Azure Monitor fires the alert. Halo opens the ticket.
Halo's native Azure Monitor integration turns cloud alerts into fully-formed tickets automatically — with configurable field mappings, bidirectional status sync, and no extra cost on your Halo licence.
✓ Alert-to-ticket automation✓ Configurable field mappings✓ Auto-close when alert resolves✓ Secure webhook auth (Entra ID)✓ Set default ticket type and owner✓ Native — included in every licence
What you get
From cloud alert to service desk ticket in seconds.
When Azure Monitor fires — a VM going unresponsive, an application throwing errors, a metric threshold breached — Halo creates the ticket immediately. Your team responds to the problem, not to the noise of trying to log it.
Ticket Creation
Alert fires. Ticket appears. No one has to do anything.
Azure Monitor sends a webhook to Halo the moment an alert fires. Halo receives it and creates a ticket automatically — no email to parse, no manual logging, no alert lost in an inbox.
✓Ticket created instantly on webhook receipt
✓Default ticket type, assignee, and status configurable
✓Works with any Azure Monitor alert action group
Field Mapping
Alert data mapped straight into your Halo custom fields.
Configure field mappings to pull data from the Azure Monitor alert payload into any custom field in Halo. Whatever context matters to your team, surfaced in the ticket from the moment it's created.
✓Map alert properties to Halo custom fields
✓Full alert context available in ticket at creation
✓Configurable per deployment — no coding required
Bidirectional Sync
Alert resolves in Azure. Ticket closes in Halo. Automatically.
When the alert condition clears in Azure Monitor, Halo receives the resolved state and automatically closes the ticket. No stale open incidents cluttering the queue. No manual tidying after the fact.
✓Ticket auto-closed when Azure alert resolves
✓Keeps Halo queue clean without manual effort
✓Fired and resolved states both handled via the webhook
The detail
Everything the integration delivers.
The full feature set — active from day one, included in your Halo licence, no middleware required.
Automated ticket creation
Azure Monitor sends a webhook to Halo when an alert fires. Halo creates a ticket instantly — no email, no manual logging, no alert going unactioned.
Configurable field mappings
Map data from the Azure Monitor alert payload into custom fields in Halo. Any alert property can be surfaced in the ticket at the moment it is created.
Auto-close on alert resolution
When the alert condition clears, Azure Monitor sends a resolved state via the webhook. Halo closes the ticket automatically — keeping queues clean without manual intervention.
Default ticket type and ownership
Set the default ticket type (incident, service request, or custom), assigned user, and status applied to every ticket created from an Azure Monitor alert.
Secure webhook authentication
Supports both standard and secure webhook options. Secure mode authenticates via an Entra ID app registration — tenant and application ID used to issue a version 2 access token.
Common alert schema required
Azure Monitor's common alert schema must be enabled on the action. This standardises the payload structure so Halo can reliably parse every alert regardless of signal type.
Webhook URL generated by Halo
Halo generates the webhook endpoint URL from its configuration page. Copy it into Azure Monitor — no external tools, no middleware, no separate API keys to manage.
Alert-selective routing
Only alerts assigned to your Halo action group route to Halo. Configure the action group selectively in Azure Monitor — full control over which alerts create tickets.
First-party — no extra cost
Built and maintained by Halo's engineering team. Included in your standard Halo licence — no connector fees, no integration subscriptions, no third-party tooling required.
Getting connected
How the integration is configured
Setup is split between Halo and Azure Monitor. No middleware required — Halo generates the webhook endpoint, you add it to an Azure Monitor alert action group. Allied ESM can scope and configure this as part of your project.
1
Enable Azure Monitor in Halo
In Halo, go to Configuration → Integrations → Asset Management and Alerting. Hover over the Azure Monitor icon and click the plus to enable it. The icon turns from grey to coloured when active. Open the integration settings to continue.
2
Copy your webhook URL
The Azure Monitor Setup tab displays the webhook URL Halo has generated for your environment. Copy this — you'll paste it into your Azure Monitor action group in step 4. If you're using Secure Webhook authentication, the tenant and application ID fields will also appear here.
If using Secure Webhook, the Entra ID app registration must be single-tenanted and must have api.requestedAccessTokenVersion set to 2 in its manifest file.
3
Set defaults and field mappings
In Halo's integration settings, configure the default ticket type, assigned user, and status for tickets created from Azure Monitor alerts. Then set up any field mappings — choose which properties from the alert payload should populate custom fields in Halo.
4
Add the webhook to an Azure Monitor action group
In Azure Monitor, create or edit an Alert Action Group. Add a Webhook action (or Secure Webhook for authenticated calls) and paste the URL from step 2. Assign the action group to the alerts you want to route into Halo.
Enable common alert schema. This must be turned on for each webhook action — without it, the alert payload will not be processed by Halo.
5
Test and go live
Trigger a test alert from Azure Monitor and verify the ticket appears in Halo with the correct type, assignee, and field values. Confirm the ticket closes when the alert resolves. Once validated, the integration is live for every alert using that action group.
Allied ESM configures this for you
Allied ESM can scope and configure the full Halo + Azure Monitor integration — Halo module setup, field mapping configuration, Azure action group setup, secure webhook authentication, and end-to-end testing. Whether it's part of a new implementation or being added to an existing environment, we'll handle it properly.
Real-world uses
Three ways this changes the day-to-day.
The most common ways teams put the Halo + Azure Monitor integration to work from go-live.
01
A virtual machine goes unresponsive at 3am. An incident is already open before anyone is paged.
Azure Monitor detects a VM heartbeat failure and fires a Critical alert. The webhook posts to Halo — a ticket is created and assigned to the on-call team, with alert details mapped into Halo custom fields. When the engineer checks their phone, the ticket is waiting with full context. When Azure resolves the alert, Halo closes the ticket automatically.
Azure alert fires→Ticket created→Auto-closed on resolution
02
An application performance threshold breach is caught before it becomes a user-facing outage.
Azure Monitor fires a Warning alert when application response time exceeds a threshold. The webhook creates a Halo ticket with the relevant context already in the custom fields. An engineer investigates, identifies a slow database query, and resolves it before any end users are impacted. The alert clears and Halo closes the ticket.
Perf threshold breached→Ticket + context created→Resolved before impact
03
A service health alert for an Azure region outage lands in Halo within seconds of Microsoft posting it.
Azure Monitor's service health alerts fire when Microsoft reports an issue in a region or service your organisation depends on. The webhook routes it into Halo as a Major Incident — pre-assigned to the right team, with the affected service and region in the ticket. The team communicates to stakeholders from within Halo without any manual entry at a stressful moment.
Service health alert→Major incident raised→Team informed instantly
Common questions
Frequently asked questions
Is the Azure Monitor integration included in every Halo licence?
Yes. The Azure Monitor integration is a native, first-party Halo integration included in the standard monthly licence. There is no middleware, no third-party connector, and no additional subscription required.
Why do I need to enable the common alert schema?
Azure Monitor uses different payload formats depending on the alert type — metric, log search, activity log, service health. The common alert schema standardises these into a consistent structure. Halo requires this schema to reliably parse the alert payload. Without it, the webhook will not be processed and no ticket will be created.
What is the difference between a standard webhook and a secure webhook?
A standard webhook posts to the Halo endpoint without authentication. A secure webhook authenticates the call using an Entra ID app registration — Azure Monitor uses the tenant and application ID to obtain an access token, which is sent with the webhook payload. Halo validates this token before processing the alert. Secure webhooks require a single-tenanted Entra ID app registration with version 2 access tokens specified in the app manifest (api.requestedAccessTokenVersion set to 2).
Can we control which Azure Monitor alerts create Halo tickets?
Yes. Tickets are only created when an alert fires that has your Halo webhook added to its action group in Azure Monitor. You control exactly which alerts route to Halo by assigning the action group selectively. Alerts without the action group are not sent to Halo.
Does Halo auto-close the ticket when the Azure Monitor alert resolves?
Yes. When an Azure Monitor alert transitions to a resolved state, the webhook fires again with the updated status. Halo receives this and automatically closes the associated ticket — keeping your queue clean without any manual intervention.
We run other monitoring tools alongside Azure Monitor — can Halo handle alerts from multiple sources?
Yes. Halo integrates natively with a wide range of monitoring platforms — including Datadog, SolarWinds, PRTG, Zabbix, Nagios, and others — in addition to Azure Monitor. All 250+ native integrations are included in the standard licence, so running multiple monitoring sources into a single Halo queue carries no additional cost.
We are already live on Halo — can we add Azure Monitor without a full reconfiguration?
Yes. The Azure Monitor integration can be added to any existing live Halo environment. Allied ESM can scope and configure the full setup — Halo module enablement, field mapping configuration, Azure action group setup, and end-to-end testing — without disrupting your current workflows.
Ready to turn Azure Monitor alerts into Halo tickets?
Allied ESM can scope and configure the full Halo + Azure Monitor integration — whether you're starting fresh or adding it to an existing environment. Talk to us to find out what's involved.
