How to leverage Azure Monitor to meet functional and non-functional requirements - No.1 overview
Published Aug 22 2022 05:38 PM 6,969 Views

Azure Monitor can be used for centralized monitoring and analysis of log data by using Kusto queries, so Azure Monitor allows you to effectively monitor and visualize Azure resources. Azure Arc also empowers Azure Monitor to expand its capabilities to on-premises and other public clouds. You can monitor every resource across environments, Azure, AWS, GCP, OCI, on-premise and others, with Azure Monitor and Azure Arc, then Azure Monitor minimizes your effort to manage all the resources regardless of location or environments. Refer to Azure Monitor overview article for the detail.

daisami_0-1661214302099.png daisami_1-1661214321174.png


Azure Monitor is a very powerful solution, but customers and partners sometimes have a challenge mapping Azure Monitor features to their functional and non-functional requirements. These series of articles describe how to use various Azure Monitor features in terms of functional and non-functional requirements.

Note: ISVs and partners offer 3rd party monitoring solutions on Azure Marketplace, so you might use the solutions if Azure Monitor might not work well for the requirements.


Here are popular monitoring objectives based on functional and non-functional requirements for monitoring. 

Article No

Monitoring objective

Monitoring target





Monitor reboot frequency for availability check




Monitor CPU usage




Monitor memory usage


Compute/Inside OS

log file

Monitor Event Log and syslog




Monitor available process




Monitor disk usage




Monitor folder usage and file size


Endpoint/IPv4 address


Monitor specific address and port


Web site


Monitor web scenario




Monitor vNiC and VNET peering




Monitor Azure Firewall rule usage




Monitor backup status


Azure Resources

Resource health

Monitor resource availability


Then, these series articles dives deeply into each requirement. Here are check items for the objectives. 



Goal and outcome




Azure Monitor can satisfy functional requirements




Azure Monitor can setup short granularity for detections




Azure Monitor can setup thresholds for detections




Azure Monitor can setup retry for detections




Azure Monitor can suspend and resume for alert actions




Azure Monitor can send a mail based on detection results




Azure Monitor can retrieve workspace logs with specified duration




Azure Monitor can visualize statistic data including old one




Azure Monitor can have primary action based on alert rules




Azure Monitor can send check results


Note: You might need to consider another way if you have to meet scenarios as follow.

  1. Monitor resources with less than 1 minute interval
    Azure Monitor offers 1 min aggregation granularity as a minimum. You might need to look for 3rd party solutions if you require to check resources in less than 1 minute for example Zabbix, nagios, or others.
  2. Monitor network with SNMP
    Azure network status can be monitored by configuring "diagnostic setting". Azure Monitor offers great monitoring features to meet most cases, but Azure Monitor doesn't offer snmp agent or snmpwalk agent.


1. Prerequisites

You will have to complete the three configurations below before following these series of articles for Azure Monitor.


1.1. Setup Log Analytics workspace

Azure Monitor uses "metrics" and "logs" for its data. Metric refers to system info for Azure resources, for example CPU usage and memory usage. Log refers to Event Log and syslog. Each Azure resource has settings named as "diagnostic setting" and "activity log", which store logs of the resources on Azure services; for example Log Analytics, Azure Storage, and others. Especially, Log Analytics workspace can be used for analysis and troubleshooting with Kusto query.


1.2. Setup Azure Blob Storage

You can store logs on Azure Blob Storage  "diagnostic setting" log and "activity log". Azure Blob Storage can be used to store logs with long term duration in terms of security rules for example regional compliances.

While Log Analytics can store logs up between 4 and 730 days and can set retention time of up to 2,555 days, Azure Blog Storage can store logs up to 500TB regardless durations. We should choose data stores depending on use cases.

1.3. Setup Azure VM

Azure VM is used to take logs. Create Azure VM by following an article here. Open Azure Portal with browser and choose your Log Analytics workspace. Select "Virtual Machine" on left menus. Your fresh VM is not connected to any Log Analytics workspace, thus you need to connect your VM to a Log Analytics workspace. Please note that the VM is required to be running when you enable the VM to connect to a Log Analytics workspace. This operation will install and lunch Log Analytics agent on the VM.

2. Key tips to leverage Azure Monitor for enterprise use cases

Here should be useful tips to configure Azure Monitor for enterprise hybrid network requirements.


2.1. Access Log Analytics workspace with private network

AMPLS(Azure Monitor Private Link Scope) can allow you to have closed network access. Log Analytics workspace is required to setup "Network Isolation - Public Access" as "No", thus users privately access to the workspace. Log Analytics or Azure Monitor agent prefers to Azure DNS records than others, so the agent sends logs with HTTPS to Log Analytics workspace via private IP addresses of the workspace FQDN.


2.2. Check connectivity with Log Analytics workspace via proxy servers

You can check the status with CUI commands.


2.3. Allow omsagent to access some FQDN

omsagent uses https protocol as 443/tcp and access to some FQDN. You need to configure Azure Firewall and NVA to allow omsagent to access the FQDN if your VM needs to use Azure Firewall or NVA for outbound access. Refer to this article for details.


2.4 Retrieve all Log Analytics table

We can check Log Analytics tables on Azure Portal, but Azure Portal would show with only metadata and no logging data. We can retrieve all tables having logging data by using search operator with a wildcard. The result contains a $table column that represents the table in which record was found, thus the distinct operator is used to create a list of unique tables.



search *
| distinct $table




Now, we can start these series articles for Azure Monitor. In next post, we will dive deep to "Compute" monitoring objective.


Update date note
2022/9/2 add link for Storage/Disk monitoring
2022/8/29 add "2.4 Retrieve all Log Analytics table" section
2022/8/22 first publish


Version history
Last update:
‎Feb 14 2023 04:40 PM
Updated by: