Adding Microsoft Azure Cloud Monitoring

Last updated on 14 July, 2023

Monitor the state of your Azure deployment, underlying services, and license usage. Monitoring your Azure environment with LogicMonitor helps you to manage performance and identify potential faults. To add your Azure environment to LogicMonitor, compete the following steps:

  1. Add an App Registration in Microsoft Azure.
  2. Add your Azure environment to LogicMonitor.


You must be an administrator of an active Microsoft Azure account to perform the Azure setup steps.

Adding an App Registration in Azure

Register and authorize your LogicMonitor application in Microsoft Azure.

  1. From the Azure Active Directory, select Add > App registration

  2. On the Register an application page, provide a name for your application and then select Accounts in this organizational directory only.

  3. Select Register.
  4. On the Overview page, copy the Application (client) ID and the Directory (tenant) ID and save them to a secure location.

  5. Select Certificates & secrets and then select New client secret.

  6. On the Add a client secret panel, enter a Description and select an Expires value (in months).

  7. Select Add.
  8. Copy the Value and Secret ID from the Certificates & secrets page and save them to a secure location.

Important: Do not skip this step. You are not able to retrieve these values after you navigate away from this page. The Value is required when adding the Azure account to LogicMonitor.

9. Navigate to Azure Services > Subscriptions and select the link for the Subscription name that you’re using.

10. On the Subscriptions page, copy the Subscription ID and save it to a secure location.

11. Select Access control (IAM) and then select Add > Add role assignment.

12. On the Add role assignment page, use the search field to find and select a Role. You must select at least a Reader role to continue.

13. Select Next.

14. On the Members tab, click Select members.

15. On the Select members panel, search for and select the App Registration (member) that you added previously.

16. Click Select.

17. Review the information on the Members tab and then select Next.

18. Review the information on the Review + assign tab and then select Review + assign.

Adding a Large Number of Subscriptions

For a large number of subscriptions, you can assign permissions using PowerShell. For example, the following PowerShell script will add an AAD application for LogicMonitor and add the application as a reader to each subscription available to the user that runs the script.

# Authenticate to all Azure subscriptions that the user has access to

# Password for the service principal
$pwd = "{service-principal-password}"

# Create a new Azure AD application
$azureAdApplication = New-AzureRmADApplication `
             -DisplayName "LogicMonitor" `
             -HomePage "" `
             -IdentifierUris "" `
             -Password $pwd

# Create a new service principal associated with the designated application
New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId

# Assign Reader role to the newly created service principal for each subscription
Get-AzureRmSubscription | ForEach-Object {
  Set-AzureRmContext -SubscriptionId $_.SubscriptionId
  New-AzureRmRoleAssignment -RoleDefinitionName Reader `
            -ServicePrincipalName $azureAdApplication.ApplicationId.Guid

Adding Your Azure Environment to LogicMonitor

In LogicMonitor, add the required information about your Azure App Registration.

1. Navigate to Resources > Add > Cloud Account.

Note: If you’re using the New UI Preview toggle, go to Resources > Add [+] > Cloud and SaaS.

2. Select Azure > Add.

3. On the Name page, enter a Name and Description for your Azure account. These fields determine how your Azure resource is displayed throughout the LogicMonitor environment.

4. To place the new resource into an existing group, select the group from Parent Group field. You can type to search. The default value is root, or the first level of the Resources Tree.

5. (Optional) You can enter key-value pair properties by entering a Name and Value. Or, you can select from a list of existing properties. For more information, see Instance and Resource Properties.

6. Select Next: Permissions.

7. Enter the following information on the Permissions page:

  • Azure Tenant ID: The Directory (tenant) ID from Azure > App Registrations > Overview.
  • Azure Client ID: The Application (client) ID from Azure > App Registrations > Overview.
  • Azure Secret Key: The Value from Azure > App Registrations > Certificates & Secrets.

8. Select Get Subscriptions. All subscriptions available to LogicMonitor based on the permissions you’ve configured are listed. If you don’t see the subscriptions you expect, verify that the application you created in Azure has reader permissions for those subscriptions.

9. Select Next: Services.

10. On the Services page, enable or disable the Azure services listed.

Note: If you’re adding LogicMonitor services for Backup Protected Items or Recovery Protected Items, you need to make configuration changes to the Recovery Service Vault and Log Analytics Workspace in Microsoft Azure. For more information, see Forwarding Backup and Recovery Events.

11. Select Test Permissions to authenticate.

12. Select Next: Billing.

13. On the Billing page, enter the Subscriptions ID, Offer ID, and Monthly Billing Date.

Note: You have the option to provide Billing details using Azure Rate Card or Azure Cost Management. LogicMonitor recommends using Azure Cost Management whenever possible. For Azure Cost Management, enter the Subscription ID from Azure > Subscriptions > Overview. For Rate Card, go to Azure > Subscriptions > Settings > Billing Properties > Microsoft Azure Plan to view your plan’s Subscription ID, Offer ID, and Monthly Billing Date. For more information, see Monitoring Azure Billing.

14. Select Add Billing and then select View Azure Resources to finish.

Configuring Azure Services in LogicMonitor

  1. Navigate to Resources and select the Azure resource that you added.
  2. Select Manage and then select the Services tab.
  3. Select Default Settings.
  4. On the Global Settings tab:
    • NetScan Frequency: Select the preferred frequency for scheduling NetScans.
    • Automatically delete terminated Azure resources if they are no longer available in the cloud portal: Enable to automatically remove “dead” instances. You can also select whether this happens immediately or after a specified period during, where no data is received for the instance.
    • Automatically disable alerting for terminated Azure resources if they are no longer available in the cloud portal: Select this option to disable alerting for terminated instances. This ensures that you will not receive any alerts once instances are terminated if they are not scheduled to be automatically deleted.

Note: LogicMonitor intelligently and automatically stops Azure Monitor API data collection once instances are terminated. This option ensures that you do not receive alerts for traditional Collector DataSources like Ping.

  1. In the Monitored Regions section, you can enable or disable the regions that you want to monitor.
  2. Select the Tags tab. To monitor Azure instances for a particular service, you can tag those instances from your Azure portal and then apply a tag filter in LogicMonitor. If you specify a tag filter, only Azure resources that meet the filter criteria will be added to your LogicMonitor account. The criteria is as follows:
    • You can use glob expressions with the tag filter. For example: tag value = prod*
    • Resources are discovered when they contain one or more tags specified with an include operation, and not with any of the exclude tags.
    • The tag filter is case sensitive.
  3. Select Save.

Note: For a list of Azure services monitored, see Cloud Services and Resource Units.

In This Article