The well-known Scott Hanselman has been producing the recurring Azure Friday series for a long time. Last Friday, Scott interviewed Azure Barry (Barry Luijbregts) about "What to use for monitoring your applications in Azure". Barry did a great overview about the main monitoring services. See the recording and a kind of summary transcript here.
Azure provides a bunch of services for monitoring purposes. So, when you you use what service? To answer that, see the video at What to use for monitoring your applications in Azure | Azure Friday.
Here´s a short summary of the Azure monitoring services with links and a short description:
- Application Insights: Is a feature of Azure Monitor: Use it to monitor a single application, such as a web application or a desktop application. You can monitor and alert on many events like availability, performance, failures and usage of an app. App Insights also provides ping tests (test your app from various locations) and multi-step tests. The service sends data to Log Analytics Workspace. Optionally, it supports continuous support of raw data in JSON format to e.g. an Azure Storage Account for longer time periods. Application Map shows dependencies and their performance between the involved components, e.g. if a web app calls a database in the background
- Visual Studio App Center: Get analytics of the usage of a single web application, or a mobile application. It provides online analytics and integration for Android, iOS, macOS, React Native, tvOS, UWP, WPF/WinForms, and Xamarin.
- Azure Network Watcher: Watch and troubleshoot a network. Network Watcher is designed to monitor and repair the network health of IaaS (Infrastructure-as-a-Service) products which includes Virtual Machines, Virtual Networks, Application Gateways, Load balancers, etc.
- Azure Monitor: Used as an overall monitoring system, e.g. for multiple applications in a subscription or in a Resource Group. It collects data from a log of services, such as Azure Resources, Applications, VM Agents, or other Data Collector APIs. All data goes into a Log Analytics Workspace. The second data store is called Azure Monitor Metrics for storing time-series data like CPU and memory usage, etc. Azure Monitor data can be diagnosed with the Log Analytics feature of Azure Monitor using the KUSTO query language. The Metrics Explorer feature delivers all that data from the Azure Monitor Metrics store. With these tools, you can create Dashboards, Workbooks (Reports), Insights and Alerts.
- Azure Security Center: Monitors actively all of your (hybrid cloud and IaaS) services and informs about the security status and how to improve security. The Security Center is very good in Collecting and Preventing security issues and it is delivering recommendations.
- Azure Advisor: Is an extension of the Security Center. It´s a free service, running automatically in the background, and informs about other security improvements and and delivers recommendations about security, performance, availability and costs. For example, it gives recommendations how to fix security of SQL servers and databases and much more.
- Azure Sentinel: Delivers "intelligent security analytics and threat intelligence across the enterprise" using multiple services, AI, Microsoft's threat intelligence stream and (basically) Azure Log Analytics workspace. It does what the Azure Security Center does, but goes further. It´s a scalable, cloud-native, security information event management (SIEM) and a security orchestration automated response (SOAR) solution. Sentinel focuses on the overall picture, including the phases Collect, Detect, Investigate and Respond from the security graphics below.
So, when to use what service? The key is to answer the following questions:
"What is the scope that I need to monitor?" and "What functionality do I need?"
In the video, Barry guides you through the functions of the seven monitoring services listed above.
When it comes to security, this topic is typically divided into the following pillars: 1. Collect and Prevent, 2. Detect, 3. Investigate (incidents) and 4. Respond (Fixing and Automation), as the Azure Sentinel graphics below shows.
The recommendation for using Security Monitoring is, to use Security Center for collecting and preventing, and use Azure Sentinel for everything else.
Barry created a great guide in the following table with his recommendations (in the recording about at minute 16), when to use what service:
Even if some of the services have some overlap, it helps to see the focus of the service to decide when to use the best service, depending on the scenario.