Blog Post

Core Infrastructure and Security Blog
4 MIN READ

A Starting Point for Monitoring Azure

edzonca's avatar
edzonca
Icon for Microsoft rankMicrosoft
Apr 04, 2022

 

Hi All,

 

Well, usually we concentrate on the monitoring of Azure Resources, as component, for example, how I can monitor my VM or my Apps, but Is also important, check the Azure Infrastructure. Not our resources in Azure, but the status of the infrastructure that is hosting our resources.

Obviously, the Azure Infrastructure (service, datacenter…) is monitored by Microsoft, which is one of the advantages of an Azure cloud solution instead of, or in conjunction with, an on-premises service. For more detail, Azure IaaS is described more on this page. Here is a light overview:

 

 

As you can see, in all three version of our services the “physical infrastructure” is controlled by Microsoft.

 

Now that we’ve lightly touched the high level, how can we check if there are any issues with the Azure Infrastructure?

The answer is Azure Status, if you follow this link, you can find an updated page of the Azure Status:

 

 

Here you can find the status of Azure divide for Country and type of Service.

But you cannot stay all day to check if there are any issues on this page! And finally, we arrived at the crucial point of the article.

How can we stay updated on the Azure Status?

 

You have three points of information: Azure Service Health, Azure Resource Health, Azure Activity Log

Let’s have a look

 

  • Azure Service Health

Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. Configure customizable cloud alerts and use your personalized dashboard to analyze health issues, monitor the impact on your cloud resources, get guidance and support, and share details and updates.

  • Azure Resource Health

Azure Resource Health helps you diagnose and get support for service problems that affect your Azure resources. It reports on the current and past health of your resources.

  • Azure Activity Log

The Activity log is a platform log in Azure that provides insight into subscription-level events. This includes such information as when a resource is modified or when a virtual machine is started

 

Our goal is to be alerted when there is any problem with that, so we need to setup an alert.

 

Azure Service Health

Service Health as I told you, is designed to notify you about Azure service incidents and planned maintenance, so we can take the correct actions.

Go to Azure Portal and select Azure Service Health:

 

 

Click on Add Service Health Alert:

 

 

 

In this wizard you can specify some criteria and details of your alerts. I want to draw your attention to Event Type (which event triggers the alert):

 

 

You can also filter the alarm through Services and Regions filter. You can find many criteria

Remember that you need to create an Alert for each Subscription. I know that is boring, but you can use an ARM template to deploy the alerts. Follow this link à Template to create Resource Health alerts - Azure Service Health | Microsoft Docs

 

At the end, you must specify the name of the alert and the action group

  • Service issues - Problems in the Azure services that affect you right now.
  • Planned maintenance - Upcoming maintenance that can affect the availability of your services in the future.
  • Health advisories - Changes in Azure services that require your attention. Examples include deprecation of Azure features or upgrade requirements (e.g upgrade to a supported PHP framework).
  • Security advisories - Security related notifications or violations that may affect the availability of your Azure services.

 

Azure Resource Health

 

Azure Resource Health is designed to be alerted when your Resource is not ok and needs some attention from you.

As we see for Azure Service Health you must create an alert:

 

 

I want to draw you attention on some parameters:

  • Resource Group à This fits you very well, if you divide your resources into different resource group for environment, you can apply this alert only for Production Resources.
  • Resource à you can specify specifically what is the resource that you want to put under monitoring.

In the section “Alert Condition,” you can specify some filter to have an alert more insight on what you need, for example you create an when a Resource change is status from available to unknown or an alert that is triggered when the event is started by a Platform initialization)

 

Azure Activity Log

 

I am asking you this question: “Why is important to store what all the users have done in your Azure subscriptions?”

 

So, it's important for three big reasons:

  • Track the owner or the creator of a Resource in Azure
  • Create a report on the utilization of our resources (ex: how many time was rebooted a VM)
  • Detect anomalies on Activities (ex: users create a lot of unnecessary resources)

 

That information is stored in Azure for 90 days by default, you can enable the export on a Log Analytics workspace, selecting the tab activity log on a subscription and then, Export Log  

 

 

Now you can query the data on your Log Analytics workspace.

 

Remember, it is not relevant that you are an IT infrastructure or an application owner, is important that you have your scope under control.

 

Thanks for reading!

 

Very Helpful Links:

Updated Apr 04, 2022
Version 2.0
  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor

    How come Defender for Cloud is listed twice? looks like a bug