In addition to monitoring your Azure workloads using OneAgent, Dynatrace provides integration with Azure Monitor which adds infrastructure monitoring to gain insight even into serverless application scenarios.
The integration uses Azure Monitor metrics for service insights, as well as Azure Resource Manager (ARM) to gather metadata.
Overall, the capabilities offered include:
Automatic discovery of subscriptions and resources with full access control through Azure Active Directory from a single resource up to the account level.
Support for Azure Lighthouse, which provides cross-account access using a single service principal.
Insight into additional Azure metadata (for example, API endpoints used for service dependencies or virtual machine resource tags).
Insight into service metrics using the Azure Monitor metrics API.
Selective monitoring of Azure services using tags.
Automatic handling of API request throttling to support monitoring for large-scale environments.
Azure overview page for easy out-of-the-box insight into a variety of Azure services with no additional effort.
- Sufficient permissions to register an application with your Azure AD tenant, and assign the application to a role in your Azure Subscription.
- An Azure service principal to access Azure APIs.
- ActiveGate version 1.161+ (GA).
- See the Dynatrace release notes for the latest enhancements and capabilities. We recommend that you keep your versions up to date.
Create an Azure service principal
To create a service principal, you must register your application in the Azure Active Directory.
Note: Dynatrace integration for Azure supports Azure Lighthouse, which allows Dynatrace to have multi-tenant access to Azure.
The instructions below refer to a common single-tenant access approach.
- Go to the Azure Management Portal and select Azure Active Directory.
- Select App registrations in the navigation pane of the selected Active Directory.
- Select New application registration at the top of the App registrations blade, and type the name of your application.
- Select Register.
- Copy the Application (client) ID, and save it for future retrieval. This ID is required to configure Dynatrace to connect to your Azure account.
- Select Certificates & secrets > New client secret to create a new security key.
- Type a key description and select a key duration in the Expires list.
- Select Add to save the new key, which displays the key value in the Value field. Copy the value and save it for future retrieval (along with your Client ID).
Important: This is your only chance to copy this value. You can't retrieve the key value after you leave the Key blade.
Example of a command to create a new service principal:
az ad sp create-for-rbac --name YourServicePrincipalName --role reader --scopes /subscriptions/YoursubScriptionID1/subscriptions/YourSubscriptionID2
Note: To list all subscriptions, run the following command:
az account list --o tsv --query .id
As of Azure CLI 2.0.68, a strong random password is automatically created. The password key is returned in the output. Make sure you save this value. If you forget the password, you have to reset the service principal credentials.
For more details, see Create an Azure service principal with Azure CLI.
For the PowerShell alternative, see Create an Azure service principal with Azure PowerShell.
Grant access permissions for your service principal
You need at least
reader permissions for Dynatrace to monitor your services.
Grant access to an Azure subscription
- On Azure Portal, select All services > General > Subscriptions.
- In the Subscriptions blade, enter your subscription.
- Select Access control (IAM) in the subscription navigation pane.
- Select Add and enter the Reader role.
- In the Select field, paste the description name or application (client) ID obtained when creating the Azure service principal.
- Select the application and Save to grant the service principal access to your subscription.
Configure Dynatrace to connect to your Azure environment
To connect Dynatrace to your Azure environment, you have to provide an Azure service principal, which Dynatrace uses to access Azure APIs to capture telemetry and metadata.
In the desired Dynatrace environment, click Settings > Cloud and virtualization > Azure.
Type a descriptive name for the connection.
Tenant IDobtained when creating the Azure service principal.
Secret Keyobtained when creating the Azure service principal.
Optional If there are services for which you want to capture service metrics from the Azure Monitor metrics API, you need to define a tag-based filter for those specific services. The filter applies to
resource-, as well as to
Optional Turn off automatic tag import. If turned on, resource tags are imported (resource group tags aren't imported).
Select Connect to add the connection information to the list of Azure connections. You can edit connection information at any time.
After you have configured Dynatrace to connect to your Azure environment, Dynatrace immediately starts investigating the subscriptions and deployed services accessible for the service principal and starts monitoring them.
The integration accesses the following Azure API endpoints:
Estimate Azure consumption for metric queries from Azure Monitor
The table below shows the number of metrics captured for your Azure Services supported through the integration of Dynatrace with Azure Monitor.
|Azure service||Monitoring entity||Additional dimensions||Number of metrics|
|Load balancer1||Load balancer
Load balanced Virtual Machine
|Application Gateway||Application Gateway
Application Gateway - Backend Pool
Application Gateway - HTTP Status Group
|Cosmos DB||Cosmos DB||Azure region, Database name, Collection name||11|
|Redis Cache||Redis Cache||13|
|Azure SQL||Azure SQL Database
Azure SQL ElasticPool
|Azure Storage account||Azure Storage account
Azure Storage account
|Type (blob, table, etc.), Tier
|Virtual Machine||Virtual Machine||7|
|Virtual Machine Scale Sets||Virtual Machine Scale Sets||7|
|Azure AppServices||Azure AppService||AppService Plan instances||14|
|Azure Functions||Azure Functions||AppService Plan instances1||12|
1Functions based on consumption plan measure as one instance. 2Only standard tier exposes load balancer metrics via Azure Monitor metrics API.
The query interval is 5 minutes with a resolution of 1 minute. Azure Resource Manager might throttle API requests, which will increase the interval to 10 or 15 minutes. For more details on request limits, see Throttling Resource Manager requests.
For more details on how Azure Monitor metric queries are metered and priced, see Azure Pricing.
Azure Monitor integration is only available for the public cloud, not the sovereign clouds (such as Azure Government) or Azure Stack.