Set up integration with Azure Monitor

The following instructions are used to connect Dynatrace to your Azure environment to enable cloud infrastructure monitoring.

Before you begin

The following are required to connect to your Azure environment:

  • Sufficient permissions to register an application with your Azure AD tenant, and assign the application to a role in your Azure Subscription. Make sure you have the right permissions to perform these steps.
  • An Azure Service Principal to access Azure APIs.
  • Minimum Environment ActiveGate version 1.161 (GA)
  • To get the latest enhancements and capabilities, see the Dynatrace release notes. It's recommended that you keep your versions up-to-date.

Create an Azure Service Principal

To create a Service Principal, you must register your application in the Azure Active Directory.

Dynatrace integration for Azure supports Azure Lighthouse, which allows Dynatrace to have multi-tenant access to Azure.

Following instructions explain the more common single-tenant access approach.

  1. Go to the Azure Management Portal and click Azure Active Directory.

  2. Click App registrations in the navigation pane of the selected Active Directory.

  3. Click New application registration at the top of the App registrations blade, then type the name of your application.

    Configure Azure Monitor - create new app registration

  4. Click Register. When the application is created, copy the Application (client) ID and Directory (tenant) ID, and place it where you can easily retrieve it. This ID is required to configure Dynatrace to connect to your Azure account.

    Configure Azure Monitor - service principal

  5. Click Certificates & secrets, then click New client secret to create a new security key.

    Configure Azure Monitor - keys

  6. Type a Key description, then select a key duration in the Expires list.

  7. Click Add to save the new key which displays the key value in the Value field. Highlight the value and copy it, and place it where you can easily retrieve it (along with your Client ID).

    Configure Azure Monitor - create secret

Important: This is your only chance to copy this value. You can't retrieve the key value after you leave the Key blade.

Grant access permissions for your Service Principal

With the Azure Active Directory RBAC, you have full control on which scope Dynatrace can access your environment.

  • Directory
  • Subscriptions
  • Resource Groups
  • Resources

At a minimum, "reader" permissions are required for Dynatrace to monitor your services.

Grant access to an Azure Subscription

As an example, you can see how to grant permission for a single subscription.

  1. Click All services > General > Subscriptions.

  2. In the Subscriptions blade, select the subscription you're using.

  3. Click Access control (IAM) in the subscription navigation pane.

    Configure Azure Monitor - create subscription

  4. Click Add, then select Reader as the role.

  5. In the Select field, paste the description name or application (client) ID you created in Create an Azure Service Principal.

  6. Select the application and click Save to grant the Service Principal access to your subscription.

Configure Dynatrace to connect to your Azure environment

To connect Dynatrace to your Azure environment, you have to provide an Azure Service Principal, which Dynatrace uses to access Azure APIs to capture telemetry and metadata.

  1. In the desired Dynatrace environment, click Settings > Cloud and virtualization > Azure.

  2. Type a descriptive name for the connection.

  3. Enter the Client ID and Tenant ID you obtained when creating the Create an Azure Service Principal.

  4. Enter the Secret Key, which is the key value obtained when creating the Create an Azure Service Principal.

    Connect Dynatrace to Azure

  5. Optionally define a tag-based filter for the services you want to capture service metrics from the Azure Monitor metrics API. The filter applies to resource- as well as resourcegroup-tags.

  6. Optionally turn off automatic tag import. If turned on, resource tags are imported (resource group tags aren't imported).

  7. Click Connect to add the connection information to the list of Azure connections. You can edit connection information at any time.

My Azure environment is successfully connected, what's next?

Once you have configured Dynatrace to connect to your Azure environment, Dynatrace immediately starts investigating the subscriptions and deployed services accessible for the service principal and starts monitoring them.

Estimate Azure consumption for metric queries from Azure Monitor

The table below shows the number of metrics captured for your Azure Services supported through the integration of Dynatrace with Azure Monitor.

Azure service Monitoring entity Additional dimensions Number of metrics
Load balancer1 Load balancer
Load balanced Virtual Machine
7
5
Application Gateway Application Gateway
Application Gateway - Backend Pool
Application Gateway - HTTP Status Group
2
4
1
Cosmos DB Cosmos DB Azure region, Database name, Collection name 11
Event-Hub Event-Hub
Event-Hub Namespace
13
3
IOT-Hub IOTHub 25
Redis Cache Redis Cache 13
ServiceBus ServiceBus Namespace
ServiceBus Queue
ServiceBus Topic
13
10
11
Azure SQL Azure SQL Database
Azure SQL ElasticPool
15
12
Azure Storage account Azure Storage account
Azure Storage account
Type (blob, table, etc.), Tier
 
3
8
Virtual Machine Virtual Machine 7
Virtual Machine Scale Sets Virtual Machine Scale Sets 7
Azure AppServices Azure AppService AppService Plan instances 14
Azure Functions Azure Functions AppService Plan instances1 12

1Functions based on Consumption Plan measure as 1 instance. 2Only Standard tier exposes Load balancer metrics via Azure Monitor metrics API.

Metrics queries

Query interval is 5 minutes with a resolution of 1 minute. Azure Resource Manager may throttle API requests which will increase the interval to 10 or 15 minutes. For more details on request limits see Throttling Resource Manager requests

For more details on how Azure Monitor metric queries are metered and priced see Azure Pricing.

Advanced Configuration

The integration accesses the following Azure API endpoints:

  • https://management.azure.com/
  • https://login.microsoftonline.com/

Known limitations

  • Azure Monitor integration is only available for the public cloud, not the sovereign clouds (such as Azure Government) or Azure Stack.