StratoLens LogoStratoLens

Notification Alerts

Define email rules that fire after every scan, one rule per recipient or recipient group. Each rule chooses a set of alert types and a per-type threshold so recipients only receive emails for findings that matter to them. Open Settings > Notifications from the sidebar (Bell icon).

On This Page

Notification rules deliver scanner findings to email. Jump to a section below.

Email setup required first

The Add Notification button is disabled and a yellow banner appears until email infrastructure is configured. See Email Setup.

Notification Rules Table

The Notification Rules card lists every configured rule with its recipients, selected alert types, enable state, and most recent send result.

Columns

Name
The rule's display name.
Recipients
Email addresses that receive the rule's notifications.
Alert Types
The types of finding included in this rule's emails.
Enabled
Toggle that controls whether the rule is evaluated after scans. Disabled rules are skipped entirely.
Last Send
Status of the most recent send (success, failure, or never sent) with a relative timestamp. Hover for the full timestamp and detail.
Actions
Send Test (paper-plane), Edit (pencil), and Delete (red trash). All require Modify Notifications.

Last Send states

Never sent
Rule has not been evaluated yet, or no triggered alert types had matches.
Sent
Green checkmark with the relative time since send.
Failed
Red X with the relative time. Hover for the error message.

Add or Edit a Rule

Click Add Notification to open the modal, or click the pencil icon on a row to edit. The modal title is Add Notification Entry on create and Edit Notification Entry on edit.

Fields

Name (required)
Display name. Example: CFO Cost Alerts.
Recipient Email(s) (required)
Tag-style input. Press Enter, Tab, or comma to add. Paste multiple addresses separated by commas, semicolons, or newlines.
Subject (required)
Email subject line. Example: StratoLens: New recommendations found.
Body Text (optional)
Intro text displayed at the top of the email body, above the alert sections.
Alert Types (required)
At least one selected. Use the dual-listbox picker described below.

Alert Types Picker

The alert-type picker has two columns: Available on the left and Selected on the right. Each column scrolls independently. The Available column groups types under Recommendations and Change Tracking headers.

  • Click a type in Available to add it to Selected.
  • Hover a Selected item and click the chevron to remove it.
  • Drag the grip handle on a Selected item to reorder. The order controls how sections appear in the email.
  • Click the gear icon on a Selected item to open the Settings flyout for that alert type's threshold.

The footer shows X of Y alert types selected. The save button is Add Entry on create and Update Entry on edit, and is disabled when validation errors exist.

Reorder for impact

Drag the most important alert types to the top of the Selected column so they appear first in the email body. Recipients tend to read the top sections most carefully.

Per-Type Thresholds

Click the gear icon on a Selected alert type to open the Settings flyout to the right of the modal. Some alert types have a configurable threshold; others have no per-rule settings.

Threshold defaults

Cost Anomalies
Minimum cost impact ($). Default 0 (include all anomalies). Non-negative number.
Subscription Quotas
Minimum utilization (%). Default 75. Whole number 1-100.
Commitment Coverage
Min savings/mo ($). Default 0 (include all purchase recs). Non-negative number.
All change-tracking types
Minimum changes. Default 0 (notify on any changes). Non-negative whole number.

Subscription quotas have a scanner-side floor

The scanner only collects quota data above its own configured utilization threshold. If your rule's Minimum utilization (%) is below the scanner's threshold, no data exists for quotas under that level and the alert will never trigger. The flyout shows a yellow warning when this happens. Either raise your rule threshold to match the scanner setting, or lower the scanner setting to collect more data.

Behavior & Defaults

Notification rules are evaluated after every scan completes. The scanner's findings are diffed against the previous scan, and each enabled rule is evaluated against that diff.

What triggers each group

Recommendations
New or notification-meaningfully updated recommendations that pass the per-rule threshold.
Change Tracking
A change count between the previous scan and this scan that meets or exceeds the rule's Minimum changes value.
  • Enabled rules with no triggered types send no email for that scan, no error, and the Last Send column does not update.
  • Disabled rules are skipped entirely. The toggle controls the whole rule, not individual alert types.
  • Rule order in the table is creation order and does not affect evaluation. Selected alert type order inside a rule does control section order in the email.
  • Test sends generate emails from current database state, not from a real scan diff. Recommendations are treated as new and change counts are computed from the most recent scan pair. Useful for verifying formatting and recipient delivery.
  • Tenant-wide scope. Every rule sees the entire tenant's data. Recipient targeting is done by who's in the recipient list and which alert types you select.
  • Failures are isolated. If one rule fails to send, other rules in the same scan still process. Scan success is never affected by notification send failures.

Recipients see the entire tenant

Notification rules are tenant-wide. A recipient on a Cost Anomalies rule sees anomalies from every subscription, not just "their" subscriptions. There is no per-recipient subscription filter.

Prerequisites

  • Email infrastructure must be configured. See Email Setup.
  • Read Notifications to view this page. Modify Notifications to add, edit, delete, or send test emails.

Alert Types Catalog

Twelve alert types in two groups. The names below match the Display Name shown in the modal verbatim.

Recommendations group

Driven by scanner findings. Trigger when new or updated recommendations pass the threshold.

Cost Anomalies
Unusual cost spikes or drops detected in resource spending patterns.
Orphaned Resources
Unattached or idle resources that may be candidates for removal.
VM Sizing
Virtual machines that could be downsized based on utilization metrics.
Access Optimizations
Role assignments with unused, stale, or over-privileged access patterns.
Subscription Quotas
Subscription vCPU quotas exceeding configured utilization threshold.
Commitment Coverage
New purchase, underutilized, or expiring commitment recommendations.

Change Tracking group

Driven by inter-scan change counts. Trigger when the change count meets or exceeds Minimum changes.

Resource Changes
Resources, subscriptions, or resource groups added, modified, or deleted between scans.
Defender Recommendation Changes
Microsoft Defender for Cloud security assessment changes between scans.
Defender Alerts
Active threat detections from Microsoft Defender for Cloud.
Advisor Recommendation Changes
Azure Advisor recommendation changes between scans.
Policy Assignment Changes
Azure Policy assignment and exemption changes between scans.
Policy Compliance Changes
Azure Policy compliance state changes between scans.

All Change Tracking types share the same threshold field: Minimum changes, default 0 (notify on any changes).

Troubleshooting

Test email failed

Answer

The failure is almost always an email-infrastructure issue (auth, RBAC, propagation), not a rule-configuration issue. See the troubleshooting section on the Email Setup page.

My rule is enabled but no emails arrive after scans

Answer

Either no triggered alert types had matches in the latest scan, or all matches were filtered out by your per-type thresholds. Use Send test email to confirm the rule sends with current data. If the test sends but real scans don't, check whether your scans are actually finding new items.

My subscription quota alert isn't catching anything

Answer

Your Minimum utilization (%) may be below the threshold the scanner used when collecting quota data. The flyout shows the warning "Below scanner threshold (X%). No data will exist for quotas under that level." Raise your rule threshold to match, or raise the scanner setting to collect more data.

The Last Send column shows a failure

Answer

Hover the icon for the tooltip with the error. Common causes: token expired (OAuth), Exchange RBAC propagation pending, or recipient mailbox rejected.

I can see the page but all the buttons are disabled

Answer

You have Read Notifications only. Ask an admin to grant Modify Notifications to make changes.

← Previous: Email SetupNext: Scheduled Reports →