Overview- Monitor Azure Sphere resources

When you have critical applications and business processes relying on Azure resources, you want to monitor those resources for their availability, performance, and operation. This section describes the monitoring data generated by Azure Sphere and how you can use the features of Azure Monitor to analyze and alert on this data.

You can monitor your data with the following options:

  • Monitor from Azure Sphere portal: You can monitor with the metrics available within the Metrics tab of the Azure Sphere catalog. The metrics on this tab include AttestationCount and ErrorCount metrics. To learn more, see Monitoring data collected from Azure Sphere.

  • Monitor with metrics in Azure monitor: You can monitor the metrics of your Azure Sphere catalog and create dashboards from the Azure Monitor. Azure Monitor collects the Azure Sphere catalog metrics by default, you will not need to explicitly configure anything. Most of the metrics that are available from the previous options are also available in these metrics. The dimension values for the metrics such as container name are case-insensitive. So you need to use case-insensitive comparison when doing string comparisons on these dimension values. To learn more, see Analyze metric data.

  • Monitor with diagnostic logs in Azure Monitor: You can monitor the logs of your Azure Sphere catalog and create dashboards from the Azure Monitor. Data such as device events and user activity are stored as logs. For example, if the device authentication with Azure Sphere Security Service (AS3) failed, or the Device Group in your catalog was changed - these events are captured within the logs. You can analyze these logs by running queries on the gathered data. To learn more, see Analyze log data.

What is Azure Monitor?

Azure Sphere catalog creates monitoring data using Azure Monitor, which is a full-stack monitoring service in Azure that provides a complete set of features to monitor your Azure resources in addition to resources in other clouds and on-premises.

If you're not already familiar with monitoring Azure services, start with the article Monitoring Azure resources with Azure Monitor, which describes the following concepts:

  • What is Azure Monitor?
  • Costs associated with monitoring
  • Monitoring data collected in Azure
  • Configuring data collection
  • Standard tools in Azure for analyzing and alerting on monitoring data

The following sections build on this article by describing the specific data gathered from Azure Sphere and providing examples for configuring data collection and analyzing this data with Azure tools.

Monitor data

Azure Sphere collects the same kinds of monitoring data as other Azure resources, which are described in Monitoring data from Azure resources. See Monitoring Azure Sphere data reference for a detailed reference of the logs and metrics created by your Azure Sphere devices.

Collect and route data

Platform metrics and the Activity log are collected and stored automatically but can be routed to other locations by using a diagnostic setting.

Resource Logs aren't collected and stored until you create a diagnostic setting and route them to one or more locations.


You will need to have an existing Azure Storage account, Event Hub, Log Analytics workspace or Azure Monitor partner integration to route data to.

See Create diagnostic setting to collect platform logs and metrics in Azure for the detailed process for creating a diagnostic setting using the Azure portal and some diagnostic query examples.

When you create a diagnostic setting, you specify which categories of logs to collect. The metrics and logs you can collect are discussed in the following sections.

Analyze metrics

You can analyze metrics for Azure Sphere with metrics from other Azure services using Metrics Explorer. For more information on this tool, see Getting started with Azure Metrics Explorer.

To open Azure Monitor metrics explorer, go to the Azure portal and open your Azure Catalog, then select Metrics under Monitoring. This explorer is scoped by default to the platform metrics emitted by your Azure Sphere catalog.

For a list of the platform metrics collected for Azure Sphere, see Metrics in the Monitoring Azure Sphere data reference. For a list of the platform metrics collected for all Azure services, see Supported metrics with Azure Monitor.

Analyze logs

Data in Azure Monitor Logs is stored in tables where each table has its own set of unique properties.

All resource logs in Azure Monitor have the same fields followed by service-specific fields. The common schema is outlined in Azure Monitor resource log schema. For a list of the types of resource logs collected for Azure Sphere, see the table below.

Azure Sphere stores data in the following tables.

Table Description
ASCDeviceEvents Stores all device related events for the Azure Sphere catalog Resource.
ASCAuditLogs Stores all user actions performed on Azure Sphere catalog Resource.
AzureActivity Common table that stores all records from the Activity log for all Resources.

The Activity log is a platform that provides insight into subscription-level events. You can view it independently or route it to Azure Monitor Logs, where you can do much more complex queries using Log Analytics.

Sample Log Analytics queries

Prior to using Log Analytics to issue Kusto queries, you must enable diagnostic logs within Diagnostic Settings.

When you select Logs from the Azure Sphere catalog menu, Log Analytics is opened with the query scope set to the current Azure Sphere catalog. Log queries will only include data from that resource.


If you want to run a query that includes data from other accounts or data from other Azure services, select Logs from the Azure Monitor menu. For more information, see Log query scope and time range in Azure Monitor Log Analytics. These examples are just a small sampling of the rich queries that can be performed in Azure Monitor using the Kusto Query Language. For more information, see samples for Kusto queries.


Azure Monitor alerts proactively notify you when important conditions are found in your monitoring data. They allow you to identify and address issues in your system before your customers notice them. You can set alerts on metrics, logs, and the activity log. Different types of alerts have benefits and drawbacks.

For example, the following table lists a few alert rules for your resources. You can find a detailed list of alert rules from the Azure portal. To learn more, see how to configure alerts article.

Alert type Condition Description
Device event alert Dimension name: Device_Heartbeat_Events, Operator: Less than, Dimension values: 1 Alert if the fleet's device heartbeat falls below a certain threshold.
Audit event alert Operator: Greater than, Aggregation type: Count, Threshold value: 1 Alert when user performed an audit activity. For example, change Device Group Name.

Next steps