New-AzScheduledQueryRule does not evaluate -AutoMitigate switch parameter

[ChrissiMaa]

Description

The command New-AzScheduledQueryRule does not evaluate the parameter -AutoMitigate correctly. When I create an alert rule with the PowerShell command, the "Automatically resolve alerts (preview)" checkbox is always set, no matter whether the -AutoMitigate parameter is passed or not. (see screenshot) I expect that the checkbox is not set if the parameter -AutoMitigate is not passed.

Issue script & Debug output

Issue script:

$userIds = @(<USER-ID>, <USER-ID>)
$rgName = <RESOURCEGROUPNAME>
$subscriptionId = (Get-AzContext).Subscription.Id
$workspaceName = <LOGANALYTICSWORKSPACENAME>
$emailReceiver = <E-MAIL-ADDRESS>

$email1 = New-AzActionGroupReceiver -Name "TestReceiver" -EmailReceiver -EmailAddress $emailReceiver
$actionGroup = Set-AzActionGroup -Name "TestActionGroup" -ResourceGroupName $rgName -ShortName "TestAG" -Receiver $email1

$condition=New-AzScheduledQueryRuleConditionObject -Query "SigninLogs | where UserId == '$($userIds[0])' or UserId == '$($userIds[1])'" -TimeAggregation "Count" -Operator "GreaterThan" -Threshold "0" -FailingPeriodNumberOfEvaluationPeriod 1 -FailingPeriodMinFailingPeriodsToAlert 1
New-AzScheduledQueryRule -Name "Sign-in alert" -ResourceGroupName $rgName -Location westeurope -ActionGroupResourceId $actionGroup.Id -Scope "/subscriptions/$subscriptionId/resourceGroups/$rgName/providers/Microsoft.OperationalInsights/workspaces/$workspaceName" -Severity 0 -WindowSize ([System.TimeSpan]::New(0,5,0)) -EvaluationFrequency ([System.TimeSpan]::New(0,5,0)) -CriterionAllOf $condition

Debug output:

DEBUG: 16:05:57 - GetAzureRMContextCommand end processing.
DEBUG: 16:05:57 - NewAzureRmActionGroupReceiverCommand begin processing with ParameterSet 'NewEmailReceiver'.
DEBUG: 16:05:57 - using account id 'XXXXXXXXXX'...
DEBUG: 16:05:57 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent:  Module: Az.Monitor:4.3.0; CommandName: New-AzActionGroupReceiver; PSVersion: 5.1.22000.1335; IsSuccess: True; Duration: 00:00:00.0045672
DEBUG: 16:05:57 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 16:05:57 - NewAzureRmActionGroupReceiverCommand end processing.
DEBUG: 16:05:57 - SetAzureRmActionGroupCommand begin processing with ParameterSet 'ByPropertyName'.
DEBUG: 16:05:57 - using account id 'XXXXXXXXXX'...                                                                                                         
DEBUG: 16:05:57 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
WARNING: 16:05:57 - *** The namespace for all the model classes will change from Microsoft.Azure.Management.Monitor.Management.Models to Microsoft.Azure.Management.Monitor.Models in future     releases.                                                                                                                                                                                        
WARNING: 16:05:57 - *** The namespace for output classes will be uniform for all classes in future releases to make it independent of modifications in the model classes.
DEBUG: [Common.Authentication]: Authenticating using Account: 'XXXXXXXXXX', environment: 'AzureCloud', tenant: 'XXXXXXXXXX'
DEBUG: 16:05:57 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'XXXXXXXXXX',
Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'XXXXXXXXXX'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority.      
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority. 
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority.      
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority. 
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z] Found 3 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z] Returning 3 accounts
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] MSAL MSAL.Desktop with assembly version '4.46.2.0'.     
CorrelationId(XXXXXXXXXX)
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] LoginHint provided: False
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] Account provided: True
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] ForceRefresh: False
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - XXXXXXXXXX
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] === Token Acquisition (SilentRequest) started:
  Scopes: https://management.core.windows.net//.default
 Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority.      
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] Access token is not expired. Returning the found cache 
entry. [Current time (12/31/2022 15:05:57) - Expiration Time (12/31/2022 15:56:00 +00:00) - Extended Expiration Time (12/31/2022 15:56:00 +00:00)]
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] Returning access token found in cache. RefreshOn exists 
 ? False
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority.      
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX]
 === Token Acquisition finished successfully:
DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX]  AT expiration time: 31.12.2022 15:56:00 +00:00,        
scopes: https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default. source: Cache
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:  ExpiresOn: 2022-12-31T15:56:00.0000000+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: 'XXXXXXXXXX', UserId: 'XXXXXXXXXX'
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PUT

Absolute Uri:
https://management.azure.com/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/Microsoft.Insights/actionGroups/TestActionGroup?api-version=2021-09- 
01

Headers:
x-ms-client-request-id        : XXXXXXXXXX
accept-language               : en-US

Body:
{
  "properties": {
    "groupShortName": "TestAG",
    "enabled": true,
    "emailReceivers": [
      {
        "name": "TestReceiver",
        "emailAddress": "XXXXXXXXXX",
        "useCommonAlertSchema": false
      }
    ],
    "smsReceivers": [],
    "webhookReceivers": [],
    "itsmReceivers": [],
    "azureAppPushReceivers": [],
    "automationRunbookReceivers": [],
    "voiceReceivers": [],
    "logicAppReceivers": [],
    "azureFunctionReceivers": [],
    "armRoleReceivers": [],
    "eventHubReceivers": []
  },
  "location": "Global"
}

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
X-ActivityId                  : XXXXXXXXXX
Access-Control-Expose-Headers : x-activityid
X-ServedBy                    : EUS2ONEIM000007
api-supported-versions        : 2016-09-01-preview, 2017-03-01-preview, 2017-04-01, 2018-03-01, 2018-09-01, 2019-03-01, 2019-06-01, 2021-09-01, 2022-04-01, 2022-06-01, 2023-01-01
x-ms-ratelimit-remaining-subscription-resource-requests: 24
x-ms-request-id               : XXXXXXXXXX
x-ms-correlation-request-id   : XXXXXXXXXX
x-ms-routing-request-id       : GERMANYNORTH:20221231T150559Z:XXXXXXXXXX
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
Cache-Control                 : no-cache
Date                          : Sat, 31 Dec 2022 15:05:58 GMT
Server                        : Microsoft-HTTPAPI/2.0

Body:
{
  "id": "/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/microsoft.insights/actionGroups/TestActionGroup",
  "type": "Microsoft.Insights/ActionGroups",
  "name": "TestActionGroup",
  "location": "Global",
  "tags": null,
  "properties": {
    "groupShortName": "TestAG",
    "enabled": true,
    "emailReceivers": [
      {
        "name": "TestReceiver",
        "emailAddress": "XXXXXXXXXX",
        "useCommonAlertSchema": false,
        "status": "Enabled"
      }
    ],
    "smsReceivers": [],
    "webhookReceivers": [],
    "eventHubReceivers": [],
    "itsmReceivers": [],
    "azureAppPushReceivers": [],
    "automationRunbookReceivers": [],
    "voiceReceivers": [],
    "logicAppReceivers": [],
    "azureFunctionReceivers": [],
    "armRoleReceivers": []
  }
}

DEBUG: AzureQoSEvent:  Module: Az.Monitor:4.3.0; CommandName: Set-AzActionGroup; PSVersion: 5.1.22000.1335; IsSuccess: True; Duration: 00:00:01.8316747
DEBUG: 16:05:59 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 16:05:59 - SetAzureRmActionGroupCommand end processing.
DEBUG: AzureQoSEvent:  Module: Az.Monitor:4.3.0; CommandName: New-AzScheduledQueryRuleConditionObject; PSVersion: 5.1.22000.1335; IsSuccess: True; Duration: 00:00:00.0015850
DEBUG: 16:05:59 - GetAzureRMContextCommand end processing.
DEBUG: [CmdletBeginProcessing]: Starting command
DEBUG: CmdletBeginProcessing:
DEBUG: CmdletProcessRecordStart:
DEBUG: CmdletGetPipeline:
DEBUG: CmdletBeforeAPICall:
DEBUG: URLCreated: /subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/Microsoft.Insights/scheduledQueryRules/Sign-in%20alert?api-version=2021-08-01 
DEBUG: RequestCreated: 
/subscriptionsXXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/Microsoft.Insights/scheduledQueryRules/Sign-in%20alert?api-version=2021-08-01
DEBUG: HeaderParametersAdded:
DEBUG: BodyContentSet:
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PUT

Absolute Uri:
https://management.azure.com/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/Microsoft.Insights/scheduledQueryRules/Sign-in
alert?api-version=2021-08-01

Headers:
x-ms-unique-id                : 2
x-ms-client-request-id        : XXXXXXXXXX
CommandName                   : New-AzScheduledQueryRule
FullCommandName               : New-AzScheduledQueryRule_CreateExpanded
ParameterSetName              : __AllParameterSets
User-Agent                    : AzurePowershell/v0.0.0,PSVersion/v5.1.22000.1335,Az.ScheduledQueryRule/4.3.0

Body:
{
  "location": "westeurope",
  "properties": {
    "criteria": {
      "allOf": [
        {
          "failingPeriods": {
            "numberOfEvaluationPeriods": 1,
            "minFailingPeriodsToAlert": 1
          },
          "query": "SigninLogs | where UserId == 'XXXXXXXXXX' or UserId == 'XXXXXXXXXX'",
          "timeAggregation": "Count",
          "operator": "GreaterThan",
          "threshold": 0
        }
      ]
    },
    "actions": {
      "actionGroups": [
        "/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/microsoft.insights/actionGroups/TestActionGroup"
      ]
    },
    "severity": 0,
    "scopes": [
      "/subscriptionsXXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/Microsoft.OperationalInsights/workspaces/XXXXXXXXXX"
    ],
    "evaluationFrequency": "PT5M",
    "windowSize": "PT5M"
  }
}

DEBUG: BeforeCall:
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
X-Rate-Limit-Limit            : 1m
X-Rate-Limit-Remaining        : 14
X-Rate-Limit-Reset            : 2022-12-31T15:07:00.4366604Z
x-ms-ratelimit-remaining-subscription-writes: 1199
x-ms-request-id               : XXXXXXXXXX
x-ms-correlation-request-id   :XXXXXXXXXX
x-ms-routing-request-id       : GERMANYNORTH:20221231T150602Z:XXXXXXXXXX
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
Cache-Control                 : no-cache
Date                          : Sat, 31 Dec 2022 15:06:01 GMT
Server                        : Kestrel

Body:
{
  "id": "/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/microsoft.insights/scheduledqueryrules/Sign-in alert",
  "name": "Sign-in alert",
  "type": "microsoft.insights/scheduledqueryrules",
  "location": "westeurope",
  "systemData": {
    "createdBy": "XXXXXXXXXX",
    "createdByType": "User",
    "createdAt": "2022-12-21T18:46:20.7263712Z",
    "lastModifiedBy": "XXXXXXXXXX",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2022-12-31T15:06:00.3399804Z"
  },
  "properties": {
    "severity": 0,
    "enabled": true,
    "evaluationFrequency": "PT5M",
        "/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/microsoft.insights/actionGroups/TestActionGroup"
      ]
    }
  }
}

DEBUG: ResponseCreated:
DEBUG: BeforeResponseDispatch:

DEBUG: Finally:
DEBUG: CmdletAfterAPICall:
DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process
DEBUG: CmdletProcessRecordAsyncEnd:
DEBUG: CmdletProcessRecordEnd:
DEBUG: AzureQoSEvent:  Module: Az.Monitor:4.3.0; CommandName: New-AzScheduledQueryRule; PSVersion: 5.1.22000.1335; IsSuccess: True; Duration: 00:00:02.5562433
Location   Name          Etag Kind
--------   ----          ---- ----
westeurope Sign-in alert

Environment data

Environment Data:
Name                           Value
----                           -----
PSVersion                      5.1.22000.1335
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22000.1335
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Module versions

Module-Version:
ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     2.10.4     Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault...}
Script     4.3.0      Az.Monitor                          {Add-AzLogProfile, Add-AzMetricAlertRule, Add-AzMetricAlertRuleV2, Add-AzWebtestAlertRule...}
Binary     2.0.2.140  AzureAD                             {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredOwner, Add-AzureADDeviceRegisteredUser, Add-AzureADDirectoryRoleMember...}

Error output

DEBUG: 16:30:00 - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 16:30:00 - using account id 'XXXXXXXXXX'...
DEBUG: 16:30:00 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' :
The `Resolve-Error` alias will be removed in a future release.  Please change any scripts that use this alias to use `Resolve-AzError` instead.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.

   HistoryId: 3

Message        : The term 'Connect-azurad' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included,     
                 verify that the path is correct and try again.
StackTrace     :    at System.Management.Automation.CommandDiscovery.LookupCommandInfo(String commandName, CommandTypes commandTypes, SearchResolutionOptions searchResolutionOptions,
                 CommandOrigin commandOrigin, ExecutionContext context)
                    at System.Management.Automation.CommandDiscovery.LookupCommandProcessor(String commandName, CommandOrigin commandOrigin, Nullable`1 useLocalScope)
                    at System.Management.Automation.ExecutionContext.CreateCommand(String command, Boolean dotSource)
                    at System.Management.Automation.PipelineOps.AddCommand(PipelineProcessor pipe, CommandParameterInternal[] commandElements, CommandBaseAst commandBaseAst,
                 CommandRedirection[] redirections, ExecutionContext context)
                    at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput, CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts,   
                 CommandRedirection[][] commandRedirections, FunctionContext funcContext)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
Exception      : System.Management.Automation.CommandNotFoundException
InvocationInfo : {}
Line           : Connect-azurad
Position       : At line:1 char:1
                 + Connect-azurad
                 + ~~~~~~~~~~~~~~
HistoryId      : 3

   HistoryId: -1

Message        : At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:30 char:56
                 +                 [System.Text.Encoding]::UTF8.GetBytes($match.Value)
                 +                                                                    ~
                 Missing closing ')' in expression.

                 At C:\UsersXXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:27 char:10
                 +         } else {
                 +                ~
                 Missing closing '}' in statement block or type definition.

                 At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:23 char:43
                 +     [regex]::Replace($value, '[^a-zA-Z0-9]', { param($match)
                 +                                              ~
                 Missing closing '}' in statement block or type definition.

                 At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:34 char:2
                 +     })
                 +     ~
                 Unexpected token '}' in expression or statement.

                 At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:34 char:3
                 +     })
                 +      ~
                 Unexpected token ')' in expression or statement.

                 At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:35 char:1
                 + }
                 + ~
                 Unexpected token '}' in expression or statement.
StackTrace     :    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
                    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
                    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
Exception      : System.Management.Automation.ParseException
InvocationInfo : {}
Line           :                                [System.Text.Encoding]::UTF8.GetBytes($match.Value)

Position       : At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:30 char:56
                 +                 [System.Text.Encoding]::UTF8.GetBytes($match.Value)
                 +                                                                    ~
HistoryId      : -1

The Azure PowerShell team is listening, please let us know how we are doing: https://aka.ms/azpssurvey?Q_CHL=ERROR.

DEBUG: AzureQoSEvent:  Module: Az.Accounts:2.10.4; CommandName: Resolve-AzError; PSVersion: 5.1.22000.1335; IsSuccess: True; Duration: 00:00:00.4112190
DEBUG: 16:30:00 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 16:30:00 - ResolveError end processing.

[ghost]

Thank you for your feedback. This has been routed to the support team for assistance.

[RakeshMohanMSFT]

@ChrissiMaa Thank you for reaching out to us, we are looking into it.

[ghost]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @SameergMS, @dadunl.

Issue Details

---

### Description The command New-AzScheduledQueryRule does not evaluate the parameter -AutoMitigate correctly. When I create an alert rule with the PowerShell command, the "Automatically resolve alerts (preview)" checkbox is always set, no matter whether the -AutoMitigate parameter is passed or not. (see screenshot) I expect that the checkbox is not set if the parameter -AutoMitigate is not passed. ### Issue script & Debug output ```PowerShell Issue script: $userIds = @(, ) $rgName = $subscriptionId = (Get-AzContext).Subscription.Id $workspaceName = $emailReceiver = $email1 = New-AzActionGroupReceiver -Name "TestReceiver" -EmailReceiver -EmailAddress $emailReceiver $actionGroup = Set-AzActionGroup -Name "TestActionGroup" -ResourceGroupName $rgName -ShortName "TestAG" -Receiver $email1 $condition=New-AzScheduledQueryRuleConditionObject -Query "SigninLogs | where UserId == '$($userIds[0])' or UserId == '$($userIds[1])'" -TimeAggregation "Count" -Operator "GreaterThan" -Threshold "0" -FailingPeriodNumberOfEvaluationPeriod 1 -FailingPeriodMinFailingPeriodsToAlert 1 New-AzScheduledQueryRule -Name "Sign-in alert" -ResourceGroupName $rgName -Location westeurope -ActionGroupResourceId $actionGroup.Id -Scope "/subscriptions/$subscriptionId/resourceGroups/$rgName/providers/Microsoft.OperationalInsights/workspaces/$workspaceName" -Severity 0 -WindowSize ([System.TimeSpan]::New(0,5,0)) -EvaluationFrequency ([System.TimeSpan]::New(0,5,0)) -CriterionAllOf $condition Debug output: DEBUG: 16:05:57 - GetAzureRMContextCommand end processing. DEBUG: 16:05:57 - NewAzureRmActionGroupReceiverCommand begin processing with ParameterSet 'NewEmailReceiver'. DEBUG: 16:05:57 - using account id 'XXXXXXXXXX'... DEBUG: 16:05:57 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: AzureQoSEvent: Module: Az.Monitor:4.3.0; CommandName: New-AzActionGroupReceiver; PSVersion: 5.1.22000.1335; IsSuccess: True; Duration: 00:00:00.0045672 DEBUG: 16:05:57 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 16:05:57 - NewAzureRmActionGroupReceiverCommand end processing. DEBUG: 16:05:57 - SetAzureRmActionGroupCommand begin processing with ParameterSet 'ByPropertyName'. DEBUG: 16:05:57 - using account id 'XXXXXXXXXX'... DEBUG: 16:05:57 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. WARNING: 16:05:57 - *** The namespace for all the model classes will change from Microsoft.Azure.Management.Monitor.Management.Models to Microsoft.Azure.Management.Monitor.Models in future releases. WARNING: 16:05:57 - *** The namespace for output classes will be uniform for all classes in future releases to make it independent of modifications in the model classes. DEBUG: [Common.Authentication]: Authenticating using Account: 'XXXXXXXXXX', environment: 'AzureCloud', tenant: 'XXXXXXXXXX' DEBUG: 16:05:57 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'XXXXXXXXXX', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'XXXXXXXXXX' DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z] Found 3 cache accounts and 0 broker accounts DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z] Returning 3 accounts DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] MSAL MSAL.Desktop with assembly version '4.46.2.0'. CorrelationId(XXXXXXXXXX) DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] === AcquireTokenSilent Parameters === DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] LoginHint provided: False DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] Account provided: True DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] ForceRefresh: False DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] === Request Data === Authority Provided? - True Scopes - https://management.core.windows.net//.default Extra Query Params Keys (space separated) - ApiId - AcquireTokenSilent IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - XXXXXXXXXX UserAssertion set: False LongRunningOboCacheKey set: False Region configured: DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] === Token Acquisition (SilentRequest) started: Scopes: https://management.core.windows.net//.default Authority Host: login.microsoftonline.com DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] Access token is not expired. Returning the found cache entry. [Current time (12/31/2022 15:05:57) - Expiration Time (12/31/2022 15:56:00 +00:00) - Extended Expiration Time (12/31/2022 15:56:00 +00:00)] DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] Returning access token found in cache. RefreshOn exists ? False DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] === Token Acquisition finished successfully: DEBUG: False MSAL 4.46.2.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2022-12-31 15:05:57Z - XXXXXXXXXX] AT expiration time: 31.12.2022 15:56:00 +00:00, scopes: https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default. source: Cache DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2022-12-31T15:56:00.0000000+00:00 DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: 'XXXXXXXXXX', UserId: 'XXXXXXXXXX' DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: PUT Absolute Uri: https://management.azure.com/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/Microsoft.Insights/actionGroups/TestActionGroup?api-version=2021-09- 01 Headers: x-ms-client-request-id : XXXXXXXXXX accept-language : en-US Body: { "properties": { "groupShortName": "TestAG", "enabled": true, "emailReceivers": [ { "name": "TestReceiver", "emailAddress": "XXXXXXXXXX", "useCommonAlertSchema": false } ], "smsReceivers": [], "webhookReceivers": [], "itsmReceivers": [], "azureAppPushReceivers": [], "automationRunbookReceivers": [], "voiceReceivers": [], "logicAppReceivers": [], "azureFunctionReceivers": [], "armRoleReceivers": [], "eventHubReceivers": [] }, "location": "Global" } DEBUG: ============================ HTTP RESPONSE ============================ Status Code: OK Headers: Pragma : no-cache X-ActivityId : XXXXXXXXXX Access-Control-Expose-Headers : x-activityid X-ServedBy : EUS2ONEIM000007 api-supported-versions : 2016-09-01-preview, 2017-03-01-preview, 2017-04-01, 2018-03-01, 2018-09-01, 2019-03-01, 2019-06-01, 2021-09-01, 2022-04-01, 2022-06-01, 2023-01-01 x-ms-ratelimit-remaining-subscription-resource-requests: 24 x-ms-request-id : XXXXXXXXXX x-ms-correlation-request-id : XXXXXXXXXX x-ms-routing-request-id : GERMANYNORTH:20221231T150559Z:XXXXXXXXXX Strict-Transport-Security : max-age=31536000; includeSubDomains X-Content-Type-Options : nosniff Cache-Control : no-cache Date : Sat, 31 Dec 2022 15:05:58 GMT Server : Microsoft-HTTPAPI/2.0 Body: { "id": "/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/microsoft.insights/actionGroups/TestActionGroup", "type": "Microsoft.Insights/ActionGroups", "name": "TestActionGroup", "location": "Global", "tags": null, "properties": { "groupShortName": "TestAG", "enabled": true, "emailReceivers": [ { "name": "TestReceiver", "emailAddress": "XXXXXXXXXX", "useCommonAlertSchema": false, "status": "Enabled" } ], "smsReceivers": [], "webhookReceivers": [], "eventHubReceivers": [], "itsmReceivers": [], "azureAppPushReceivers": [], "automationRunbookReceivers": [], "voiceReceivers": [], "logicAppReceivers": [], "azureFunctionReceivers": [], "armRoleReceivers": [] } } DEBUG: AzureQoSEvent: Module: Az.Monitor:4.3.0; CommandName: Set-AzActionGroup; PSVersion: 5.1.22000.1335; IsSuccess: True; Duration: 00:00:01.8316747 DEBUG: 16:05:59 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 16:05:59 - SetAzureRmActionGroupCommand end processing. DEBUG: AzureQoSEvent: Module: Az.Monitor:4.3.0; CommandName: New-AzScheduledQueryRuleConditionObject; PSVersion: 5.1.22000.1335; IsSuccess: True; Duration: 00:00:00.0015850 DEBUG: 16:05:59 - GetAzureRMContextCommand end processing. DEBUG: [CmdletBeginProcessing]: Starting command DEBUG: CmdletBeginProcessing: DEBUG: CmdletProcessRecordStart: DEBUG: CmdletGetPipeline: DEBUG: CmdletBeforeAPICall: DEBUG: URLCreated: /subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/Microsoft.Insights/scheduledQueryRules/Sign-in%20alert?api-version=2021-08-01 DEBUG: RequestCreated: /subscriptionsXXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/Microsoft.Insights/scheduledQueryRules/Sign-in%20alert?api-version=2021-08-01 DEBUG: HeaderParametersAdded: DEBUG: BodyContentSet: DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: PUT Absolute Uri: https://management.azure.com/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/Microsoft.Insights/scheduledQueryRules/Sign-in alert?api-version=2021-08-01 Headers: x-ms-unique-id : 2 x-ms-client-request-id : XXXXXXXXXX CommandName : New-AzScheduledQueryRule FullCommandName : New-AzScheduledQueryRule_CreateExpanded ParameterSetName : __AllParameterSets User-Agent : AzurePowershell/v0.0.0,PSVersion/v5.1.22000.1335,Az.ScheduledQueryRule/4.3.0 Body: { "location": "westeurope", "properties": { "criteria": { "allOf": [ { "failingPeriods": { "numberOfEvaluationPeriods": 1, "minFailingPeriodsToAlert": 1 }, "query": "SigninLogs | where UserId == 'XXXXXXXXXX' or UserId == 'XXXXXXXXXX'", "timeAggregation": "Count", "operator": "GreaterThan", "threshold": 0 } ] }, "actions": { "actionGroups": [ "/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/microsoft.insights/actionGroups/TestActionGroup" ] }, "severity": 0, "scopes": [ "/subscriptionsXXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/Microsoft.OperationalInsights/workspaces/XXXXXXXXXX" ], "evaluationFrequency": "PT5M", "windowSize": "PT5M" } } DEBUG: BeforeCall: DEBUG: ============================ HTTP RESPONSE ============================ Status Code: OK Headers: Pragma : no-cache X-Rate-Limit-Limit : 1m X-Rate-Limit-Remaining : 14 X-Rate-Limit-Reset : 2022-12-31T15:07:00.4366604Z x-ms-ratelimit-remaining-subscription-writes: 1199 x-ms-request-id : XXXXXXXXXX x-ms-correlation-request-id :XXXXXXXXXX x-ms-routing-request-id : GERMANYNORTH:20221231T150602Z:XXXXXXXXXX Strict-Transport-Security : max-age=31536000; includeSubDomains X-Content-Type-Options : nosniff Cache-Control : no-cache Date : Sat, 31 Dec 2022 15:06:01 GMT Server : Kestrel Body: { "id": "/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/microsoft.insights/scheduledqueryrules/Sign-in alert", "name": "Sign-in alert", "type": "microsoft.insights/scheduledqueryrules", "location": "westeurope", "systemData": { "createdBy": "XXXXXXXXXX", "createdByType": "User", "createdAt": "2022-12-21T18:46:20.7263712Z", "lastModifiedBy": "XXXXXXXXXX", "lastModifiedByType": "User", "lastModifiedAt": "2022-12-31T15:06:00.3399804Z" }, "properties": { "severity": 0, "enabled": true, "evaluationFrequency": "PT5M", "/subscriptions/XXXXXXXXXX/resourceGroups/XXXXXXXXXX/providers/microsoft.insights/actionGroups/TestActionGroup" ] } } } DEBUG: ResponseCreated: DEBUG: BeforeResponseDispatch: DEBUG: Finally: DEBUG: CmdletAfterAPICall: DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process DEBUG: CmdletProcessRecordAsyncEnd: DEBUG: CmdletProcessRecordEnd: DEBUG: AzureQoSEvent: Module: Az.Monitor:4.3.0; CommandName: New-AzScheduledQueryRule; PSVersion: 5.1.22000.1335; IsSuccess: True; Duration: 00:00:02.5562433 Location Name Etag Kind -------- ---- ---- ---- westeurope Sign-in alert ``` ### Environment data ```PowerShell Environment Data: Name Value ---- ----- PSVersion 5.1.22000.1335 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.22000.1335 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 ``` ### Module versions ```PowerShell Module-Version: ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Script 2.10.4 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault...} Script 4.3.0 Az.Monitor {Add-AzLogProfile, Add-AzMetricAlertRule, Add-AzMetricAlertRuleV2, Add-AzWebtestAlertRule...} Binary 2.0.2.140 AzureAD {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredOwner, Add-AzureADDeviceRegisteredUser, Add-AzureADDirectoryRoleMember...} ``` ### Error output ```PowerShell DEBUG: 16:30:00 - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'. DEBUG: 16:30:00 - using account id 'XXXXXXXXXX'... DEBUG: 16:30:00 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' : The `Resolve-Error` alias will be removed in a future release. Please change any scripts that use this alias to use `Resolve-AzError` instead. Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell. HistoryId: 3 Message : The term 'Connect-azurad' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. StackTrace : at System.Management.Automation.CommandDiscovery.LookupCommandInfo(String commandName, CommandTypes commandTypes, SearchResolutionOptions searchResolutionOptions, CommandOrigin commandOrigin, ExecutionContext context) at System.Management.Automation.CommandDiscovery.LookupCommandProcessor(String commandName, CommandOrigin commandOrigin, Nullable`1 useLocalScope) at System.Management.Automation.ExecutionContext.CreateCommand(String command, Boolean dotSource) at System.Management.Automation.PipelineOps.AddCommand(PipelineProcessor pipe, CommandParameterInternal[] commandElements, CommandBaseAst commandBaseAst, CommandRedirection[] redirections, ExecutionContext context) at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput, CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][] commandRedirections, FunctionContext funcContext) at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) Exception : System.Management.Automation.CommandNotFoundException InvocationInfo : {} Line : Connect-azurad Position : At line:1 char:1 + Connect-azurad + ~~~~~~~~~~~~~~ HistoryId : 3 HistoryId: -1 Message : At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:30 char:56 + [System.Text.Encoding]::UTF8.GetBytes($match.Value) + ~ Missing closing ')' in expression. At C:\UsersXXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:27 char:10 + } else { + ~ Missing closing '}' in statement block or type definition. At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:23 char:43 + [regex]::Replace($value, '[^a-zA-Z0-9]', { param($match) + ~ Missing closing '}' in statement block or type definition. At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:34 char:2 + }) + ~ Unexpected token '}' in expression or statement. At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:34 char:3 + }) + ~ Unexpected token ')' in expression or statement. At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:35 char:1 + } + ~ Unexpected token '}' in expression or statement. StackTrace : at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception) at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) Exception : System.Management.Automation.ParseException InvocationInfo : {} Line : [System.Text.Encoding]::UTF8.GetBytes($match.Value) Position : At C:\Users\XXXXXXXXXX\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\workbench\contrib\terminal\browser\media\shellIntegration.ps1:30 char:56 + [System.Text.Encoding]::UTF8.GetBytes($match.Value) + ~ HistoryId : -1 The Azure PowerShell team is listening, please let us know how we are doing: https://aka.ms/azpssurvey?Q_CHL=ERROR. DEBUG: AzureQoSEvent: Module: Az.Accounts:2.10.4; CommandName: Resolve-AzError; PSVersion: 5.1.22000.1335; IsSuccess: True; Duration: 00:00:00.4112190 DEBUG: 16:30:00 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 16:30:00 - ResolveError end processing. ```

Author:	ChrissiMaa
Assignees:	-
Labels:	`Monitor`, `Service Attention`, `bug`, `customer-reported`
Milestone:	-

[majmn]

We are also seeing the same issue https://github.com/Azure/azure-powershell/issues/22583)

[srozanc-mcs]

Keen to see an update on this. There is no way currently to turn off AutoMitigate on new alert creation through Powershell due to this bug