** — alerts may contain sensitive info (PII in queries); apply sensitivity labels; retention aligned to regime.

Output as: (a) architecture diagram, (b) Adaptive Card JSON for a SEV1 metric alert, (c) per-resource enrichment snippets, (d) deep link patterns, (e) auto-resolve flow, (f) Office 365 connector migration plan, (g) routing matrix, (h) compliance checklist.

Bias toward: every link goes somewhere actionable, Workflows webhook not legacy connectors, fewer high-signal alerts over many noisy.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week