Follow this guide to start ingesting data remotely from Azure Monitor.
This guide focuses on infrastructure monitoring of Azure services, specifically the monitoring of Azure cloud services via Azure Monitor. See What's next for Full-Stack and Log Monitoring of your Azure services.
Alternatively, you can configure your DESK SaaS environment using Azure Marketplace.
After you established the initial monitoring, you can add, remove, or modify service monitoring the DESK web UI or, at scale, with the DESK API.
To learn the measurements collected for each of the Azure services, see:
The infrastructure monitoring of Azure services provides metrics from Azure Monitor and infrastructure data available via public Azure API. The data is collected in five-minute intervals.
Factors that contribute to the cost of monitoring Azure with DESK via Azure Monitor:
There are three prerequisites for Azure monitoring setup:
See Users groups, permissions and policies for details on how to manage and set permissions.
To monitor Azure services, DESK needs to connect to the Azure Monitor API and query it every 5 minutes. At least one ActiveGate needs to be able to connect to Azure Monitor to perform the monitoring tasks.
To check for the existence of a suitable ActiveGate
Go to Deployment Status > ActiveGates.
Set a filter for With modules: Azure.
If the resulting list is empty, you need to add at least one ActiveGate with the cloud monitoring module enabled
If the list is not empty, you are ready to activate Azure monitoring
To add an ActiveGate that is capable of cloud monitoring, follow the ActiveGate installation guide and resume this guide when done.
The integration accesses the following Azure API endpoints, so they must be accessible from your ActiveGate:
https://management.azure.com/
https://login.microsoftonline.com/
https://management.core.windows.net/
Proxy
The most frequent cause of certificate issues with TLS interception proxy is a missing proxy's CA certificate in ActiveGate truststore. If you're still having proxy issues, see:
Proxy for ActiveGate
Trusted root certificates for ActiveGate
Custom SSL certificate for ActiveGate
Communication error."
Make sure that the URLs are whitelisted. Otherwise, you might get communication or timeout errors.
To perform these steps, you need to have Azure admin privileges.
Azure monitoring is performed remotely via Azure Monitor APIs that are created and exposed by Microsoft. DESK needs to be able to access these APIs, so you need to configure Azure to allow for such access. You need the following:
Sufficient permissions to register an application with your Azure AD tenant and assign the application to a role in your Azure subscription
An Azure service principalto access Azure APIs
For DESK to monitor your services, you need at least reader permissions. The steps below describe adding the service principal reader permissions and refer to a common, single-tenant access approach. Before that, we recommend getting familiar with our recommendations regarding how to configure Azure service principal to avoid Azure throttling limits.
DESK integration for Azure supports Azure Lighthouse, which allows DESK to have multi-tenant access to Azure.
Azure monitoring is performed remotely via Azure Monitor APIs that are created and exposed by Microsoft. DESK needs to be able to access these APIs, so you need to configure Azure to allow for such access. You need the following:
Sufficient permissions to register an application with your Azure AD tenant and assign the application to a role in your Azure subscription
An Azure service principal to access Azure APIs
For DESK to monitor your services, you need at least reader permissions. The steps below describe adding the service principal reader permissions and refer to a common, single-tenant access approach. Before that, we recommend getting familiar with our recommendations regarding how to configure Azure service principal to avoid Azure throttling limits.
DESK integration for Azure supports Azure Lighthouse, which allows DESK to have multi-tenant access to Azure.
Go to your Azure CLI 2.0 terminal.
Run the following command to list all the subscriptions so that you can select the one you want to add permissions for.
az account list --output table
az ad sp create-for-rbac --name <YourServicePrincipalName> --role reader --scopes /subscriptions/<YourSubscriptionID1> /subscriptions/<YourSubscriptionID2> --query "{ClientID:appId,TenantID:tenant,SecretKey:password}"
Be sure to replace the placeholders (<...>) with your values:
<YourServicePrincipalName> - a name of the service principal that will be created for DESK to access Azure
<YourSubscriptionID1>, <YourSubscriptionID2> - names of subscriptions listed in the previous step to which you want DESK to have access.
Run the edited command.
Copy the credentials that are output from the command and save them for later.