Modernizing monitoring is no longer just about replacing tools, it’s about adopting a platform approach that scales with cloud-first operations. More and more teams are standardizing on Azure Monitor as the central place to collect telemetry, query logs with KQL, build alerting strategies, and publish operational dashboards. At the same time, many enterprises still rely on System Center Operations Manager (SCOM) and years of investment in Management Packs that encode critical monitoring knowledge. This post looks at that real-world transition: how to move from SCOM’s Management Pack model to Azure Monitor’s logs, alerts, and data collection patterns-without starting from scratch.
Accelerating SCOM to Azure Monitor Migrations with Automated Analysis and ARM Template Generation
Azure Monitor has become the foundation for modern, cloud-scale monitoring on Azure. Built to handle massive volumes of telemetry across infrastructure, applications, and services, it provides a unified platform for metrics, logs, alerts, dashboards, and automation. As organizations continue to modernize their environments, Azure Monitor is increasingly the target state for enterprise monitoring strategies.
With Azure Monitor increasingly becoming the destination platform, many organizations face a familiar challenge: migrating from System Center Operations Manager (SCOM). While both platforms serve the same fundamental purpose—keeping your infrastructure healthy and alerting you to problems—the migration path isn’t always straightforward.
SCOM Management Packs contain years of accumulated monitoring logic: performance thresholds, event correlation rules, service discoveries, and custom scripts. Translating all of this into Azure Monitor’s paradigm of Log Analytics queries, alert rules, and Data Collection Rules can be a significant undertaking.
To help with this challenge, members of the community have built and shared a tool that automates much of the analysis and artifact generation.
The community-driven SCOM to Azure Monitor Migration Tool accepts Management Pack XML files and produces several outputs designed to accelerate migration planning and execution.
The tool parses the Management Pack structure and identifies all monitors, rules, discoveries, and classes. Each component is analyzed for migration complexity: some translate directly to Azure Monitor equivalents, while others require custom implementation or may not have a direct equivalent.
Results are organized into two clear categories:
- Auto-Migrated Components – Covered by the generated templates and ready for deployment
- Requires Manual Migration – Components that need custom implementation or review
Instead of manually authoring Azure Resource Manager templates, the tool generates deployable infrastructure-as-code artifacts, including:
- Scheduled Query Alert rules mapped from SCOM monitors and rules
- Data Collection Rules for performance counters and Windows Events
- Custom Log DCRs for collecting script-generated log files
- Action Groups for notification routing
- Log Analytics workspace configuration (for new environments)
For streamlined deployment, the tool offers a combined ARM template that deploys all resources in a single operation:
- Log Analytics workspace (create new or connect to an existing workspace)
- Action Groups with email notification
- All alert rules
- Data Collection Rules
- Monitoring Workbook
One download, one deployment command — with configurable parameters for workspace settings, notification recipients, and custom log paths.
The tool generates an Azure Monitor Workbook dashboard tailored to the Management Pack, including:
- Performance counter trends over time
- Event monitoring by severity with drill-down tables
- Service health overview (stopped services)
- Active alerts summary from Azure Resource Graph
This provides immediate operational visibility once the monitoring configuration is deployed.
Each migrated component includes the Kusto Query Language (KQL) equivalent of the original SCOM monitoring logic. These queries can be used as-is or refined to match environment-specific requirements.
The workflow is designed to reduce the manual effort involved in migration planning:
- Export your Management Pack XML from SCOM
- Upload it to the tool
- Review the analysis — components are separated into auto-migrated and requires manual work
- Download the All-in-One ARM template (or individual templates)
- Customize parameters such as workspace name and action group recipients
- Deploy to your Azure subscription
For a typical Management Pack, such as Windows Server Active Directory monitoring, you may see 120+ components that can be migrated directly, with an additional 15–20 components requiring manual review due to complex script logic or SCOM-specific functionality.
The tool handles straightforward translations well:
- Performance threshold monitors become metric alerts or log-based alerts
- Windows Event collection rules become Data Collection Rule configurations
- Service monitors become scheduled query alerts against Heartbeat or Event tables
Components that typically require manual attention:
- Complex PowerShell or VBScript probe actions
- Monitors that depend on SCOM-specific data sources
- Correlation rules spanning multiple data sources
- Custom workflows with proprietary logic
The tool clearly identifies which category each component falls into, allowing teams to plan their migration effort with confidence.
A Note on Validation
This is a community tool, not an officially supported Microsoft product. Generated artifacts should always be reviewed and tested in a non-production environment before deployment.
Every environment is different, and the tool makes reasonable assumptions that may require adjustment. Even so, starting with structured ARM templates and working KQL queries can significantly reduce time to deployment.
Try It Out
The tool is available at https://tinyurl.com/Scom2Azure.Upload a Management Pack, review the analysis, and see what your migration path looks like.
Microsoft