Adding Your Azure Environment to LogicMonitor

Last updated on 25 January, 2023

With LogicMonitor, you can monitor the state of your Azure deployment and the underlying services and license usage that allows you to identify faults and manage performance.

Requirements

You must be an administrator of an active Microsoft Azure account.

Adding an App Registration

To add an Azure environment, you must register and authorize the LogicMonitor application in your Microsoft Azure account.

  1. From the Azure Active Directory, select Add > App registration
  2. On the Register an application page, provide a name for your application and then select Accounts in this organizational directory only > Register.
  3. Copy the Application (client) ID and the Directory (tenant) ID from the app registration’s Overview page and save them to a secure location.
  4. Select Certificates and secrets and then select New client secret.
  5. On the Add a client secret window, enter a Description and select an Expires value (in months). Select Add.
  6. Copy the Value and Secret ID from the Certificates and secrets page and save them to a secure location.

Important: You are not able to retrieve these values after you navigate away from this page. The Value is required when adding the Azure account to LogicMonitor.

Adding Subscription Details in Azure

  1. From the Azure portal, navigate to Azure Services > Subscriptions.
  2. Select the Subscription Name for the subscription that you’re monitoring.
  3. On the Subscription page, copy the Subscription ID and save it to a secure location.
  4. Select Access control (IAM) and then select Add > Add role assignment.
  5. On the Add role assignment page, use the search function to find and select a Role. You must select at least a Reader role to continue. Select Next.
  6. On the Members tab, click Select members to search for and select a member. Click Select.
  7. Select Next to review, and then select Review + assign.

Adding a Large Number of Subscriptions

For a large number of subscriptions, you can assign permissions using PowerShell. For example, the following PowerShell script will add an AAD application for LogicMonitor and add the application as a reader to each subscription available to the user that runs the script.

# Authenticate to all Azure subscriptions that the user has access to
Login-AzureRmAccount

# Password for the service principal
$pwd = "{service-principal-password}"

# Create a new Azure AD application
$azureAdApplication = New-AzureRmADApplication `
             -DisplayName "LogicMonitor" `
             -HomePage "https://lmtest.logicmonitor.com" `
             -IdentifierUris "https://lmtest.logicmonitor.com" `
             -Password $pwd

# Create a new service principal associated with the designated application
New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId

# Assign Reader role to the newly created service principal for each subscription
Get-AzureRmSubscription | ForEach-Object {
  Set-AzureRmContext -SubscriptionId $_.SubscriptionId
  New-AzureRmRoleAssignment -RoleDefinitionName Reader `
            -ServicePrincipalName $azureAdApplication.ApplicationId.Guid
}

Adding Azure to LogicMonitor

  1. In LogicMonitor, navigate to Resources > Add > Cloud Account.
  2. Select Azure > Add.
  3. Enter the following information on the Name page:
    • Name and Description: These fields determine how the resource is displayed throughout your LogicMonitor environment.
    • Parent Group: The default value is root.
    • Properties: Enter properties (key-value pair) by typing a Name and Value. You can also select from a list of existing properties.
  4. Select Next: Permissions.
  5. Enter the following information on the Permissions page:
    • Tenant ID: The Directory (tenant) ID from Azure.
    • Client ID: The Application (client) ID from Azure.
    • Secret Key: The Value from Azure.



  6. Select Get Subscriptions. All subscriptions available to LogicMonitor based on the permissions you’ve configured are listed. If you don’t see the subscriptions you expect, verify that the application you created in Azure has reader permissions for those subscriptions.
  7. Select Next: Services.
  8. On the Services page, enable or disable the Azure services listed.

Note: If you’re adding LogicMonitor services for Backup Protected Items or Recovery Protected Items, you need to make configuration changes to the Recovery Service Vault and Log Analytics Workspace in Microsoft Azure. For more information, see Forwarding Backup and Recovery Events.

  1. Select Test Permissions to authenticate.
  2. Select Next: Billing.
  3. Optional: On the Billing page, enter the Subscriptions ID, Offer ID, and Monthly Billing Date.

Note: For billing information details, navigate to Azure > Subscriptions > Subscription > Overview.

  1. Select Add Billing and then select View Azure Resources.

Configuring Azure Services

  1. In LogicMonitor, navigate to Resources and select the Azure resource that you added.
  2. Select Manage and then select the Services tab.
  3. Select Default Settings.
  4. On the Global Settings tab:
    • NetScan Frequency: Select the preferred frequency for scheduling NetScans.
    • Automatically delete terminated Azure resources if they are no longer available in the cloud portal: Enable to automatically remove “dead” instances. You can also select whether this happens immediately or after a specified period during, where no data is received for the instance.
    • Automatically disable alerting for terminated Azure resources if they are no longer available in the cloud portal: Select this option to disable alerting for terminated instances. This ensures that you will not receive any alerts once instances are terminated if they are not scheduled to be automatically deleted.

Note: LogicMonitor intelligently and automatically stops Azure Monitor API data collection once instances are terminated. This option ensures that you do not receive alerts for traditional Collector DataSources like Ping.

  1. In the Monitored Regions section, you can enable or disable the regions that you want to monitor.
  2. Select the Tags tab. To monitor Azure instances for a particular service, you can tag those instances from your Azure portal and then apply a tag filter in LogicMonitor. If you specify a tag filter, only Azure resources that meet the filter criteria will be added to your LogicMonitor account. The criteria is as follows:
    • You can use glob expressions with the tag filter. For example: tag value = prod*
    • Resources are discovered when they contain one or more tags specified with an include operation, and not with any of the exclude tags.
    • The tag filter is case sensitive.
  3. Select Save.

Note: For a list of Azure services monitored, see LogicMonitor Cloud Monitoring Overview.

In This Article