From ff30e1a68d1165478c9af3221a2badc87c45ed65 Mon Sep 17 00:00:00 2001
From: staleycyn <45440075+staleycyn@users.noreply.github.com>
Date: Wed, 17 Jan 2024 08:07:47 -0800
Subject: [PATCH] Update LAB_11-Implement_Monitoring.md

---
 .../Lab/LAB_11-Implement_Monitoring.md        | 61 +++++++++++--------
 1 file changed, 35 insertions(+), 26 deletions(-)

diff --git a/New Instructions/Lab/LAB_11-Implement_Monitoring.md b/New Instructions/Lab/LAB_11-Implement_Monitoring.md
index b5ce7098..76a3c385 100644
--- a/New Instructions/Lab/LAB_11-Implement_Monitoring.md	
+++ b/New Instructions/Lab/LAB_11-Implement_Monitoring.md	
@@ -31,9 +31,9 @@ There is an interactive lab simulation that you might find useful for this topic
 ## Tasks
 
 + Task 1: Provision the lab environment.
-+ Task 2: Create the Azure activity log alert.
++ Task 2: Create an alert.
 + Task 3: Trigger the alert.
-+ Task 4: Add an alert rule.
++ Task 4: Add an alert processing rule.
 + Task 5: Use Azure Monitor log queries.
 
 ## Task 1: Provision the lab environment
@@ -84,13 +84,11 @@ In this task, you will deploy a virtual machine that will be used to test monito
 
 1. It will take a few minutes for the virtual machine agent to install and configure, proceed to the next step. 
    
-## Task 2: Create the Azure activity log alert
+## Task 2: Create an alert
 
 In this task, you create an alert for when a virtual machine is deleted. 
 
-1. On the Azure portal search for and select **Monitor**. 
-
-1. In the Monitor menu, select **Alerts**. 
+1. Continue on the **Monitor** page , select **Alerts**. 
 
 1. Select **Create +** and select **Alert rule**. 
 
@@ -100,15 +98,19 @@ In this task, you create an alert for when a virtual machine is deleted.
 
 1. Search for and select **Delete Virtual Machine (Virtual Machines)**. Notice the other built-in signals. Select **Apply**
 
-1. You want to receive alerts of all types, so leave **Alert logic** settings at their default of **All selected**.
+1. In the **Alert logic** area review the **Event level** selections. Leave the default of **All selected**.
+
+1. Review the **Status** selections. Leave the default of **All selected**.
 
 1. Leave the **Create an alert rule** pane open for the next task.
 
 ## Task 3: Add an email alert action
 
-In this task, if the alert is triggered an email notification  sent to the operations team. 
+In this task, if the alert is triggered send an email notification to the operations team. 
 
-1. On the **Create an alert rule** pane, select the **Next: Actions** button, and select **Create action group**. 
+1. Continue working on your alert. Select **Next: Actions**, and then select **Create action group**.
+
+    >**Did you know?** You can add up to five action groups to an alert rule. Action groups are executed concurrently, in no specific order. Multiple alert rules can use the same action group. 
 
 1. On the **Basics** tab, enter the following values for each setting.
 
@@ -127,21 +129,23 @@ In this task, if the alert is triggered an email notification  sent to the opera
     | Setting | Value |
     |---------|---------|
     | Notification type | Select **Email/SMS message/Push/Voice** |
-    | Name | **VM was deleted** |
+    | Name | `VM was deleted` |
 
 1. Select **Email**, and in the **Email** box, enter your email address, and then select **OK**. 
 
-1. In the **Create an alert rule** pane select the **Next: Details** button and enter the following values for each setting.
+1. Select **Review + create** to validate your input, then select **Create**.
+
+    >**Note:** You should receive an email notification saying you were added to an action group. There may be a few minutes delay, but that is a sure sign the rule has deployed.
+
+1. Once the action group is created move to the **Next: Details** tab and enter the following values for each setting.
 
     | Setting | Value |
     |---------|---------|
-    | Alert rule name | **VM was deleted** |
-    | Description | **A VM in your resource group was deleted** |
+    | Alert rule name | `VM was deleted` |
+    | Description | `A VM in your resource group was deleted` |
 
 1. Select **Review + create** to validate your input, then select **Create**.
 
-    >**Note:** You should receive an email notification saying you were added to an action group. There may be a few minutes delay, but that is a sure sign the rule has deployed. 
-
 ## Task 4: Trigger the alert
 
 In this task, you trigger the alert and confirm a notification is sent. 
@@ -161,16 +165,16 @@ In this task, you trigger the alert and confirm a notification is sent.
 1. You should receive a notification email that reads, **Important notice: Azure Monitor alert VM was deleted was activated...** If not, open your email program and look for an email from azure-noreply@microsoft.com.
 
     ![Screenshot of alert email.](../media/az104-lab11-alert-email.png)
-
-   >**Note:** It can take a few minutes for the alert email to be sent and for the alerts to be updated in the portal. If you don't want to wait, continue to the next task and then return. 
    
 1. On the Azure portal resource menu, select **Monitor**, and then select **Alerts** in the menu on the left.
 
 1. You should have three verbose alerts that were generated by deleting **vm0**.
 
+   >**Note:** It can take a few minutes for the alert email to be sent and for the alerts to be updated in the portal. If you don't want to wait, continue to the next task and then return. 
+
 1. Select the name of one of the alerts (For example, **VM was deleted**). An **Alert details** pane appears that shows more details about the event.
 
-## Task 5: Add an alert rule
+## Task 5: Add an alert processing rule
 
 In this task, you create an alert rule to suppress notifications during a maintenance period. 
 
@@ -210,25 +214,30 @@ In this task, you will use Azure Monitor to query the data captured from the vir
 
 1. In the Azure portal, search for and select `Monitor` blade, click **Logs**.
 
-1. In the **Queries** window, select **Virtual machines** (left pane). If necessary, close the splash screen. 
+1. If necessary close the splash screen. 
 
-1. Reveiw the queries that are available. **Run** (hover over the query) the **Count heartbeats** query.
+1. Select a scope, your **resource group**. 
+
+1. In the **Queries** tab, select **Virtual machines** (left pane). 
+
+1. Review the queries that are available. **Run** (hover over the query) the **Count heartbeats** query.
 
 1. You should receive a heartbeat count for when the virtual machine was running.
 
 1. Review the query. This query uses the *heartbeat* table. 
 
 1. Replace the query with this one, and then click **Run**. Review the resulting chart.
-   
+
    ```sh
    // Virtual Machine available memory
    // Chart the VM's available memory over the last hour.
-   InsightsMetrics
-   | where TimeGenerated > ago(1h)
-   | where Name == "AvailableMB"
-   | project TimeGenerated, Name, Val
-   | render timechart
+   InsightsMetrics \
+   | where TimeGenerated > ago(1h) 
+   | where Name == "AvailableMB" 
+   | project TimeGenerated, Name, Value 
+   | render timechart 
    ```
+
 1. As you have time, review and run other queries.
 
     >**Note**: Notice uou can configure an alert rule based on a query.