Sending a log search alert with cross tenant target resource will no longer be supported
Published date: February 21, 2024
Log search alerts are a feature of Azure Monitor that allow you to create alert rules based on the results of log queries. You can specify a target resource for each alert rule, which is the resource that will receive the alert notification and the alert context.
Currently, if you configure a log search alert rule with a cross tenant target resource, the alert is generated and sent to the target resource even though there are no permissions to investigate this alert.
As of March 15, 2024, this behavior will change and sending a log search alert with a cross tenant target resource (except for the lighthouse case) will no longer be supported. Alerts will not be sent to unauthorized target resources, and log search alert rules with an unauthorized target will be ignored. This will ensure that only authorized users can receive and investigate log search alerts.
If you have any log search alert rules with cross tenant target resources, you should update them before March 15, 2024 to avoid losing alert notifications. You can either change the target resource, or use the lighthouse feature to delegate access to the target resource.
Help and support
If you have questions, get answers from community experts in Microsoft Q&A. If you have a support plan and you need technical help, create a support request.