Admin Notifications
Every completed assessment job triggers an admin notification delivered by email and to the internal monitoring dashboard. This page explains how to read and act on these notifications.
Notification Payload
| Field | Description |
|---|---|
job_id | Unique job identifier for log correlation |
tenant_id | Client tenant identifier (hashed) |
modules | List of checklist modules run |
quality_score | Computed quality score and threshold status |
quality_status | Excellent / Good / Partial / Degraded |
critical_gaps | Domains with data_unavailable and root cause |
error_count | Total errors from collection_errors array |
collection_duration_s | Total duration in seconds |
recommended_action | Suggested remediation for any critical gaps |
Priority Levels
| Trigger | Priority | Action required |
|---|---|---|
| All completed jobs | Standard | Review dashboard daily |
| Quality score below 60% | Elevated | Review before report delivered to client |
| Collection duration > 90 seconds | Elevated | Check for API throttling or network issues |
| More than 10 errors | Elevated | Review error domains, consider client outreach |
| Phase 1 failure | Critical | Job failed — client must be notified immediately |
Common Root Causes and Responses
Missing Permissions (403 errors)
Root cause: Client did not grant all required roles during OAuth consent, or roles were revoked after consent.
Response:
- Identify which domain is affected from
critical_gaps - Check if the missing role maps to an optional permission (Sentinel Reader) or a required one (Security Reader, Billing Reader)
- If required: contact client with specific instructions to grant the missing role and re-run
- If optional (Sentinel): mark items as
not_applicable— no client action needed
API Throttling (429 errors)
Root cause: Client tenant has a large number of subscriptions or resources causing rate limiting.
Response:
- Check
collection_duration_s— if near 90s, throttling is the likely cause - Review retry counts in
collection_errors - If persistent: adjust Phase 3 concurrency limit for this client's job
Phase 1 Failure
Root cause: Management group API unavailable, or service principal lacks Reader role at root MG scope.
Response:
- Immediately notify client — assessment cannot proceed
- Verify service principal role assignment at root management group
- Re-trigger job once root cause resolved