Azure Monitor: Cloud Observability and Alerting for Berlin Business Azure Environments
Azure Monitor: Cloud Observability and Alerting for Berlin Business Azure Environments
Running workloads in Azure without visibility into their performance, availability, and security posture is operationally blind. Azure Monitor is Microsoft’s native observability platform — it collects metrics, logs, and traces from Azure resources, on-premises infrastructure, and applications, providing the data foundation for alerting, dashboards, and automated responses. For small Berlin businesses, Azure Monitor is the central tool for understanding what is happening across their cloud environment without investing in third-party monitoring solutions.
Azure Monitor Architecture
Azure Monitor operates on three primary data types:
Log Analytics Workspace
The Log Analytics workspace is the central data store for Azure Monitor log data. Most observability and security use cases require creating and configuring a workspace:
- In the Azure portal, navigate to Monitor → Log Analytics workspaces → Create
- Choose a resource group and region — co-locate with the primary Azure workloads for cost and latency efficiency
- Configure retention period (default: 30 days, chargeable above 31 days for most table types)
- Connect Azure resources by enabling Diagnostic Settings to route platform logs to the workspace
Microsoft Sentinel, Defender for Cloud, and Azure Update Manager all use the Log Analytics workspace as their underlying data store — a single workspace can serve all these services simultaneously.
Enabling Diagnostic Settings
By default, most Azure resources do not send logs to a Log Analytics workspace. Diagnostic Settings must be enabled per resource (or at scale via Azure Policy):
- Navigate to any Azure resource (e.g., a VM, Key Vault, or storage account)
- Under Monitoring → Diagnostic settings, click Add diagnostic setting
- Select the log categories to capture (e.g., audit logs, access logs, metrics)
- Send to Log Analytics workspace
For a small business environment, the highest-priority resources for diagnostic settings are Key Vault (audit all access), storage accounts (read/write/delete operations), and Azure VMs (security events and performance counters).
Azure Monitor Alerts
Alerts in Azure Monitor trigger notifications or automated actions when defined conditions are met. Three alert types cover the majority of operational needs:
Metric Alerts
Trigger on threshold breaches in real-time metric data. Examples: CPU utilisation above 90% for 5 minutes; available disk space below 10 GB; VM heartbeat signal lost. Metric alerts evaluate quickly (minimum 1-minute evaluation window) and are the right choice for immediate operational alerts.
Log Search Alerts
Execute a KQL query against the Log Analytics workspace on a schedule and trigger when the result meets a condition. Examples: any Azure AD sign-in from a country not in an approved list; Key Vault secret access outside business hours; failed authentication attempts exceeding threshold.
Activity Log Alerts
Trigger on Azure control-plane events: resource deletion, policy changes, role assignments. Essential for security monitoring — alerts when someone assigns a new Owner role or deletes a production resource.
Action Groups and Notification Routing
Action Groups define what happens when an alert fires. They are reusable across multiple alert rules and support:
- Email / SMS / Push notification: Direct notification to on-call personnel
- Azure Function / Logic App: Automated remediation workflows (e.g., restart a VM, open a ticket)
- Webhook: Integration with external systems (PagerDuty, OpsGenie, ServiceNow)
- ITSM connector: Direct incident creation in connected IT service management tools
Azure Monitor Workbooks
Workbooks are interactive reports built from Azure Monitor data — combining metrics, log queries, and text into shareable visualisations. Microsoft provides gallery templates for common use cases including VM performance, Key Vault access patterns, network traffic analysis, and security audit reports. Custom workbooks can be built and pinned to Azure dashboards for ongoing operational visibility.
VM Insights
VM Insights is a pre-configured Azure Monitor capability for virtual machine monitoring. It enables:
- Performance metrics collection without manual configuration (CPU, memory, disk, network per VM)
- Process and dependency mapping — shows which processes are running and their network connections
- At-a-glance health status across all monitored VMs
VM Insights requires the Azure Monitor Agent (AMA) to be installed on each VM. For Arc-enabled on-premises servers, the same agent extends monitoring to non-Azure infrastructure.
Integration with Azure Security Services
Azure Monitor is the data backbone for most Azure security services:
- Microsoft Sentinel: Ingests Log Analytics workspace data as its primary intelligence source — enabling correlation across Azure Monitor logs, Entra sign-in events, and custom log sources
- Defender for Cloud: Uses Azure Monitor Agent for guest-OS vulnerability assessment and security configuration evaluation
- Azure Update Manager: Reports patch compliance data to Azure Monitor for query and dashboarding via Resource Graph and workbooks
Cost Management
Azure Monitor costs are driven primarily by Log Analytics ingestion and retention:
- First 5 GB per workspace per month: Free
- Additional ingestion: ~€2.76 per GB (varies by region)
- Data retention beyond 31 days: €0.10–0.13 per GB per month
- Metrics: First 10 metric time series free; custom metrics charged separately
- Alerts: First 1,000 metric alert evaluations/month free; log search alerts charged per evaluation
For a typical small business Azure environment (10–50 VMs plus PaaS services), monthly Azure Monitor costs are usually in the range of €20–100, depending on diagnostic verbosity and log retention requirements. Selective diagnostic settings configuration and appropriate retention policies are the main cost levers.
Conclusion: Essential Visibility for Azure Environments
Azure Monitor provides the observability foundation that every Azure deployment requires — without it, operational issues go undetected until they become outages and security incidents go unnoticed until they become breaches. For small Berlin businesses, the combination of Metric Alerts for operational availability, Log Search Alerts for security monitoring, and integration with Sentinel and Defender for Cloud makes Azure Monitor the non-negotiable first layer of cloud operations maturity.
Related Articles
- Microsoft Sentinel: Sentinel is built on top of Azure Monitor’s Log Analytics workspace — all Azure Monitor log data collected from your resources is immediately available to Sentinel analytics rules, workbooks, and hunting queries without any additional ingestion configuration
- Microsoft Defender for Cloud: Defender for Cloud uses the Azure Monitor Agent for guest-OS vulnerability assessment and security configuration evaluation — enabling Defender for Cloud on Azure VMs also enhances Log Analytics data quality for monitoring workbooks
- Azure Update Manager: Azure Update Manager compliance data is queryable through Azure Resource Graph and surfaced in Azure Monitor Workbooks — combining Update Manager patch status with Monitor alerting creates automated notifications for VMs with overdue critical security patches
- Microsoft Azure Arc: Azure Arc extends Azure Monitor to on-premises and multi-cloud servers by deploying the Azure Monitor Agent to Arc-enabled machines — creating a unified observability layer across Azure VMs and on-premises infrastructure within the same Log Analytics workspace