Limitations of Azure Managed Grafana
Azure Managed Grafana delivers the native Grafana functionality in the highest possible fidelity. There are some differences between what it provides and what you can get by self-hosting Grafana. As a general rule, Azure Managed Grafana disables features and settings that might affect the security or reliability of the service and individual Grafana instances it manages.
Current limitations
Azure Managed Grafana has the following known limitations:
All users must have accounts in Microsoft Entra ID. Third-party accounts aren't supported. As a workaround, use the default tenant of your Azure subscription with your Grafana instance and add other users as guests.
Installing, uninstalling and upgrading plugins from the Grafana Catalog isn't possible.
Querying Azure Data Explorer might take a long time or return 50x errors. To resolve these issues, use a table format instead of a time series, shorten the time duration, or avoid having many panels querying the same data cluster that can trigger throttling.
Users can be assigned the following Grafana Organization level roles: Admin, Editor, or Viewer. The Grafana Server Admin role isn't available to customers.
Some Data plane APIs require Grafana Server Admin permissions and can't be called by users. This includes the Admin API, the User API and the Admin Organizations API.
Azure Managed Grafana currently doesn't support the Grafana Role Based Access Control (RBAC) feature and the RBAC API is therefore disabled.
Unified alerting is enabled by default for all instances created after December 2022. For instances created before this date, unified alerting must be enabled manually by the Azure Managed Grafana team. For activation, open a support ticket.
-
Only Azure subscriptions billed directly through Microsoft are eligible for the purchase of Grafana Enterprise. CSP subscriptions, i.e., Azure subscriptions billed through Cloud Solution Providers (CSP), are ineligible.
Current User authentication
The Current User authentication option triggers the following limitation. Grafana offers some automated features such as alerts and reporting, that are expected to run in the background periodically. The Current User authentication method relies on a user being logged in, in an interactive session, to connect a data source to a database. Therefore, when this authentication method is used and no user is logged in, automated tasks can't run in the background. To leverage automated tasks, we recommend setting up another data source with another authentication method or configuring alerts in Azure Monitor.
Feature availability in sovereign clouds
Some Azure Managed Grafana features aren't available in Azure Government and Microsoft Azure operated by 21Vianet due to limitations in these specific environments. The following table lists these differences.
Feature | Azure Government | Microsoft Azure operated by 21Vianet (Preview) |
---|---|---|
Private link | Not supported | Not supported |
Managed private endpoint | Not supported | Not supported |
Team sync with Microsoft Entra ID | Preview | Preview |
Enterprise plugins | Not supported | Not supported |
Throttling limits and quotas
The following quotas apply to the Essential (preview) and Standard plans.
Limit | Description | Essential | Standard |
---|---|---|---|
Alert rules | Maximum number of alert rules that can be created. | Not supported | 500 per instance |
Dashboards | Maximum number of dashboards that can be created. | 20 per instance | Unlimited |
Data sources | Maximum number of datasources that can be created. | 5 per instance | Unlimited |
API keys | Maximum number of API keys that can be created. | 2 per instance | 100 per instance |
Data query timeout | Maximum wait duration for the reception of data query response headers, before Grafana times out. | 200 seconds | 200 seconds |
Data source query size | Maximum number of bytes that are read/accepted from responses of outgoing HTTP requests. | 80 MB | 80 MB |
Render image or PDF report wait time | Maximum duration for an image or report PDF rendering request to complete before Grafana times out. | Not supported | 220 seconds |
Instance count | Maximum number of instances in a single subscription per Azure region. | 1 | 50 |
Requests per IP | Maximum number of requests per IP per second. | 90 requests per second | 90 requests per second |
Requests per HTTP host | Maximum number of requests per HTTP host per second. The HTTP host stands for the Host header in incoming HTTP requests, which can describe each unique host client. | 45 requests per second | 45 requests per second |
Each data source also has its own limits that can be reflected in Azure Managed Grafana dashboards, alerts and reports. We recommend that you research these limits in the documentation of each data source provider. For instance:
- Refer to Azure Monitor to learn about Azure Monitor service limits including alerts, Prometheus metrics, data collection, logs and more.
- Refer to Azure Data Explorer to learn about Azure Data Explorer service limits.
Managed identities
Each Azure Managed Grafana instance can only be assigned one managed identity, user-assigned or system-assigned, but not both.