How to get vm insight metrics using azure policy?

Hello Padmanabhan M,

Thank you for reaching out to the Microsoft Q&A forum.

To enable and get insight metrics of a virtual machine (VM) using Azure Policy, you will need to ensure that the Azure Monitor diagnostics are enabled for the VM, and the necessary policies are in place to enforce monitoring and gather the desired metrics.

Here’s a step-by-step guide to enable monitoring and retrieve VM insights using Azure Policy:

1. Enable Azure Monitor Diagnostics for VMs

To gather insight metrics (such as CPU usage, disk I/O, network traffic, etc.), you need to enable Azure Monitor diagnostics on your VMs. This can be done through the Azure Policy to ensure compliance.

Key Steps:

Create or Assign Azure Policy: You can use a built-in Azure Policy or create a custom policy to enforce the enabling of Azure Monitor diagnostics on your virtual machines.

Azure has a built-in policy called "Deploy diagnostic settings for virtual machines" that you can use to enable diagnostics on VMs.

If you’re using a custom policy, you can create one that ensures diagnostics are enabled for your VMs.

Assign the Policy:

Go to the Azure Portal.

Navigate to Policy under the Governance and Compliance section.

In the Definitions section, search for "Deploy diagnostic settings for virtual machines".

Click Assign and select the Scope (Subscription or Resource Group).

Set the Parameters for the diagnostic settings (e.g., which logs and metrics to collect).

Click Assign to enforce the policy.

Example: Using Azure CLI to assign a policy

You can also assign this policy via Azure CLI:

az policy assignment create \
  --policy "a6a254a0-1adf-4b59-b18f-8db5152e32f0" \
  --scope "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}"

This built-in policy ensures that diagnostics are enabled on all VMs, including enabling necessary logging (e.g., performance counters, boot diagnostics).

2. Configure Diagnostic Settings

Once the policy is assigned, diagnostic settings will be deployed on your VMs, and the metrics will be sent to Azure Monitor, where you can view the insights.

Steps:

Go to the VM in the Azure Portal.

Under the Monitoring section, select Diagnostics settings.

Here, you can either create new diagnostic settings or verify existing ones.

Send to Log Analytics: Choose to send the diagnostic data to Log Analytics workspaces, which can then be used to query and visualize metrics and logs.

Send to Event Hub: Optionally, send data to an Event Hub for streaming.

Send to Storage: Optionally, send the diagnostics data to Storage.

By configuring these settings, you ensure that Azure Monitor collects and stores the performance metrics.

3. Enable Insights Metrics in Azure Monitor

Once the diagnostic settings are in place, you can use Azure Monitor to gain insights into your VM’s performance.

Metrics: In Azure Monitor, navigate to Metrics and select the desired VM or resource group.

From the Metrics Explorer, you can select metrics like CPU usage, disk read/write operations, network in/out, etc.

You can also set up alerts for specific conditions (e.g., CPU usage > 80%).

Insights: You can also use Azure Monitor Insights for deeper analysis. For example:

VM Insights: Provides detailed metrics about the VM, such as health, performance, and usage statistics.

Azure Monitor Logs: Use Log Analytics queries to gain deeper insights. For example, you can query logs related to VM performance:

InsightsMetrics
| where Resource == "your-vm-name"
| where ResourceType == "VirtualMachine"
| where Name == "Percentage CPU"
| summarize avg(Total) by bin(TimeGenerated, 5m)

4. Create Alerts for Metrics

You can create alerts based on the metrics you want to monitor. For instance, you might want to create an alert if CPU usage exceeds a certain threshold.

Steps to create an alert:

Navigate to Azure Monitor > Alerts.

Select + New Alert Rule.

Choose the VM as the resource and select the metric (e.g., CPU usage).

Set the condition (e.g., CPU > 80% for 5 minutes).

Set the action group to send notifications (email, SMS, etc.).

Click Create to set up the alert.

5. Use Built-in VM Insights (Optional)

Azure provides VM Insights, a feature within Azure Monitor that allows you to monitor the performance and health of VMs with richer, pre-built dashboards.

To enable VM Insights:

Go to the Azure Portal and search for VM Insights.

Click on the Enable button.

Once enabled, VM Insights will provide rich visualization dashboards for performance counters, VM health, and more.

You can also query this data in Log Analytics for detailed insights into your VMs.

6. Compliance and Governance

If you're looking to ensure compliance across multiple VMs:

• You can check the Compliance section under the Policy service in Azure Portal.
• If the policy is correctly assigned and enforced, your VMs will show up as compliant for diagnostic settings and monitoring.
• You can use Azure Policy Compliance Scans to regularly verify that the required diagnostics are enabled across your environment.

Summary of Steps:

1. Create/Assign Azure Policy to deploy diagnostic settings on VMs.
2. Enable Diagnostic Settings to send metrics to Azure Monitor, Log Analytics, or Event Hub.
3. View and Analyze Metrics via Azure Monitor and VM Insights.
4. Optionally, Set up Alerts based on specific metrics.
5. Monitor Compliance to ensure policy enforcement.

With this approach, you’ll ensure that diagnostic settings are enabled across your VMs, and you can monitor them using Azure Monitor, while leveraging Azure Policy to enforce governance.