Integrate Azure Monitor as an authenticated data source
Versão de lançamento: Australia
Atualizado 12 de mar. de 2026
2 min. de leitura
Integrate Microsoft Azure with Event Management by adding the
Azure Monitor as an authenticated data source.
You can configure the Event Management environment for the collection of events from Azure Monitor by setting your ServiceNow AI Platform instance as the rest endpoint.
Once the endpoint is configured, when an Azure Monitor alert message arrives, Event Management:
Authenticates the Azure Monitor alert message with the relevant ServiceNow user, using OAuth configuration or a standard webhook.
Extracts information from the original Azure Monitor alert message to populate required event fields and inserts the event into the ServiceNow AI Platform database.
Captures specified content in the Additional Information field of the event form.
What authentication is used
There are two methods of authentication:
OAuth authentication: Provides enterprise-grade authentication to keep your enterprise environment safe. Authentication is performed using Azure Monitor V1 or V2 access tokens. For more information, see Integrate Azure Monitor with OAuth authentication.
API key authentication: Integrate using API key to secure communication between Azure and ServiceNow. For more information, see Integrate Azure with REST API key token.
Basic webhook authentication: Provides a basic standard of authentication, without the need for Azure Active Directory. This authentication can be especially useful for distributed small teams, such as SRE or DevOps teams. For more information, see Integrate Azure Monitor with basic authentication.
What to know before you begin
You can use your integrated Azure Monitor as a data source only after you have verified the following:
For both methods of authentication, the relevant ServiceNow
sys_user is assigned the evt_mgmt_integration role.
The Event Management Connectors plugin is installed in the ServiceNow AI Platform instance. You can download the plugin from the ServiceNow Store website.
AzureCloud Discovery must be performed to ensure that the created alerts are bound to the configuration items in the ServiceNow AI Platform. For more information, see Discovery for Microsoft Azure.
Event Rules and Event Field mappings
These event rules and event field mappings are provided with the base system:
Module
Description
Event Rules
Azure Monitor: A general event rule to handle all Azure
Monitor events.
Event Field Mappings
Azure Monitor - ci_type: To map ci_type of events based
on resourceType field. A base set of mapping pairs are provided.
These are the mappings provided with the base system in Azure Monitor -
ci_type:Figura 1. Transform Value Pairs
Nota:
You can add new mapping pairs to the Event Field Mapping - Azure
Monitor - ci_type as per the requirement, to map events to the respective
ci_type based on resourceType.
Starting from the Xanadu release, the OOTB (Out-Of-The-Box) rules provided with the connector, which you have not previously used (i.e., neither activated, deactivated, nor modified), will now have the Apply
additional matching rules check box set to true. Previously, this check box was disabled. This change allows you to execute more event rules or automation using the same filter conditions for the
connector.
Nota:
This feature applies only to active event rules.
If you want to send alert state changes on the ServiceNow instance from the ServiceNow alerts to
the Azure Portal, you need to enable the Azure Monitor Bi-directional connector. For more
information, see Configure Azure Monitor Bi-directional connector.
Severity mapping from Azure severity to ServiceNow event severity
