The following instructions are used to connect Dynatrace to your Azure environment to enable cloud infrastructure monitoring.
Before you begin
The following are required to connect to your Azure environment:
- Sufficient permissions to register an application with your Azure AD tenant, and assign the application to a role in your Azure Subscription. Make sure you have the right permissions to perform these steps.
- An Azure Service Principal to access Azure APIs.
- Minimum Dynatrace version 1.144
- Minimum Environment ActiveGate version 1.161 (GA)
- To get the latest enhancements and capabilities, see the Dynatrace release notes. It's recommended that you keep your versions up-to-date.
Create an Azure Service Principal
To create a Service Principal, you must register your application in the Azure Active Directory.
Go to the Azure Management Portal and click Azure Active Directory.
Click App registrations in the navigation pane of the selected Active Directory.
Click New application registration at the top of the App registrations blade, then type the name of your application. Make sure that Web app / API is selected as the application type.
Type the Sign-on URL based on your application name. This does not have to be an actual sign-on page (for example,
Click Create. When the application is created, copy the Application ID, and place it where you can easily retrieve it. This becomes your Client ID once you've set up your connection, and is required to configure Dynatrace to connect to your Azure Subscription.
Click Settings to display the Settings pane, then click Keys to display the Keys blade.
Type a Key description, then select a key duration in the Expires list.
Click Save at the top of the Keys blade. This saves the key and displays the key value in the Value field. Highlight the value and copy it, and place it where you can easily retrieve it (along with your Client ID).
Important: This is your only chance to copy this value. You can't retrieve the key value after you leave the Key blade.
Find your Azure Tenant ID
With the Active Directory blade open, you can now get your Tenant ID. Click Properties in the navigation pane of the Azure Active Directory blade and copy the Directory ID. This is your Azure Tenant ID, which is needed to configure Dynatrace to connect to your Azure Subscription. Keep this ID with your Client ID and Key value.
Alternatively you can also create your Service Principal using Powershell
Alternatively you can also create your Service Principal using Azure Cli
Grant access permissions for your Service Principal
With the Azure Active Directory RBAC, you have full control on which scope Dynatrace can access your environment.
- Resource Groups
At a minimum, "reader" permissions are required for Dynatrace to monitor your services.
Grant access to an Azure Subscription
As an example, you can see how to grant permission for a single subscription.
You need the subscription name and Client ID to complete the service endpoint and connect Dynatrace to your Azure Subscription.
To get the subscription name and Client ID
Click All services > General > Subscriptions.
In the Subscriptions blade, select the subscription you're using.
Copy the subscription ID at the top of the Subscription blade. Keep this ID with your Client ID, Key value, and Azure Tenant ID. Then click Access control (IAM) in the subscription navigation pane.
Click Add, then select Reader as the role.
In the Select field, paste the Client ID (Application ID) you saved to find the application you created in Create an Azure Service Principal.
Select the application and click Save to grant the Service Principal access to your subscription.
Create a new service principal using the following command:
az ad sp create-for-rbac --name YourServicePrincipalName
As of Azure CLI 2.0.68, a strong random password is automatically created. The password key is returned in the output. Make sure you copy this value - it can't be retrieved. If you forget the password, you have to reset the service principal credential.
For more details see - Microsoft Documentation: Create an Azure service principal with Azure CLI
Configure Dynatrace to connect to your Azure Subscription
To properly map the Azure monitoring metrics and Azure Resource Manager metadata to Dynatrace, you must connect your Azure account to Dynatrace for monitoring. This includes providing either the Client ID or Tenant ID and the Secret Key from your Azure Management Portal for access.
In the desired Dynatrace environment, click Settings > Cloud and virtualization > Azure.
Type a descriptive name for the connection.
Enter the Client ID you obtained when creating the Create an Azure Service Principal.
Enter the Tenant ID, which is the Directory ID in the properties for the Active Directory in the Azure Management Portal.
Enter the Secret Key, which is the key value obtained when creating the Create an Azure Service Principal.
Click Connect to add the connection information to the list of Azure connections. You can edit connection information at any time.
My Azure environment is successfully connected - What's next?
Once you have configured Dynatrace to connect to your Azure environment, Dynatrace immedieatly starts investigating your deployed services and starts monitoring them using Azure Monitor.
Estimate Azure consumption for metric queries from Azure Monitor
The table below shows the number of metrics captured for your Azure Services supported through the integration of Dynatrace with Azure Monitor.
|Azure service||Monitoring entity||Additional dimensions||Number of metrics|
Loadbalanced Virtual Machine
|Application Gateway||Application Gateway
Application Gateway - Backend Pool
Application Gateway - HTTP Status Group
|Cosmos DB||Cosmos DB||Azure region, Database name, Collection name||2|
|Redis Cache||Redis Cache||13|
|Azure SQL||Azure SQL Database
Azure SQL ElasticPool
|Azure Storage account||Azure Storage account
Azure Storage account
|Type (blob, table, etc.), Tier
|Virtual machines||Virtual machines||7|
|Virtual machines scale sets||Virtual machine scale sets||7|
|Azure AppServices||Azure AppService||AppService plan instances||14|
|Azure Functions||Azure Functions||AppService plan instances1||12|
1Functions based on Consumption Plan measure as 1 instance.
Query interval is 5 minutes with a resolution of 1-minute. Azure Resource Manager may throttle API requests which will increase interval to 10 or 15 minutes. For more details on request limits see [Throttling Resource Manager requests] (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits)
For more details on how Azure Monitor metric queries are metered and priced see Azure Pricing.
The integration accesses the following Azure API endpoints:
- Azure Monitor integration is only available for the public cloud, not the sovereign clouds (such as Azure Government) or Azure Stack.
- Azure integration is not supported on multi environment ActiveGates.