We are excited to announce that Power Platform Monitor alerts are now generally available! Since entering public preview in August 2025, many organizations have created alert rules to stay on top of app, agent and flow health. Reliability is critical when alerts are used to detect and respond to issues in production. Today, Monitor alerts meet the reliability and maturity standards required for general availability, following sustained investments to improve quality and simplify onboarding.

What are Monitor Alerts?

Monitor alerts allow tenant and environment administrators to proactively monitor the operational health of their Power Platform resources and receive notifications when health metrics fall below thresholds they define. Instead of learning about problems from end users, admins can identify and address issues before they cause disruption. This reduces downtime and improves reliability across the organization.

What’s New with GA

Predefined alerts — protection with zero configuration

The biggest addition we’ve added is predefined alerts: a set of configured, Microsoft-authored alerts that are enabled by default for every tenant. These alerts automatically surface high-use canvas apps, model-driven apps, agents, desktop flows and cloud flows whose health has dropped below recommended baseline thresholds — with no setup required.

For example, predefined alerts will flag when:

• The availability of high-use canvas apps drops below 90%
• The availability of high-use model-driven apps drops below 90%
• High-use cloud flows are experiencing success rate degradation

Predefined alerts give admins an immediate signal on what matters most in their tenant, even before they’ve configured a single custom alert rule. Items can trigger these alerts regardless if they’re in a managed environment, and predefined alerts will encourage users to create their own alert rules to monitor these items against their own custom thresholds.

Redesigned Monitor overview page

We redesigned the Monitor overview page to be alerts-centric. When you land in Monitor, you now get an at-a-glance view of active alert conditions and resource health across your environments — making it faster to identify what needs attention and act on it.

Code app alerts

Custom alert rules now support alerting on your code apps in addition to canvas and model-driven apps. This gives admins deeper visibility into code app performance and the ability to catch performance degradation before it affects users’ day-to-day experience.

Work queue alerts (public preview)

Admins can now configure alerts for Power Automate work queues in Monitor, enabling proactive monitoring of work queue health alongside apps, flows and agents. This capability is launching in public preview alongside alerts GA.

How Monitor Alerts Work

Admins define threshold-based rules on Monitor metrics. For example, this can look like receiving an alert when a cloud flow’s success rate drops below a custom threshold, or when a canvas app’s availability falls below an acceptable level.

Monitor alerts evaluate alert rules daily after aggregating new metric data for your environments. When a metric breaches a threshold, admins receive an email notification with a direct link to the details that triggered the alert.

You can scope alert rules to an environment or individual item, configure multiple recipients per rule (including security groups), and manage all active rules and review triggered alert history from the Alert Rules view in Monitor.

What’s Supported

We’re excited for you to improve the operational health of your apps, agents and automations in Power Platform. Learn more about Monitor and how to create alerts here.

The post Power Platform Monitor Alerts Are Now Generally Available appeared first on Microsoft Power Platform Blog.

Microsoft Defender Antivirus Defender is intended to operate silently in the background, without requiring any active attention from the user. Because Defender is included for free as a component of Windows, it doesn’t need to nag or otherwise bother the user for attention in an attempt to “prove its value”, unlike some antivirus products that require subscription fees.

The default mode for Defender is called “Real-time Protection” (RTP) and in that mode, Defender will automatically scan files for malicious content as they are opened and closed. This means that, even if you did have a malicious file on your PC, the instant it tries to load, the threat is blocked.

If you use the Windows Security App’s toggle to turn RTP off, it will turn itself back on whenever you reboot, or after a variable interval (controlled by various factors including management policies and signature updates).

Given the default real-time scanning behavior, you may wonder why the File Explorer’s legacy context menu offers a “Scan with Microsoft Defender…” menu item. Note that this is the Legacy Context menu, shown when Shift+RightClicking on a file. The Default context menu shown by a regular right-click does not offer the Scan command.

Confusion around this command is especially common because, in most cases, the item doesn’t seem to do anything: the Windows Security app just opens to the “Virus & threat protection” page:

The scan you’ve asked for typically executes so quickly, that you have to look closely to realize that your requested scan actually completed– see the text “1 file scanned” at the bottom.

So, in a world of Real-time Protection, why does this command exist at all? Is there ever a need to use it?

The one scenario where the “Scan” menu item does more than nothing is the case of archive files (Zip, 7z, CAB, etc). Defender doesn’t scan these files on open/close for a few reasons (performance: decompressing data can take a long time, functionality: a password may be needed to decompress).

However, if a user actually tries to use a file from within an archive, that file is extracted and scanned at that time:

If you wanted to scan the contents of an unencrypted archive without actually extracting it, the Scan with Microsoft Defender… menu item will do just that and recognize the threat inside the archive:

Therefore, the only meaningful use of the “Scan” option in Defender is to scan an archive file that you plan to give someone else to open on a different computer, although it’s extremely likely that their device would also be running Defender and would also scan any files extracted from the archive.

Unfortunately, there’s lots of bad/outdated advice out there about the need for manual AV scanning, but I’m happy to see that both Microsoft Copilot and Google Gemini understand the very limited usefulness of this command. I was also happy to see Gemini offered the following:

Pro Tip: If you ever suspect a file is malicious but Defender insists that it’s clean, try uploading it to VirusTotal (an awesome service I’ve blogged about before). VirusTotal will scan the file using over 70 different antivirus engines simultaneously to give you a second (and 3rd,4th,5th,6th,7th…) opinion.

Other Scans

You may’ve noticed other options on the Scan options page, including “Quick scan”, “Full scan”, “Custom scan”, and “offline scan”.

• Quick Scan scans a small set of locations where malware commonly tries to hide, including startup locations.
• Full scan is self-explanatory: it scans all of your files on your disks.
• Custom scan is self-explanatory: it scans the location you choose. The menu item discussed above kicks off a custom-scan for a single file or folder.

All of these scans are basically redundant in a world of RTP: files are scanned on access, so manual scans are not required for protection. The final option, Microsoft Defender Antivirus (offline scan) is different than the others. This scan is a special one that reboots your system and begins a scan before Windows boots. This scan type can find certain types of malware that might otherwise try to hide from Defender. Note that you may be prompted for your BitLocker recovery key:

tl;dr: Don’t worry, we’ve got your back.

-Eric

Ranjan Roy from Margins is back for our weekly discussion of the latest tech news. We cover: 1) Anthropic's new Mythos preview 2) Is Mythos marketing or a legit breakthrough? 3) The Mythos sandwich guy story 4) OpenAI and Anthropic's brewing 1st party vs. API conflict of interest 5) The Meta-Harness 6) Violence against AI on the rise 7) Maine is going to pass a data center moratorium 8) Was Medvi really a $1.8 billion two person startup? 9) Tokenmaxxing is all the rage

---

Enjoying Big Technology Podcast? Please rate us five stars ⭐⭐⭐⭐⭐ in your podcast app of choice.

Want a discount for Big Technology on Substack + Discord? Here’s 25% off for the first year: https://www.bigtechnology.com/subscribe?coupon=0843016b

Learn more about your ad choices. Visit megaphone.fm/adchoices

Todd Werth, Infinite Red's co-founder and 30-year software veteran, joins Robin to talk AI and where it's taking our industry. Also, Claude built a Flappy Bird clone with Todd's face on it, and we're not sorry.

Connect With Us!

• Todd Werth: @twerth
• Robin Heinze: @robinheinze
• React Native Radio: @ReactNativeRdio

This episode is brought to you by Infinite Red!

Infinite Red is an expert React Native consultancy located in the USA. With over a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.