Let’s send some SCOM alerts to Microsoft Teams

Microsoft Teams is a great way to keep your technical support teams informed about incidents and events occurring in your server environment.

Today we will discuss how to integrate SCOM alerts to a Microsoft Teams channel making use of incoming webhooks or alternatively e-mail.

Wait…what is an incoming webhook?

A webhook acts as a special kind of connector in Microsoft Teams and enables external applications or 3rd party software to share content in Microsoft Teams channels. It provides applications with real-time information, meaning you get data immediately.

Some interesting facts about webhooks:

Messages are formatted as JSON payloads which is a declarative messaging structure. This prevents the injection of malicious code because there is no code execution on the client side.

Any framework that can send HTTPS Post requests can send messages to a Microsoft Teams channel.

Webhooks have markdown support which enables you to do some basic formatting. We will dig into this just now.

Let’s configure the Microsoft Teams Channel:

I have created a Microsoft Teams channel called SCOM Alert Integration (CONTOSO). It comes standard with the general channel as below. This is where you can add more channels like Active Directory, SQL, Exchange etc. if you have different support teams looking after these technologies.

To add a webhook to the channel, right-click on the General (or technology specific) channel and select Connectors:

In the search field, look for webhook. From the search results, click on Add / Configure next to Incoming Webhook.

Provide a name for the incoming Webhook. You have the option to change to logo as well. Afterwards, click on create. I used the term SCOMAlerts.

After creation, copy the unique Webhook URL which we will use to create our SCOM command channel:

Let’s configure the SCOM Command Channel:

We are almost ready to start sending SCOM alerts to Microsoft Teams. We first need to create a SCOM Notification Channel. We will be making use of the Command option.

I used the term SendToTeams to name my Notification channel. At this stage, you may want to create a command channel for each technology stream that will send to different Microsoft Teams channels.

The Settings page is where the actual fun begins. This is where you get to choose which alert dynamic fields are included in your notification. Remember these? Quite familiar, aren’t they?

I use the following settings to complete the command channel:
For the Full path of the command file:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Command line parameters (be sure to replace the webhook URL with your own unique webhook):

-Command ” &{Invoke-RestMethod -Method Post -Uri ‘https://outlook.office.com/webhook/123456@123456/IncomingWebhook/123456/123456’ -Body (ConvertTo-Json -InputObject @{‘Title’=’$Data[Default=’Not Present’]/Context/DataItem/ManagedEntityPath$\$Data[Default=’Not Present’]/Context/DataItem/ManagedEntityDisplayName$ : $Data[Default=’Not Present’]/Context/DataItem/AlertName$’;’Text’=’Resolution State: $Data[Default=’Not Present’]/Context/DataItem/ResolutionStateName$
Time Raised: $Data[Default=’Not Present’]/Context/DataItem/TimeRaisedLocal$
Alert Description: $Data[Default=’Not Present’]/Context/DataItem/AlertDescription$
Alert Severity: $Data[Default=’Not Present’]/Context/DataItem/Severity$
Last Modified Time: $Data[Default=’Not Present’]/Context/DataItem/LastModifiedLocal$’}) -ErrorAction Stop}”

Bear in mind you may include markup in the above to create new lines <BR> and to use bold text <B> as an example.

The startup folder for the command line:
C:\Windows\System32\WindowsPowerShell\v1.0\

Your last steps would be to create a subscriber that makes use of the above command channel and a subscription that makes use of the subscriber (command action). Inside the subscription, you get to choose the actual alerts that are forwarded, just like any other SCOM subscription.

The results:

Depending on which dynamic alert fields you include, the results inside Microsoft Teams may look like this:

Wait…you said e-mail is also an option:

Indeed. Each Microsoft Teams channel includes a unique e-mail address which opens up the door to customers who prefer to use SMTP. You obtain the unique e-mail address by right clicking on the channel and selecting Get email address.

Use this unique e-mail address to create a SMTP notification channel.

Herewith some of the limits and troubleshooting options when making use of email:

https://support.office.com/en-us/article/send-an-email-to-a-channel-in-teams-d91db004-d9d7-4a47-82e6-fb1b16dfd51e

What is next?

In my next post, I will make use of the above options to send Azure Monitor Alerts to Microsoft Teams in order to notify support teams about incidents in their cloud environment.

Author