SCOM – Forward Alerts to Microsoft Teams

By | April 21, 2020

Today I want to talk about sending Alerts from SCOM to Microsoft Teams. Due to the current situation a lot of companies (that didn’t use Microsoft Teams previously) start using Microsoft Teams and want to have as much data as possible there. Thus it might be interesting to have the (critical) open alerts there as well.

I found some interesting posts on the internet:

I wanted to try this out myself as one of my customers also wanted to see how far we can go with this. Let’s go!

First things first, setup the necessary components in Microsoft Teams:
– Setup a dedicated Team in Microsoft Teams and create a channel. I called the team “Monitoring” and the channel “SCOM Alerts. I will give all relevant users necessary rights on this team

– Right click on the “SCOM Alerts” channel and select “Connectors”

– Search for “incoming webhook” and click Configure

– Give the webhook a name, I choose “SCOM”

– Click Create (make sure to copy the URL, we will need this later on in the powershell script needed for the subscription)

As Microsoft Teams is now configured, we can dive into powershell.

To post a message to Teams we will use the “Invoke-Webrequest” cmdlet from powershell. The message itself is in JSON format. In the message I would like to include: alertname, source, description, alert time, resolutionstate,…
As something extra I also added a “SquaredUp” button that enables you to go directly to the alert in SquaredUp.

I did struggle a bit to include the alert description in the JSON file, as for some alerts including the description resulted in a “Bad request”. This had to do with a “\” included in the description, which is a reserved character. adding a string replace “\” –> “\\” solved the problem. Thanks Cole for pointing that out!

The core of the script is:
# Fill in the Webhook URL here
$SCOM_Hook = ‘[URL goes here]’

# Build the JSON object for the POST – using a “stringwich” ( @”…”@ )to keep it readable.
$content_JSON = @”
{
“title”: “Critical SCOM Alert”,
“text”: “Source: $alertsource”,
“themeColor”: “FF0000”,
“sections”: [{
“title”: “Details”,
“facts”: [{
“name”:”Time Raised”,
“value”:”$alerttime”

},
{
“name”:”ResolutionState”,
“value”:”$alertresolutionstate”
},
{
“name”:”Monitor/Rule”,
“value”:”$alert”
},
{
“name”:”Description”,
“value”:”$alertdescription”
}
]
},
{
“potentialAction”: [
{
“@context”: “http://schema.org”,
“@type”: “OpenUri”,
“name”: “SquaredUp”,
“targets”: [{
“os”: “default”,
“uri”: “$alerturl”
}
]
}
]
}
]
}
“@

Invoke-WebRequest -Uri $SCOM_HOOK -Method POST -Body $content_JSON -ContentType application/json

When your script is finished we can create the necessary components in SCOM (make sure your SCOM servers have internet access to https://outlook.office.com)

  • Create a channel:
    • Full Path of the command file: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    • Command line parameters: \\myserver\myfolder\sendtoteams.ps1 ‘$Data/Context/DataItem/AlertId$’
    • Startup folder: C:\Windows\System32\WindowsPowerShell\v1.0\
  • Create a subscriber for that channel
  • Create a subscription for the subscriber
    • You can include any criteria like you would on any other subscription

When you’re finished, just wait for an alert to fire the subscription
An alert message looks like this in Teams:

Looks even cooler in dark theme:

Extra tip: When using the Teams app on Android or iOS setup Notifications for the SCOM Alerts channel and you will get a push notification when an alert is posted.

If you have any questions, just drop me a line and I’ll be happy to help!

Best regards,
Bert

Leave a Reply

Your email address will not be published. Required fields are marked *