Want to know how Microsoft does IT? IT Showcase is a preferred source of information technology expertise, straight from the top subject matter experts at Microsoft.
Managing the enterprise with Application Insights and Log Analytics
Managing the enterprise with Application Insights and Log Analytics
Managing the enterprise with Application Insights and Log Analytics
TechnicalCaseStudyIcon-Img  Technical Case Study
Tag Icon   Cloud and Enterprise, Windows and Devices
Jun 30, 2017
Star1 Star2 Star3 Star4 Star5
Enter below text to save article rating

Core Services Engineering (formerly Microsoft IT) uses Application Insights, Log Analytics, and Azure Automation to monitor system health and usage, policy compliance, and security in our Azure and on-premises environments. We’ve created guidance for deploying Azure-based monitoring that gives our internal business groups effective cloud-based, automated monitoring across Azure tenants, subscriptions, and resource groups. It’s a scalable, reliable solution that provides a holistic view of our workspaces and visibility into app functionality and performance.

Technical Case Study Blank Img
Powered by Microsoft Translator BingLogo_Img

Managing the enterprise with Application Insights and Log Analytics

In Core Services Engineering (CSE, formerly Microsoft IT), we use Microsoft Azure for cloud-based monitoring of our entire IT operations environment, from the cloud to the datacenter. And we’ve created a model to deploy and manage Application Insights, Log Analytics, and Azure Automation effectively at each level of our IT operations structure. The model is flexible so that business groups at Microsoft can monitor and manage their own IT environments to best suit their needs.

Moving Microsoft to the cloud

The cloud-first, mobile-first culture at Microsoft is designed to give our business groups the most effective IT workspaces possible. We quickly create environments, to the required scale, in a cost-effective manner.

Microsoft has championed the move to the cloud because it gives us the infrastructure to power the next generation of business applications in a DevOps-driven culture. It elevates collaboration and productivity, and helps our employees and our business to be more successful.

We support the largest public cloud—based corporate IT infrastructure in the world using Microsoft Azure. Azure is at the core of our cloud infrastructure and DevOps environment. We’re continually moving applications to the cloud, and Azure is our first choice for new IT solutions. Our Azure environment includes:

  • More than 1,700 active Azure subscriptions.
  • More than 250 cloud-based applications.
  • More than 16,000 Azure virtual machines.
  • More than 18 billion Azure Active Directory authentications per week.
  • More than 30 trillion objects stored on Microsoft Azure.

We’re dedicated to increasing our footprint in the cloud. By the end of the 2017 fiscal year, we will host over 90 percent of our IT infrastructure in Azure.

Managing the cloud from the cloud

With so many IT resources hosted in the cloud, we’re looking for more effective and agile ways to manage them. Azure allows us to integrate, monitor, and manage our cloud resources, with many benefits:

  • It’s cloud-based. We don’t need to add on-premises infrastructure to monitor and manage cloud resources.
  • It works across multiple services. Agents can be installed on Microsoft Azure, other cloud service providers, and even in datacenters.
  • It collects and analyzes logs and reporting across multiple platforms. These platforms include Windows and non-Windows hosts, as well as formatted logs from any network or device. This enables comprehensive monitoring and management.
  • It automates tasks and uses familiar operational components. It also uses familiar automation tools, like PowerShell scripts and runbooks.
  • It can be quickly created, customized, and deployed. It doesn’t require complicated setup or significant infrastructure administration because it’s cloud based and user-directed.

Using Azure monitoring at Microsoft

Azure monitoring spans our entire organization—it gives us a view of our Azure environment that allows us to meet the critical needs of our business. We have more than 25,000 systems reporting to the four main monitoring workspaces:

  • Federal (entire enterprise). The federal workspace includes all environments in the organization and provides a view across CSE. The primary concerns at this level are security monitoring and security patch management.
  • State (Azure tenant). Typically, the state workspace corresponds to a business group, and is designed to give that group information about patch compliance, Azure right-sizing analytics, and business group reporting.
  • City (Azure subscription). The city workspace includes individual Azure subscriptions. The primary concerns here are deploying patches, tracking change configuration, monitoring applications, and analyzing performance.
  • Neighborhoods (resource groups). These workspaces provide the same metrics as the city level, but for an individual application or solution.

Figure 1 illustrates the primary components and relationships involved in our company-wide cloud monitoring model.

The figure shows the three workspaces in the CSE Azure monitoring model. Federal, state, and city workspaces gather information from Azure monitoring agents and report the relevant data.
Figure 1. The Azure monitoring model across CSE [open large image in new window]

Understanding topology and configuration

We stream Azure reporting data from a single collection point—the client agent. All workspaces pull data from the agent in real time. This ensures accurate and relevant data across all the workspaces with no data stagnation or duplication. For hybrid solutions that contain on-premises components, Azure monitoring also integrates with System Center Operations Manager to enable complete visibility of all hybrid components and a complete picture of the hybrid solution. The workspaces provide key data, as shown in Figure 2, and Azure Automation runbooks and schedules enable responsive issue remediation.

The figure shows different Azure monitoring agents. The agents are Azure infrastructure as a service, on-premises direct, and on-premises through a System Center Operations Manager management group. Azure Automation interacts with the monitoring workspace to maintain schedules and execute runbooks.
Figure 2. Basic Azure monitoring agent and workspace configuration [open large image in new window]


Azure monitoring puts control and configuration in the hands of the app and solution owners—the people who know the environment. By “democratizing” management, Microsoft business groups can focus on the aspects of monitoring that are critical to them. Key stakeholders and managers can view data that offers higher-level, holistic views of their environment. Because our data stream is real-time and agent-based, everyone has the same data source.

Update management

We use Azure Automation to manage updates on the Azure-managed infrastructure. Log Analytics enables very distinct dashboards that allow us to view update status across the different levels of monitoring workspaces (federal, city, state), while still allowing the owners of each solution to manage the update process.

Active and responsive alerts and notifications

By monitoring processes in Azure, we can combine several Azure-based technologies to generate metrics and alerts. The data collected from Application Insights and Log Analytics feeds directly into Azure Automation to create responsive remediation, and we use it at many different levels.

Azure Automation manages routine remediation tasks. Azure Automation runbooks contain completely automated code to resolve issues; if Application Insights finds an issue and generates an alert, it calls the appropriate runbook, which runs the remediation. As Application Insights continues to monitor the app, the remediation is shown on the dashboard. If other issues remain, the same runbook—or other, secondary runbooks—is called for complete remediation. Of course, administrators and other stakeholders can be notified about issues and remediation on the dashboard or by email, as shown in Figure 3 with an example from our DataMall app.

Description: The graphic depicts a runbook workflow. The Azure monitoring instance performs calls to Azure runbooks, which send Azure runbook actions to DataMall. DataMall then provides data flow back to App Insights.
Figure 3. Typical alert-driven workflow using Application Insights and Azure Automation runbooks [open large image in new window]

Gaining business insights

We’re also processing the data that Application Insights and Log Analytics collect into our IT insights database to gain both app and business insights. The two services also report on important environment health and usage data, and reveal opportunities for cost savings or trends that might affect several solutions.

Security and compliance

We’re concerned with several key areas of security and compliance, including:

  • Applying and verifying security baselines.
  • Managing threats and vulnerability.
  • Applying correct patches.

Business groups manage the solution for their engineering teams. We deploy the Secure DevOps Kit for Azure to engineering teams so that they have the security tools and standards they need. We encourage them to configure their workspace to fit their needs, so they can maintain autonomy over their workspace. We also ask them to configure their monitoring agents to multi-home to the additional workspace (state and federal) to get graduated views. This way, the stakeholders see the information they need at each level.

We track several aspects of security and compliance on each level.

Federal workspace

In this workspace, we want to see a holistic overview of security and compliance. Central IT management needs to understand potential security risks across their organization. At the federal level, we use these Security & Compliance dashboards:

  • Security and Audit
  • SQL Assessment
  • Update Compliance
  • Change Tracking
  • Key Vault Analytics
State workspace

In this workspace, we want to give business groups important compliance and health data. We provide the following dashboards:

  • Security and Audit
  • SQL Assessment
  • Update Compliance
  • Change Tracking
  • Key Vault Analytics
City workspace

This workspace gives views by application group, and it provides the following security-related dashboards to help people who are managing the city workspace respond to issues and resolve them:

  • Security and Audit
  • Anti-malware
  • SQL Assessment
  • Update Management
  • Update Compliance
  • Azure network security
  • Change Tracking
  • Key Vault Analytics
  • Service Map


By using Azure monitoring, we have a comprehensive view of functionality in all the key workspaces at Microsoft. The primary gains we get from using Azure monitoring will increase as our use of Azure monitoring grows and matures. Benefits include:

  • A holistic view of our environment. With Azure monitoring, we can use multi-tier workspaces that offers managers a view of compliance and security, all pulled from a common data source.
  • Simple implementation. Using a mostly out-of-the-box implementation, we can very quickly set up and configure Azure monitoring. In most cases, we can set up a working monitoring environment in one day.
  • Scalability and resiliency. Because the monitoring platform is hosted in Azure, it takes advantage of native scalability and resiliency capabilities without requiring extra infrastructure or planning.
  • Clear visibility into app functionality. Application Insights and Log Analytics give us a very clear view of app functionality. We can view metrics and graphs for an entire application, or we can drill down into specific performance and log details.

For more information

Microsoft IT Showcase



© 2017 Microsoft Corporation. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Share Widget Slider share icon

Share on Facebook

New to Facebook?
Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.

Share a link with your followers

twitter login icon
New to Twitter?
Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.

Share on LinkedIn

New to LinkedIn?
Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.
How Microsoft does IT
Overall, how satisfied are you with our site?
Additional Comments:
Please enter your feedback comment of minimum 30 characters