I'm totally new to SCOM. I need detailed steps in creating a monitoring in scom 2012, when ever someone who is not authorized to login, attempted to login set of machines I need to get an email alert. How can I do it? please Help.
You have to create an event based monitor and look in the security log for the ID's associated with the events you want to trap.
This post describes it best:
Here's a video on how you do it. https://www.youtube.com/watch?v=HbYtnd2pemc
After the above is set up, you'll need to create the alert notification. You'll add yourself as a Subscriber in the admin panel of SCOM and create a subscription to email you the (Subscriber). Then you'll attach that subscription to the rule you created in the document above.
You'll see the detail steps here: https://technet.microsoft.com/en-us/library/hh212725(v=sc.12).aspx
You're asking a really broad question with lots of different steps, but this will get you started.