For a clearer picture

Category: Azure

ARM Templates and CI \ CD

ARM Templates

6 Ways Passing Secrets to ARM Templates

Best Practices For Using Azure Resource Manager Templates

Parts Unlimited GitHub Quick Start

Using Azure pipelines to deploy ARM templates

4 Tips for ARM-Templates in CI & CD Pipelines on VSTS

Part 5 – lessons learned

I was very pleasantly surprised by the rich amount of monitoring available within Azure that was effectively free.

The good points:

  • Free – there is no additional cost over the cost of the resource you are using.
  • Triaging can be done via pinning tiles to a dashboard.
  • 90 days retention so you can see short term history.

But …

  • There is no free alerting, notifications or automation. However, alerting and notifications do come in at very low cost so configuring alerts would be a logical next step. Azure Automation would require more thought depending on the use case.
  • Although you can triage via pinning tiles to a dashboard, you can’t query across multiple data streams. Using log analytics would allow you to collect that data into a single data store and then query that data across resources and indeed subscriptions. This makes it hugely more powerful
  • Is 90 days of history enough?
  • You are restricted in the metrics you can collect. Azure Application Insights and Log Analytics offer up huge extensibility that allow for much more granular metrics.

So my conclusion would be that the free monitoring offers a whole lot more than I thought it would. But for enterprise scale monitoring and visualisations you will need to look at Log Analytics to provide that scalability, extensibility and longer data retention periods than the free functionality provides.

Part 4 – Metrics

Part 4 – Metrics

Key information
  • Metrics are collected at one-minute frequency unless specified otherwise in the metric’s definition.
  • Stored for 90 days. You can copy metrics to Log Analytics for long term trending but that will incur storage costs.

There are standard metrics for almost every resource and you don’t have to do anything to enable them. Deploy your resource, sit back and wait for those metrics to start being collected.

There are a list of available metrics by resource and I’ve linked to the those for virtual machines here.

You can set the time period to display, the metric(s) and the resources. So with a few clicks of the mouse you can pin metrics tile to a dashboard to provide rich visualisations.

And as you can see from the above screenshot, you can also export the data to excel which would allow to build additional visualisations through Power View, Power BI or your other favourite visualisation \ analytical tool e.g. Tableau.

Rather than me go through each and every resource show casing the metrics available, I’d suggest taking a look through the above URL for the resource you are interested in and checking out the available “free” metrics.

Part 3 – Azure Activity Logs

Part 3 – Azure Activity Logs

Key Information

Activity Log data is retained for 90 days. You can export this e.g. to Azure Storage but that will start incurring charges which breaks our “free” criteria.

Azure Activity Logs action operations (PUT, POST, DELETE) as listed here.

So if I want to find out who deleted one of my Azure Application Insight web tests, I filtered on the resource group in the last month with delete as part of the operation.

I can download this data to csv free of charge but the two other options listed – Export to Event Hub and Logs (Log Analytics) – will incur charges so we will park those for a later article.

If you select an entry then in the bottom half of the portal you will be able to see more detailed summary details plus take an extract of the audit in json format which will give you more details about the activity e.g. the IP address from where the delete took place:

"authorization": {
"action": "microsoft.insights/webtests/delete",
"scope": "/subscriptions/**Sub ID**/ai-scomgsm-prod-rg/providers/microsoft.insights/webtests/MyWebTest"
"caller": "",
"channels": "Operation",
"claims": {
"aud": "",
"iss": "** Tenant Id **/",
"iat": "**",
"nbf": "**",
"exp": "**",
"": "1",
"aio": "**",
"": "pwd",
"appid": "**",
"appidacr": "2",
"e_exp": "262800",
"groups": "**",
"ipaddr": "** IP Address **",
"name": "** User **",
"": "** Tenant Id **",
"": "** User **",
"": "** User **",
"uti": "JZLmyAWzPkqofdcUdSYCAA",
"ver": "1.0",
"wids": "62e90394-69f5-4237-9190-012177145e10"
"correlationId": "24f963b3-701e-4e71-80ae-6123bc0aba8b",
"description": "",
"eventDataId": "fb1f9e5f-39ca-4db4-9410-1d0a247d86d7",
"eventName": {
"value": "EndRequest",
"localizedValue": "End request"
"category": {
"value": "Administrative",
"localizedValue": "Administrative"
"eventTimestamp": "2018-09-19T19:57:51.6021772Z",
"id": "/subscriptions/**Sub ID**/resourcegroups/ai-scomgsm-prod-rg/providers/microsoft.insights/webtests/MyWebTest/events/fb1f9e5f-39ca-4db4-9410-1d0a247d86d7/ticks/636729838716021772",
"level": "Informational",
"operationId": "3b93f5a5-feb5-4b6d-b16b-5dbef60e4e51",
"operationName": {
"value": "microsoft.insights/webtests/delete",
"localizedValue": "Delete web test"
"resourceGroupName": "ai-scomgsm-prod-rg",
"resourceProviderName": {
"value": "microsoft.insights",
"localizedValue": "Microsoft Insights"
"resourceType": {
"value": "microsoft.insights/webtests",
"localizedValue": "microsoft.insights/webtests"
"resourceId": "/subscriptions/**Sub ID**/resourcegroups/ai-scomgsm-prod-rg/providers/microsoft.insights/webtests/MyWebTest",
"status": {
"value": "Succeeded",
"localizedValue": "Succeeded"
"subStatus": {
"value": "",
"localizedValue": ""
"submissionTimestamp": "2018-09-19T19:58:19.1075243Z",
"subscriptionId": "**Sub ID**",
"properties": {
"statusCode": "OK",
"serviceRequestId": "29756e97-65ce-436f-b2ec-3f83d31a600a"
"relatedEvents": []

In the middle of the json; you’ll see category: administrative. There are a variety of different categories available which are discussed in detail here.

There is also another in depth knowledge article here – – so I’m not going to go into any more detail at this stage. These are very thorough articles which delve deep into what you can do with the Activity Log data that is available.