Have you created a Log Alert recently? You might have noticed a new section under “Details” of the alert. Managed Identity has been added to Log Alerts, to allow you to set a context in which the Log Alert query will run in. This setting is currently in preview and you can read more about it here.
One interesting bit from the docs:
- If you don’t use a managed identity, the alert rule permissions are based on the permissions of the last user to edit the rule, at the time the rule was last edited.
This makes me wonder about all the alerts I created at customers. If they just stopped working when they disabled my account. Did they realize it?
As you can imagine there are a host of things to consider with this addition. The reason this is being added though, is to allow access to things like Azure Data Explorer. Yes, you can now create Azure Monitor Log Alerts while querying Azure Data Explorer. Thats really cool and will allow many new scenarios to alert on.
System, or user managed? Personally, I lean towards System managed because its tied only to that one single alert, and if you delete the alert the system identity is also deleted. But if you use User assigned, and you delete the alert the User assigned identity is not deleted.
Be sure to follow the docs closely, as the Identity you use, System or User, needs to have specific roles for the Alert to function correctly.