<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

What is Microsoft Azure Monitor?

microsoft azure monitor

Microsoft Azure Monitor is a tool to collect and analyze data collected from Azure environments and on-premises IT ecosystems. Azure Monitor enables your organization to take advantage of a unified solution to store and analyze operational telemetry within a centralized data store. 

The platform is scalable and optimized for performance and cost, featuring an advanced analytical engine and interactive query language. Azure Monitor integrates with various tools used in DevOps, IT service and issue management, security information and event management while providing embedded machine-learning capabilities. 


Intended Use of Azure Monitor 

Since Azure Monitor is designed to collect and analyze telemetry from cloud-based and on-premises environments, the main use of the tool is for getting insights on how your applications are performing.

It helps you proactively identify and act on issues that affect application performance and resources on which your application depends.


Sample Uses of Azure Monitor 

  • Detecting and analyzing issues across your applications and their dependencies using Application Insights. 
  • Associating infrastructure issues using Azure Monitor for Virtual Machines and Azure Monitor for Containers. 
  • Analyzing data from monitoring using Log Analytics for performing deep diagnostics and troubleshooting. 
  • Supporting operations at scale through automated response and smart alerts. 
  • Generating visualizations using Azure dashboards and workbooks. 

Overall, Azure Monitor is using two fundamental types of data to work. Those are metrics and logs the tool is collecting into data stores to perform actions such as analysis, alert generation and streaming to connected external systems. 


Operational Diagram of How Azure Monitor Works 


Source: Microsoft 


What Data Types Azure Monitor Displays 

As we said, data collected in Microsoft Azure consist of metrics and logs. Metrics represent specific aspects of a system at a specific time using numerical values. For their part, logs combine various sets of data into records and each record has a distinct set of properties. The system stores events and traces as logs, for instance. 

Typically, Azure Monitor allows for displaying metrics in real-time, directly in the respective Overview page of the resource’s Azure portal. The metrics explorer function enables you to view a graphical representation of multiple metrics over time. 

You can create queries to perform deep analysis of data Azure Monitor collects and stores into logs. The Log Analytics function in the Azure portal enables you to conduct such analysis or you can use queries with alert rules or for visualizations.  

The Kusto query language helps you create simple queries as well as perform advanced functions such as aggregations, joins and smart analytics. 


What Data You Can Collect with Azure Monitor 

Azure Monitor enables your IT team to collect data from a variety of sources ranging from a single application, through operating systems and linking services, to the platform itself. You can perform data monitoring in tiers that include: 

  • Application data: Monitoring of data concerning the performance and functionality of your programming code, on any platform. 
  • Guest OS data: Collecting data about the operating system on which runs your application. The feature works in Azure, another cloud environment, or on-premises. 
  • Azure resources data: Monitoring the operation of Azure resources. 
  • Azure subscriptions data: Monitoring the operation and managing an Azure subscription, health and operation of Azure including. 
  • Azure tenant data: Monitoring the operation of tenant-level Azure services, like Azure Active Directory. 

Azure Monitor automatically starts collecting data once you create an Azure subscription and begin adding resources like web applications and virtual machines to that subscription. Besides, you can collect data from external sources by logging data from any REST client using the Data Collector API. 


Using Insights in Azure Monitor 

The query tool in Azure Monitor enables you to collect and analyze data from multiple sources in seconds. You can quickly detect issues and abnormal behavior by applying machine-learning algorithms and smart analytics. 

The tool provides a unified view of data originating from metrics, logs and your custom sources and visualizes results using workbooks. 

You can get insights about: 

  • Application Insights: You can monitor the availability, performance, and usage of your web applications, both in cloud environments and on-premises. 
  • VM Insights: A tool for monitoring the performance and health of Windows and Linux VMs. You can track different processes and interconnected dependencies on other resources and external processes. The tool works for on-premises systems and other clouds. 
  • Container Insights: Enables you to monitor the performance of container workloads deployed to managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). Uses Metrics API to collect memory and processor metrics from controllers, nodes and containers that are available in Kubernetes. Also collects container logs. 

An added option is to use monitoring solutions that use packaged sets of logic to provide you with insights about a specific application or service. Those monitoring solutions are available from both Microsoft and third parties enabling you to monitor different Azure services and many other applications. 


Automatic Response to Critical Issues 

Azure Monitor enables you to proactively monitor for issues based on rules you create and which apply to detected conditions across the data you are collecting. 

Alerting rules notify your system administrators about any pre-set alarming conditions and can also take corrective actions automatically. Multiple rules can share corrective actions once a condition occurs. 

You can also create application load rules, which automatically add resources to your application when loads are increasing. Azure Monitor is using data from the logs to detect overloads and decreases in the load capacity to add resources or remove idle resources. You create your own logic about how and when to add or remove resources as well as a minimum and a maximum number of instances allowed.

Data Visualization in Azure Monitor 

Collecting rough data does not make any good, so Azure Monitor offers a variety of data visualization options. 

You can have a unified view of data ready for analysis in a dashboard that combines logs and metrics into a single dashboard pane. The dashboard allows adding and removing elements at will, showing data for any log query or metrics chart you have. You can share the dashboard with other Azure users if you need to collaborate on the data outputs. 

That is how your Azure Monitor dashboard looks like: 


Source: Microsoft 

Azure Monitor visualizes log data in Views, which you can create yourselves to show specific critical data. You can add visualizations for any log query to your dashboards. 


Azure Monitor Integrations 

Azure Monitor effortlessly integrates with other services and systems, enabling you to create and monitor data for custom solutions. 

With Azure Event Hub you can stream Azure Monitor data to external SIEM (Security Information and Event Management) and monitoring tools, using its event ingestion and data streaming capabilities. 

Use your solution with Logic Apps, which enables automation of business processes and tasks through workflows. Those workflows can integrate with other services and systems. By using this integration, you can read and write metrics generated in Azure Monitor using various other systems. 

In fact, you can integrate Azure Monitor with virtually any other system or service by using Azure’s multiple APIs. 



Overall, Microsoft Azure Monitor provides you with a unified platform for monitoring the performance of your applications and systems while also keeping track of the resources they depend on. The ability to integrate Azure Monitor with various other systems and create custom log queries enables you to benefit by conducting custom performance tracking. 

The built-in resource optimization functionalities allow you to use the resources powering your applications in the most efficient manner possible by adding and removing resources per rules set by you.


Interested in Microsoft Azure Sentinel?

Datashield has helped countless clients implement Microsoft Azure Sentinel.

Contact us today.

Topics from this Article

Microsoft Azure Sentinel, Microsoft, Application Security

Official Datashield account for blog content, news, announcements and more. The articles authored include a collaboration between internal staff, specifically the security operations and marketing team.

Related Posts

The Difference Between Cybersecurity & Network Security

The Difference Between Cybersecurity & Network Security

Security Advisory Kaseya VSA

Datashield Security Advisory:

Security Advisory Vulnerability CVE-2021-1675

Datashield Security Advisory: