Diagnostic setting private connectivity

Grafton, Darren 21 Reputation points
2022-11-15T22:27:16.647+00:00

When we setup diagnostic settings to send logs to a log analytics workspace, there doesn't seem to be an option for connecting the setting to a virtual network. Is the logging information gathered privately in Azure?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,079 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
1,403 questions
0 comments
Accepted answer
  1. Alistair Ross 6,246 Reputation points Microsoft Employee
    2022-11-16T10:10:23.907+00:00

    Hello @Grafton, Darren

    Diagnostics are not routed through a public network. Our documentation on Azure Monitor Private Link scope states the following:

    Logs and metrics uploaded to a workspace via Diagnostic Settings go over a secure private Microsoft channel and are not controlled by these settings.
    https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design#diagnostic-logs

    I hope this helps provide you with the information you need. If it does, please make sure to mark the question as answered so it helps other people in future.

    Kind regards

    Alistair

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 32,636 Reputation points Microsoft Employee
    2022-11-16T10:42:01.573+00:00

    Hello @Grafton, Darren ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know if the diagnostic settings to send logs to a log analytics workspace happens privately in Azure.

    Logs and metrics uploaded to a workspace via Diagnostic Settings go over a secure private Microsoft channel.
    Refer : https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design#exceptions

    However, if you would like to connect privately to Azure Monitor ensuring that your monitoring data is only accessed through authorized private networks, then you could setup Azure Private Link to connect networks to Azure Monitor.
    Refer : https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-security
    https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design
    https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-configure

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments