Monitor virtual machines with Azure Monitor
This guide describes how to use Azure Monitor to monitor the health and performance of virtual machines and their workloads. It includes collection of telemetry critical for monitoring and analysis and visualization of collected data to identify trends. It also shows you how to configure alerting to be proactively notified of critical issues.
This scenario describes how to implement complete monitoring of your enterprise Azure and hybrid virtual machine environment. To get started monitoring your first Azure virtual machine, see Monitor Azure virtual machines.
Types of machines
This guide includes monitoring of the following types of machines using Azure Monitor. Many of the processes described here are the same regardless of the type of machine. Considerations for different types of machines are clearly identified where appropriate. The types of machines include:
- Azure virtual machines.
- Azure Virtual Machine Scale Sets.
- Hybrid machines, which are virtual machines running in other clouds, with a managed service provider, or on-premises. They also include physical machines running on-premises.
Layers of monitoring
There are fundamentally four layers to a virtual machine that require monitoring. Each layer has a distinct set of telemetry and monitoring requirements.
|Virtual machine host||The host virtual machine in Azure. Azure Monitor has no access to the host in other clouds but must rely on information collected from the guest operating system. The host can be useful for tracking activity such as configuration changes, and basic alerting such as processor utilization and whether the machine is running.|
|Guest operating system||The operating system running on the virtual machine, which is some version of either Windows or Linux. A significant amount of monitoring data is available from the guest operating system, such as performance data and events. You must install Azure Monitor agent to retrieve this telemetry.|
|Workloads||Workloads running in the guest operating system that support your business applications. These will typically generate performance data and events similar to the operating system that you can retrieve. You must install Azure Monitor agent to retrieve this telemetry.|
|Application||The business application that depends on your virtual machines. This will typically be monitored by Application insights.|
The following table lists the different steps for configuration of VM monitoring. Each one links to an article with the detailed description of that configuration step.
|Deploy Azure Monitor agent||Deploy the Azure Monitor agent to your Azure and hybrid virtual machines to collect data from the guest operating system and workloads.|
|Configure data collection)||Create data collection rules to instruct the Azure Monitor agent to collect telemetry from the guest operating system.|
|Analyze collect data||Analyze monitoring data collected by Azure Monitor from virtual machines and their guest operating systems and applications to identify trends and critical information.|
|Create alert rules||Create alerts to proactively identify critical issues in your monitoring data.|
|Migrate management pack logic||General guidance for translation the logic from your System Center Operations Manager management packs to Azure Monitor.|
VM insights is a feature in Azure Monitor that allows you to quickly get started monitoring your virtual machines. While it's not required to take advantage of most Azure Monitor features for monitoring your VMs, it provides the following value:
- Simplified onboarding of the Azure Monitor agent to enable monitoring of a virtual machine guest operating system and workloads.
- Preconfigured data collection rule that collects the most common set of performance counters for Windows and Linux.
- Predefined trending performance charts and workbooks that you can use to analyze core performance metrics from the virtual machine's guest operating system.
- Optional collection of details for each virtual machine, the processes running on it, and dependencies with other services.
- Optional dependency map that displays interconnected components with other machines and external sources.
The articles in this guide provide guidance on configuring VM insights and using the data it collects with other Azure Monitor features. They also identify alternatives if you choose not to use VM insights.
Azure Monitor focuses on operational data like Activity logs, Metrics, and Log Analytics supported sources, including Windows Events (excluding security events), performance counters, logs, and Syslog. Security monitoring in Azure is performed by Microsoft Defender for Cloud and Microsoft Sentinel. Configuration of these services is not included in this guide.
The security services have their own cost independent of Azure Monitor. Before you configure these services, refer to their pricing information to determine your appropriate investment in their usage.
The following table lists the integration points for Azure Monitor with the security services. All the services use the same Azure Monitor agent, which reduces complexity because there are no other components being deployed to your virtual machines. Defender for Cloud and Microsoft Sentinel store their data in a Log Analytics workspace so that you can use log queries to correlate data collected by the different services. Or you can create a custom workbook that combines security data and availability and performance data in a single view.
See Design a Log Analytics workspace architecture for guidance on the most effective workspace design for your requirements taking into account all your services that use them.
|Integration point||Azure Monitor||Microsoft Defender for Cloud||Microsoft Sentinel||Defender for Endpoint|
|Collects security events||X1||X||X||X|
|Stores data in Log Analytics workspace||X||X||X|
|Uses Azure Monitor agent||X||X||X||X|
1 Azure Monitor agent can collect security events but will send them to the Event table with other events. Microsoft Sentinel provides additional features to collect and analyze these events.
Azure Monitor agent is in preview for some service features. See Supported services and features for current details.