Monitor resources in Azure
📘Microsoft Certified: Azure Administrator Associate (AZ-104)
Azure Monitor Insights is a collection of prebuilt monitoring dashboards and analytics tools designed to help Azure Administrators quickly understand the health, performance, and usage of different Azure resources. Instead of building dashboards manually, Insights provides ready-made visualizations, metrics, logs, and recommendations for common resource types.
In AZ-104, you must understand how to monitor Virtual Machines, Storage Accounts, and Network resources using Azure Monitor Insights.
1. What Is Azure Monitor Insights?
Azure Monitor Insights is built on top of:
- Metrics — numerical data (CPU %, disk latency, network throughput, etc.)
- Logs — detailed event and performance data stored in a Log Analytics workspace.
- Workbooks — interactive dashboards that visualize metrics and logs.
- Alerts — automated notifications when something needs attention.
Azure Insights automatically analyzes these signals and presents them in easy dashboards.
Key Insights types required for AZ-104:
- VM Insights
- Storage Insights
- Network Insights (Network Watcher + Connection Monitor + Traffic Analytics)
—————————————–
2. VM Insights (Virtual Machine Monitoring)
—————————————–
VM Insights provides deep visibility into the performance and health of Azure and hybrid VMs. It uses:
- Azure Monitor Metrics
- Log Analytics agent or Azure Monitor agent (AMA)
- Dependency Map (“Map” feature)
What VM Insights Shows
A. Performance Monitoring (CPU, Memory, Disk, Network)
VM Insights gives you a full performance view:
| Metric | What it Means |
|---|---|
| CPU Utilization | Measures processing load |
| Available Memory | Shows RAM pressure |
| Disk IOPS, latency | Detects slow storage performance |
| Network in/out | Shows throughput or bandwidth issues |
IT Example:
If users report slow application response inside a VM, VM Insights helps you check CPU spikes, RAM pressure, or slow disk performance to find the root cause.
B. Map (Dependency Visualization)
The Map feature automatically discovers:
- Which services the VM connects to
- Which ports it listens on
- Outbound and inbound network flows
- Connections to databases, storage, internal systems, or load balancers
IT Example:
If a VM cannot reach a database, the dependency map helps you identify whether the connection is blocked, misconfigured, or failing due to network issues.
C. Health Monitoring
VM Insights evaluates:
- OS health
- Agent status
- Boot diagnostics
- Heartbeat (VM responsiveness)
Azure creates an overview showing which VMs are healthy, warning, or critical.
D. Log Queries (for deeper analysis)
Once VM data is stored in Log Analytics, you can query it using KQL (Kusto Query Language), such as:
- Failed logins
- Disk failures
- Application errors
- CPU spikes over time
E. How to Enable VM Insights (Exam Knowledge)
- Go to Azure Monitor → Insights → Virtual Machines
- Select Enable
- Choose a Log Analytics workspace
- Install the Azure Monitor Agent (AMA) on the VM
- Wait for data to populate
F. Exam Tips for VM Insights
- Requires Log Analytics workspace ✔
- Uses Azure Monitor Agent (AMA) for data collection ✔
- Map requires dependency agent (legacy) but now supported through AMA ✔
- Supports Windows and Linux VMs ✔
- Useful for performance, health, and dependency mapping ✔
—————————————–
3. Storage Insights (Storage Account Monitoring)
—————————————–
Storage Insights provides monitoring for Azure Storage Accounts, including:
- Blob
- File share
- Queue
- Table
What Storage Insights Tracks
A. Capacity Monitoring
Shows:
- Total storage used
- Usage by container/file share
- Data growth trends
IT Example:
When a development team keeps adding application logs into Blob Storage, Storage Insights helps you discover capacity growth before it impacts cost or performance.
B. Performance Monitoring
Important metrics Azure Monitor tracks:
| Metric | Meaning |
|---|---|
| Egress/Ingress | Data going in/out of the storage account |
| Requests | Number of read/write operations |
| Throttling (%) | When Azure storage limits are reached |
| Server latency | Time taken by Azure storage service to process a request |
| Availability | Percentage of successful requests |
C. Storage Account Health
Azure Monitor provides:
- Service health
- Endpoint health (blob, file, queue, table)
- Latency issues
- Authentication/authorization errors
Example issues you can detect:
- Too many 403 errors (key or SAS token issues)
- High throttling due to hot partitions
- Slow reads/writes on specific containers
D. Logs for Storage Accounts
To enable logging:
- Open Storage Account → Diagnostic Settings
- Send metrics/logs to:
- Log Analytics workspace
- Storage account
- Event Hub
Examples of logs you can collect:
- Read operations
- Write operations
- Delete operations
- Network errors
E. Exam Tips for Storage Insights
- Must enable diagnostic settings to collect logs ✔
- Uses Azure Monitor Metrics (default available) ✔
- Insight view breaks down usage by container/fileshare ✔
- Helps detect throttling, latency issues, authentication failures ✔
—————————————–
4. Network Insights (Network Monitoring in Azure)
—————————————–
Network monitoring in Azure is done using:
A. Network Insights (Azure Monitor)
Shows unified health and performance of:
- VNets
- Subnets
- NSGs
- Public IPs
- Load balancers
- Application gateways
Key Network Monitoring Tools to Know for AZ-104
1. Network Watcher
Includes diagnostics for:
● Connection Monitor
Tests connectivity between:
- VM ↔ VM
- VM ↔ Database
- VM ↔ Internet endpoint
- VM ↔ Load balancer
It measures:
- Packet loss
- Latency
- TCP handshake success
IT Example:
If an application fails to connect to a database, Connection Monitor shows where the connection is blocked (NSG, Firewall, routing issue, etc.).
● NSG Flow Logs
Logs all network traffic allowed or denied by NSGs.
Useful for:
- Security auditing
- Troubleshooting blocked connections
- Understanding traffic patterns
Logs are stored in a storage account or Log Analytics.
● Traffic Analytics
Processes NSG Flow Logs to show:
- Top talkers (high-traffic sources)
- Traffic volume
- Threat detection patterns
- Cross-subnet communication
- Possible misconfigurations
● IP Flow Verify
Checks if traffic is allowed or denied by NSGs or route tables.
● Packet Capture
Captures raw network packets for deep troubleshooting.
● Effective Security Rules & Effective Routes
Shows the final, combined routing and network security rules applied to a VM’s network interface.
Useful for finding:
- Conflicting NSG rules
- Incorrect routing causing connection failure
- Overlapping firewall or NSG policies
—————————————–
5. Unified Network Insights in Azure Monitor
Azure Monitor also provides advanced dashboards that show:
- Network health
- Latency between regions
- VPN and ExpressRoute performance
- Traffic flows between subnets
- Load balancer health + backend pool monitoring
Exam Tips for Network Insights
- Network Watcher must be enabled per region ✔
- NSG Flow Logs require a storage account to store logs ✔
- Traffic Analytics requires Log Analytics workspace ✔
- Connection Monitor tests end-to-end connectivity ✔
- Use IP Flow Verify to check allow/deny status ✔
- Effective routes help troubleshoot routing issues ✔
—————————————–
6. How Azure Monitor Insights Helps IT Teams
Azure Monitor Insights is widely used in enterprise environments:
Examples:
- Monitoring VM performance during application deployments
- Tracking storage account throttling for high-traffic apps
- Diagnosing network latency between application tiers
- Identifying NSG rules that may block required service ports
- Detecting slow disk performance affecting databases
- Observing capacity growth in file shares used by employees
These capabilities help operations teams identify and fix problems before they affect users.
—————————————–
7. What You Must Know for the AZ-104 Exam
✔ VM Insights requires Azure Monitor Agent (AMA)
✔ VM Insights provides performance, health, and dependency mapping
✔ Storage Insights gives capacity, performance, and availability monitoring
✔ Storage logs must be enabled via Diagnostic Settings
✔ Network monitoring is done with Network Watcher and Network Insights
✔ NSG Flow Logs + Traffic Analytics require:
- Storage Account
- Log Analytics workspace
✔ Connection Monitor tests end-to-end connectivity
✔ Effective Security Rules and Effective Routes help diagnose network issues
Conclusion
Azure Monitor Insights provides a clear, powerful, and automated way to monitor:
- VM performance and dependencies
- Storage capacity, performance, and health
- Network connectivity, traffic, and security
Understanding these dashboards, metrics, logs, and tools is essential for passing the AZ-104 exam and for real-world Azure administration.
