Centralized Monitoring in Azure: Automating Diagnostic Settings Across All Resources

 Introduction

In modern cloud environments, observability is not optional—it’s foundational. As organizations scale their Azure footprint, ensuring consistent monitoring across hundreds (or thousands) of resources becomes a major operational challenge.

Problem Statement

Challenges Customers Face

One of the most common gaps I’ve observed while working with customers is:

❗ Lack of standardized diagnostic settings across resources, especially when customers want to migrate all logging to a new centralized Log Analytics Workspace (LAW) and update existing diagnostic configurations accordingly.

In many real-world scenarios, customers:

• Already have diagnostic settings configured across resources
• Need to redirect all logs to a new centralized LAW (for consolidation, cost optimization, or security reasons)
• Struggle with updating existing diagnostic settings at scale

This creates a significant operational challenge because:

• Azure does not provide a native bulk update mechanism for diagnostic settings
• Existing configurations continue pointing to old workspaces
• Monitoring becomes fragmented and inconsistent

Real-World Customer Scenario

A large enterprise customer managing 1000+ Azure resources across multiple subscriptions had a critical challenge:

• They had multiple Log Analytics Workspaces created over time
• Logs were distributed across environments, making troubleshooting difficult
• Their security team mandated a move to a centralized monitoring workspace

The Problem

• No native way to migrate diagnostic settings in bulk
• Reconfiguring manually would take weeks
• Risk of missing logs during transition

The Need

They needed a solution to:

• Remove existing diagnostic settings
• Reconfigure all resources
• Ensure zero monitoring gaps

Solution Overview

This script automates:

✅ Discovery of all Azure resources
✅ Removal of existing diagnostic settings
✅ Application of a standardized diagnostic setting
✅ Routing logs & metrics to a central Log Analytics Workspace

 How the Script Works

Step 1: Define Inputs

$NEW_LAW_ID = "/subscriptions/<subid>/resourceGroups/<resource group id>" $DiagName = "send-to-central-law" $LogsJson = '[{"categoryGroup":"allLogs","enabled":true}]' $MetricsJson = '[{"category":"AllMetrics","enabled":true}]'

Step 2: Fetch All Resources

$Resources = az resource list -o json | ConvertFrom-Json

Step 3: Process Each Resource

For every resource:

• Remove existing diagnostic settings
• Apply new diagnostic setting pointing to central LAW
• Handle unsupported resources gracefully

 Flow: LAW Migration Scenario

BEFORE: Resource A ───► LAW-1 Resource B ───► LAW-2 Resource C ───► LAW-3

❌ Fragmented monitoring AFTER 

(Post Script Execution): All Resources ───► Central LAW

✔ Unified logging ✔ Centralized monitoring ✔ Simplified operations

Benefits for Customers

✅ Centralized Monitoring

Single workspace for all logs and metrics

✅ Faster Incident Response

Complete telemetry available in one place

✅ Consistency at Scale

Standardized configuration across resources

✅ Migration Enablement

Supports bulk redirection to new LAW

✅ Reduced Operational Effort

No manual per-resource configuration

Script vs Azure Policy

Azure Policy Limitations

• Primarily effective for new resources
• Cannot easily update existing diagnostic settings
• May create duplicate configurations
• Requires remediation cycles

Why This Script is More Effective (For Migration)

✅ Bulk update of existing resources
✅ Immediate execution (no delay)
✅ Cleans up old configurations
✅ Ensures consistent redirection to new LAW

Best Practice

👉 Use this script for one-time migration/remediation
👉 Use Azure Policy for ongoing governance

Key Limitations

No Direct Migration Between Workspaces

Azure does not support direct migration of logs from one Log Analytics Workspace to another.

This means:

• Historical data cannot be moved
• Only new logs can be redirected

Reference:
Log Analytics workspace overview - Azure Monitor | Microsoft Learn

Diagnostic Settings Are Resource-Level

• Must be configured per resource
• No native bulk update feature

 Reference:
Diagnostic Settings in Azure Monitor - Azure Monitor | Microsoft Learn

Not All Resources Supported

Some resources:

• Do not support diagnostic settings
• Will be skipped by the script

 Azure Limits

• Max 5 diagnostic settings per resource

Eventual Consistency

• Deletion and creation may not be instantaneous

Permissions Required

• Monitoring Contributor
• OR Contributor / Owner

 Full Script

# ================================
# INPUT VARIABLES (YOUR VALUES)
# ================================

$NEW_LAW_ID = "/subscriptions/91dac1c9-8eb0-4ed4-bf61-16be033f41a2/resourceGroups/<rgname>/providers/Microsoft.OperationalInsights/workspaces/log-central-prod"
$DiagName = "send-to-central-law"

# Correct JSON (DO NOT CHANGE)
$LogsJson = '[{"categoryGroup":"allLogs","enabled":true}]'
$MetricsJson = '[{"category":"AllMetrics","enabled":true}]'

# ================================
# GET ALL RESOURCES
# ================================

Write-Host "Fetching all Azure resources..."

$Resources = az resource list -o json | ConvertFrom-Json

Write-Host "Total resources found: $($Resources.Count)"
Write-Host "------------------------------------------"

# ================================
# LOOP THROUGH EACH RESOURCE
# ================================

foreach ($res in $Resources) {

    $RES_ID   = $res.id
    $RES_NAME = $res.name
    $RES_TYPE = $res.type

    Write-Host ""
    Write-Host "Processing: $RES_NAME ($RES_TYPE)"

    # =========================================
    # STEP 1: DELETE EXISTING DIAGNOSTIC SETTINGS
    # =========================================

    try {
        $ExistingDiags = az monitor diagnostic-settings list --resource $RES_ID -o json 2>$null | ConvertFrom-Json

        if ($ExistingDiags -and $ExistingDiags.value -and $ExistingDiags.value.Count -gt 0) {

            foreach ($diag in $ExistingDiags.value) {
                Write-Host "  Removing: $($diag.name)"

                az monitor diagnostic-settings delete `
                    --name $diag.name `
                    --resource $RES_ID `
                    --output none 2>$null
            }
        }
    }
    catch {
        Write-Host "  ⚠️ Skip delete (not supported)"
    }

    # =========================================
    # STEP 2: CREATE NEW DIAGNOSTIC SETTING
    # =========================================

    try {
        az monitor diagnostic-settings create `
            --name $DiagName `
            --resource $RES_ID `
            --workspace $NEW_LAW_ID `
            --logs $LogsJson `
            --metrics $MetricsJson `
            --output none 2>$null

        if ($LASTEXITCODE -eq 0) {
            Write-Host "  ✅ Applied"
        }
        else {
            Write-Host "  ❌ Failed"
        }
    }
    catch {
        Write-Host "  ⚠️ Not supported / skipped"
    }
}

Write-Host ""
Write-Host "🎉 Completed applying diagnostic settings to all resources!"

 Conclusion

Centralized monitoring is a critical pillar of cloud operations. While Azure provides powerful tools, gaps still exist when it comes to bulk updating diagnostic settings across existing resources.

This script helps bridge that gap by enabling:

• Rapid migration to centralized monitoring
• Consistent configuration across environments
• Improved operational visibility

When combined with Azure Policy, it provides a complete monitoring strategy for both current and future resources.

Final Thoughts

If you're managing large Azure environments and planning a Log Analytics Workspace consolidation, this approach can significantly reduce effort while ensuring no loss of monitoring visibility.

Happy Monitoring!