Azure Monitoring Packs - V2 is out!
Published Apr 10 2024 11:14 AM 5,653 Views

What is new 

Since the earlier release, many things changed in the Azure Monitor Starter Packs. Starting with the name. We shall call them Azure Monitoring packs from now on! The packs continue to be a starting point and to evolve constantly. Let's see what else is new: 

  • Azure Services monitoring – powered by the splendid work done by the AMBA (Azure Monitor Baseline Alerts) team, the packs now include Azure services, like Key Vault, Load Balancers and others, divided into two categories, PaaS and Platform. The alerting configuration has been ported into the packs and the details are published here on the AMBA website. 
  • AVD Accelerator Alerts integration - as part of the packs experience, the AVD alerts can be enabled using the Admin workbook, the same way other packs are enabled. See details below. 
  • Augmented Monitoring (preview) - by using Azure Compute Galleries and VM Applications, packs can now have scripting or code added to the monitored servers to enrich data collection. This feature is only available for Azure VMs for now (no Azure Arc). 
  • Workload discovery (preview) - also using VM Applications, Roles and applications installed on the servers, allow workloads to be discovered and for easier targeting when enabling specific packs. This feature is only available for Azure VMs for now (no Arc). 

New Architecture 

The new architecture includes a few added items, including a Compute Gallery to host VM applications. By using VM Apps, packs can gather specific data to improve the monitoring capabilities. As an example, the Active Directory Monitoring Pack prototype included in the current solution will install a Scheduled task on targeted Windows VMs (domain controllers) that will collect specific data related to active directory. This data is exclusively related to active directory and is not available from the default counters and events. Hence there is the need for augmented monitoring. 

The same way, for the discovery process, Windows and Linux virtual machines receive a VM Application that will install a scheduled task (windows) or a cronjob (Linux) to generate a list of installed applications and roles (Windows). 

In both cases, the data is collected using a data collection rule. 

The diagram and details below are a general description of how the pack and the management work. JoseFehse_0-1712171241443.jpeg


  1. The admin workbook is used to enable/disable monitoring (tags), enabling or disabling alerts and reconfigure action groups and to manage policies (remediate, evaluate and re-assign). 
  2. The logic app is triggered by the workbook ARM (Azure Resource Manager) actions and decides which function to call (policymgmt, alertmanagement or tagmgmt) to perform the proper actions. The function also includes an API function called config to allow for specific data to be gathered and tailored by the function and then released to the workbook. Additionally, there is a compliance function that will run every 6 hours to guarantee alerts and DCR (Data Collection Rules) associations are created. 
  3. The function apps execute the actions as per above. The 'tagmgmt' function also installs AMA (Azure Monitor agents) if not present. 
  4. Once tagging is detected by a specific policy, a DCR association is created between the pack specific rule and the targeted VM(s). 
  5. Alerts Rules are mostly Scheduled query alerts and run on specific schedules, generating the specified alerts. 
  6. Azure Managed Grafana has dashboards created to provide a rich experience for the customers. 
  7. For Discovery of workloads, a VM Application is deployed to Azure VMs to generate the discovery data and a DCR collects the data, which is shown in the Admin Workbook. VM Applications can also be used by packs that require richer data. 
  8. For PaaS and platform services, when tagged, policies will generate the required alerts following the guidance from the AMBA documentation. 
  9. For PaaS and platform services, Alerts are usually created by the policies themselves. Policies can, if needed, deploy diagnostics settings, which will send data to the log analytics workspace. 
  10. The discovery component uses a VM Application and a DCR to collect installed applications in Windows and Linux. The data is added to a custom table in the Log Analytics workspace and can be used to help onboarding discovered workloads. 



The setup process has been updated to offer more options, including deployment to Azure Government: 




There is now an instance name to be added, to allow multiple instances to be deployed: 




Azure Managed Grafana is now an optional component. However certain packs will have dashboards only for Grafana. If you would like to use your own instance of Grafana, the dashboards can be imported separately. 

There is also a choice to deploy only IaaS, PaaS or Platform packs: 




Feedback and collaboration 

Like cowbell, we need more packs! If you want to collaborate, please contact or submit a new PR (pull request) with content. Also, please submit issues here if you have any suggestions or find any bugs.

Head right now to the repository and start using the Azure Monitoring Packs!

1 Comment
Version history
Last update:
‎Apr 03 2024 12:17 PM
Updated by: