Share via

How can I deploy alerting from log analytics into Teams using Bicep?

George Flourentzos 0 Reputation points
2025-08-11T16:49:15.4666667+00:00

I am trying to use Bicep in order to deploy an alerting solution that queries a log analytics workspace for error logs, then sends them in a group chat in Teams. This seemingly simple task has turned into a little bit of an ordeal, and I would appreciate some help configuring the final steps of the process.

Process overview:

From what I gather, to get error logs from log analytics to teams I need to:

  1. Set up an alert to query for logs where SeverityLevel >= 3
  2. Create an action group to send the alert to a logic app
  3. Create a logic app...
    1. Get the initial HTTP trigger
    2. Permission the logic app to read from azure monitor
    3. Create an Azure Monitor (passwordless) connection to fetch the actual logs from the log analytics workspace because the initial alert trigger doesn't have it (...?!)
    4. Format the logs into some readable format for Teams (ex an adaptive card)
    5. (Optional) Use an integration account to use JavaScript if the logic app isn't your thing
    6. Create a (hopefully passwordless) Teams connection to send the formatted errors to Teams

I managed to do all this manually on the portal, but now I'm trying to put everything together in Bicep but I can't seem to get it to work.

For my logic app, i have something along these lines:

// actions skipped for brevity
parameters: {
      '$connections': {
        type: 'Object'
        value: {
          azuremonitorlogs: /*i'm guessing this name needs to match references in the "body" of the logic app?*/ {
            id:  azureMonitorConnection.properties.api.id
            connectionId: azureMonitorConnection.id
            connectionName: 'azuremonitorlogs' // what's this for?
            connectionProperties: { // why am i reiterating connection settings since the linked connection resource specifies these?
              authentication: {
                type: 'ManagedServiceIdentity'
              }
            }
          }
          teams: /* same as above */{
            id: teamsConnection.properties.api.id
            connectionId: teamsConnection.id
            connectionName: 'teams' // what's this for?
          }
        }
      }
    }

For the Teams connection, i have this:

resource teamsConnection 'Microsoft.Web/connections@2016-06-01' = {
  name: uname('con', platformName, environmentName, 'teams')
  location: location
  properties: {
    displayName: uname('con', platformName, environmentName, 'teams')
    api: {
      name: uname('mapi', platformName, environmentName, 'teams')
      type: 'Microsoft.Web/locations/managedApis'
      id: subscriptionResourceId('Microsoft.Web/locations/managedApis', location, 'teams')
    }
  }
}

The above seems to deploy ok, although my login is forgotten every time i deploy. I have no idea where it's stored and trying to export a Bicep template from the portal doesn't export anything about it.

For the Azure Monitor connection, i have this:

resource azureMonitorConnection 'Microsoft.Web/connections@2016-06-01' = {
  name: uname('con', platformName, environmentName, 'azuremonitor')
  location: location
  properties: {
    displayName: uname('con', platformName, environmentName, 'azuremonitor')
    parameterValues: {
      name: 'managedIdentityAuth'
    }
    api: {
      name: uname('mapi', platformName, environmentName, 'azuremonitor')
      type: 'Microsoft.Web/locations/managedApis'
      id: subscriptionResourceId('Microsoft.Web/locations/managedApis', location, 'azuremonitorlogs')
    }
  }
}

The above doesn't work for some reason. The error that I get from the deployment is:

{"Code":"BadRequest","Message":"Input parameters are invalid. See details for more information. Details:errorCode: ParameterNotDefined. Message: Parameter 'name' is not allowed on the connection since it was not defined as a connection parameter when the API was registered.","Target":null,"Details":[{"Message":"Input parameters are invalid. See details for more information. Details:errorCode: ParameterNotDefined. Message: Parameter 'name' is not allowed on the connection since it was not defined as a connection parameter when the API was registered."},{"Code":"BadRequest"},{"ErrorEntity":{"ExtendedCode":"14022","MessageTemplate":"Input parameters are invalid. See details for more information. Details:{0}","Parameters":["errorCode: ParameterNotDefined. Message: Parameter 'name' is not allowed on the connection since it was not defined as a connection parameter when the API was registered."],"Code":"BadRequest","Message":"Input parameters are invalid. See details for more information. Details:errorCode: ParameterNotDefined. Message: Parameter 'name' is not allowed on the connection since it was not defined as a connection parameter when the API was registered."}}],"Innererror":null}

I'm not sure which name it's talking about, i tried commenting them out but that doesn't work.

So my questions are:

  • Am I on the right track? Is this how it's supposed to be done? (Or is there perhaps a simpler way?)
  • Has anyone done this before or encountered this error before?

Any help is greatly appreciated. Note: uname above is just a simple string building method to enforce a naming convention, nothing special. platformName would be something like "mycompany" and environmentName something like test and prod.

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.