Virtual Machine Monitoring Agents
Start course

In this course, I’ll start with an overview of Azure Monitor metrics and logs and how to configure them. Next, I’ll show you how to install virtual machine agents that send additional data from VMs to Azure Monitor. Finally, I’ll show you how to create alerts that will notify you if potential problems are detected in your Azure resources.

Learning Objectives

  • Configure Azure Monitor metrics and logs
  • Install Azure Virtual Machine monitoring agents
  • Configure Azure Monitor alerts

Intended Audience

  • Azure administrators, architects, security engineers, developers, and data engineers


  • Basic knowledge of Azure Storage, Azure Virtual Machines, and role-based access control



Virtual machines are among the most commonly monitored resources in Azure. However, monitoring them takes a bit more effort than with other resources. That’s because VMs generate information at several different levels. In addition to the VM itself, there’s also the operating system and the applications running on it. To send all of this information to Azure Monitor, you need to install agents on the virtual machine.

Go to a virtual machine, and then go to Insights in the Monitoring section of the menu. It says that if you don’t install an agent on the VM, you’ll only be able to see metrics like CPU, disk, and uptime for your VM. It doesn’t show those out-of-the-box ones here, but they’re available in the Metrics section.

One particularly useful type of data that an agent can collect is operating system logs. To get Azure to collect those and other additional types of monitoring data, you need to click the “Enable” button. Bear in mind that you’ll be charged for this service.

It gives you a choice of two agents you could install: the Azure Monitor agent or the Log Analytics agent. The Azure Monitor agent is now the preferred option. The Log Analytics agent will eventually be retired.

It creates a default data collection rule for you. The details of the rule are shown down here. Guest performance is enabled, which means it’ll collect performance data from the guest operating system. That includes operating system logs.

Processes and dependencies are disabled. Enabling this installs the Dependency agent, which you need if you want to use the Map feature of VM insights. The Map feature is intended to help you monitor an application that’s spread out over multiple virtual machines, so it’ll show you a map of the VMs that are connected to this one. I’m not going to cover that feature in this course, so we’ll leave it disabled.

It also selected a default Log Analytics workspace. That’ll be fine, so we don’t need to change it. Since all of these settings are okay, we can go with the default data collection rule.

Now click “Configure”. It’s installing the Azure Monitor Agent. It’ll take 5 or 10 minutes before any data shows up, so I’ll fast-forward.

Okay, it’s done. Just so you know, I had to refresh the browser to get the page to update. It didn’t work when I used this “Refresh” button.

Now, we can click on “Analyze data”. VM insights shows some basic graphs for CPU, memory, disk, and networking. To dig deeper, we can go to “Metrics”. It already has lots of metrics available in this dropdown menu, but it’s possible to have even more. Go to “Diagnostic settings”. There’s a button called “Enable guest-level monitoring”. This will install the Azure Diagnostics agent on the VM. There’s quite a bit of overlap in the functionality of the Diagnostics agent and the Azure Monitor agent. In fact, Microsoft is eventually going to consolidate these two agents and retire the Diagnostics agent.

When it’s finished installing, you’ll see many types of diagnostics you can configure, such as performance counters, crash dumps, and boot diagnostics. To collect more metrics, we need to click “Configure performance counters”. It’s already configured to collect CPU, memory, disk, and network data, but if you’re using ASP.NET or SQL Server on your VM, then you can enable diagnostic data to be collected from those as well.

To configure operating system log collection, click the Logs tab. Since this is a Windows VM, it’s configured to collect data from Windows event logs, including application, security, and system logs. By default, these levels of log messages are already configured to be sent to Azure Monitor. Once the Diagnostics agent has started sending those logs, you can query them using Log Analytics, and you can also create alerts that will notify you about specific errors that appear in the Windows logs.

By the way, if this were a Linux VM, it would let you configure which types of Syslog entries to send to Azure Monitor. That’s the Linux equivalent of Windows event logs.

There’s still one other potential source of monitoring data, and that’s the custom applications you’re running on the VM. To send that data to Azure Monitor, you need to install yet another agent called the Application Insights agent.

Here’s a summary of the various VM monitoring agents. The Azure Monitor agent collects guest operating system data. The Diagnostics agent also collects operating system data, but it sends additional data, such as crash dumps. It will eventually be replaced by the Azure Monitor agent. The Dependency agent collects data that’s used by the Map feature of VM insights. And finally, the Application Insights agent collects performance data for your own custom applications.

And that’s it for this overview of VM monitoring agents.

About the Author
Learning Paths

Guy launched his first training website in 1995 and he's been helping people learn IT technologies ever since. He has been a sysadmin, instructor, sales engineer, IT manager, and entrepreneur. In his most recent venture, he founded and led a cloud-based training infrastructure company that provided virtual labs for some of the largest software vendors in the world. Guy’s passion is making complex technology easy to understand. His activities outside of work have included riding an elephant and skydiving (although not at the same time).