Reactive IT management — waiting for something to break before fixing it — is a model that costs UK businesses millions of pounds every year in lost productivity, emergency callouts, and reputational damage. The alternative is proactive management: continuously monitoring your infrastructure, identifying problems before they impact users, and resolving issues before anyone even notices something was wrong.
Azure Monitor is Microsoft's comprehensive monitoring platform, and for UK businesses running workloads in Azure, hybrid environments, or even entirely on-premises infrastructure with Azure Arc, it provides the tools to shift from reactive firefighting to proactive IT management. This guide covers how to leverage Azure Monitor effectively, from initial setup through to building dashboards that give you genuine visibility into the health and performance of your entire IT estate.
What Azure Monitor Actually Does
Azure Monitor is not a single tool but a collection of integrated services that together provide end-to-end monitoring of your applications, infrastructure, and network. Understanding the key components is essential before you start configuring anything.
Metrics are numerical values collected at regular intervals that describe some aspect of a system. CPU utilisation, memory usage, disk IOPS, network throughput, and request latency are all metrics. Azure Monitor collects metrics from Azure resources automatically with no configuration required, and stores them for 93 days by default. Metrics are lightweight, near-real-time, and ideal for alerting and dashboards.
Logs are detailed records of events and activities. Unlike metrics, which are numerical summaries, logs contain rich, structured data about what happened, when, and why. Azure Monitor Logs (powered by Log Analytics) stores log data in a workspace where it can be queried using Kusto Query Language (KQL). Logs are essential for troubleshooting, forensic investigation, and deep analysis.
Application Insights is the application performance monitoring (APM) component of Azure Monitor. It instruments your applications to collect detailed telemetry about request rates, response times, failure rates, dependency calls, exceptions, and user behaviour. For UK businesses running web applications, APIs, or microservices, Application Insights provides the visibility needed to detect and diagnose performance issues before they affect users.
UK businesses often ask whether they need Azure Monitor when they already have tools like Datadog, New Relic, Splunk, or PRTG. The answer depends on your environment. If you are primarily Azure-based, Azure Monitor provides the deepest integration at the lowest cost — it is built into the platform and many features are included at no extra charge. If you run a multi-cloud environment (Azure plus AWS plus GCP), a third-party tool may provide better unified visibility. For most UK SMEs with Azure-centric infrastructure, Azure Monitor combined with Microsoft Sentinel for security monitoring provides a comprehensive, cost-effective solution without the overhead of managing additional vendor relationships and licences.
Log Analytics: Your Monitoring Foundation
The Log Analytics workspace is the central repository for all monitoring data in Azure Monitor. Think of it as a powerful database that ingests data from dozens of sources and allows you to query, analyse, and visualise that data using KQL.
Setting up a Log Analytics workspace correctly from the start is critical, because the decisions you make about data retention, data collection rules, and workspace architecture affect both cost and capability. For most UK businesses with a single Azure environment, a single Log Analytics workspace is the right approach. Multi-workspace architectures add complexity and should only be considered if you have specific regulatory requirements (such as data residency) or need to separate billing between business units.
Configure data collection rules to send the following data to your workspace: Azure resource logs (diagnostic settings for VMs, SQL databases, App Services, etc.), Windows and Linux performance counters (CPU, memory, disk, network), Windows Event Logs and Linux Syslog, custom application logs, and Azure Activity Logs (administrative operations and service health events). Each data source has a cost associated with data ingestion, so be selective — collect what you need for monitoring and troubleshooting, but avoid ingesting verbose debug logs that inflate costs without adding value.
| Data Source | What It Provides | Typical Ingestion Volume | Cost Impact |
|---|---|---|---|
| Azure Activity Logs | Administrative operations, service health, security events | Low (MBs/day) | Free for first 90 days retention |
| VM Performance Counters | CPU, memory, disk, network metrics at regular intervals | Medium (100–500 MB/day per VM) | Moderate — tune collection frequency |
| Windows Event Logs | System, application, and security events | Medium to high (varies by server role) | Filter to critical/warning events only |
| Application Insights telemetry | Request traces, exceptions, dependencies, custom events | High (can be GBs/day for busy apps) | Use sampling to control volume |
| Azure SQL diagnostics | Query performance, waits, deadlocks, resource usage | Medium (100–300 MB/day per database) | Essential for database performance tuning |
| Network flow logs | Traffic patterns, NSG flow data, connection tracking | High (can be GBs/day for busy networks) | Significant — enable selectively |
Application Insights: Deep Application Visibility
For UK businesses running web applications — whether customer-facing websites, internal line-of-business apps, or APIs — Application Insights provides a level of visibility that transforms how you manage application health.
Application Insights works by embedding a lightweight SDK into your application code (available for .NET, Java, Node.js, Python, and JavaScript) or by using auto-instrumentation for supported platforms. Once instrumented, it automatically collects request rates and response times for every endpoint, dependency calls to databases, APIs, and external services with their response times, exception details with full stack traces, page view and user session telemetry for web applications, and custom events and metrics that you define in your code.
The Application Map feature provides a visual topology of your application and all its dependencies, showing the health and performance of each component at a glance. If your web application calls an Azure SQL database, a third-party payment API, and a Redis cache, the Application Map shows all three dependencies, their response times, and their failure rates. When something slows down, you can see immediately which component is the bottleneck.
Alerts and Action Groups: Automated Response
Monitoring data is only useful if it triggers action when something goes wrong. Azure Monitor's alerting system allows you to define conditions that automatically notify your team or trigger automated remediation when critical thresholds are breached.
There are three types of alerts in Azure Monitor. Metric alerts fire when a metric value crosses a threshold (for example, CPU usage exceeds 90% for more than five minutes). Log alerts fire when a KQL query against Log Analytics returns results matching your criteria (for example, more than five failed login attempts in 10 minutes). Activity log alerts fire when specific administrative or service health events occur (for example, a virtual machine is deallocated or an Azure service experiences an outage in the UK South region).
Each alert is connected to an action group that defines what happens when the alert fires. Action groups can send email notifications, SMS messages, push notifications to the Azure mobile app, trigger Azure Functions for automated remediation, call webhooks to integrate with ITSM tools like ServiceNow or Freshservice, or create tickets in Azure DevOps. For UK businesses with managed IT support, the most common configuration routes critical alerts to the MSP's monitoring platform for immediate triage, while lower-priority alerts generate tickets for scheduled review.
Dashboards: Visibility at a Glance
Dashboards are where monitoring data becomes actionable intelligence. Azure Monitor supports two dashboard options: Azure Dashboards (native to the Azure portal) and Azure Managed Grafana (for those who prefer the open-source Grafana interface).
For most UK businesses, Azure Dashboards provide a straightforward, no-additional-cost way to visualise monitoring data. You can pin metric charts, log query results, resource health status, and alert summaries to create a single-pane-of-glass view of your environment. Build separate dashboards for different audiences: a high-level executive dashboard showing overall health and key performance indicators, an operations dashboard with detailed metrics and recent alerts for your IT team, and application-specific dashboards for development teams monitoring individual services.
If you need more advanced visualisation capabilities, Azure Managed Grafana provides Grafana-as-a-service with native integration to Azure Monitor data sources. Grafana's query builder, alert management, and extensive template library make it a powerful option for teams that need sophisticated dashboards. The managed service costs approximately £0.36 per hour for the Standard tier, which equates to roughly £260 per month.
The most effective dashboards follow several principles. Start with the user story. Who will look at this dashboard, and what decisions do they need to make? An IT operations engineer needs different data from a finance director. Use traffic light indicators. Green, amber, and red status indicators allow instant assessment without reading detailed metrics. Show trends, not just current values. A CPU metric showing 85% is concerning, but knowing whether it has been climbing steadily for three days or spiked suddenly in the last hour leads to very different responses. Include time selectors. Allow users to zoom in and out of time ranges to investigate patterns. Limit to 10–15 tiles per dashboard. More than that and the dashboard becomes overwhelming rather than informative.
Cost Monitoring: Keeping Azure Spend Under Control
For UK businesses, Azure cost management is a critical aspect of proactive management. Cloud costs can escalate rapidly if not monitored, and many organisations have experienced unexpected bills when resources were inadvertently left running or when usage patterns changed.
Azure Monitor integrates with Azure Cost Management to provide real-time visibility into spending. Configure budget alerts to notify you when spending approaches defined thresholds — for example, alert at 75% of monthly budget, again at 90%, and escalate at 100%. Use cost analysis to identify the most expensive resources, track spending trends over time, and compare actual spend against forecasts.
For proactive cost management, create log queries that identify potential waste: virtual machines running 24/7 that could be auto-shut down outside business hours, oversized resources consuming more capacity than they need, orphaned disks and IP addresses that are being billed but not used, and storage accounts with excessive data or no lifecycle policies. Schedule these queries to run weekly and route the results to your IT operations team for review.
Reactive Cost Management
Proactive Cost Management
Integration with ITSM Tools
For UK businesses with established IT service management processes, Azure Monitor's integration capabilities ensure that monitoring feeds directly into your ticketing and incident management workflows.
The most common integration pattern uses Azure Monitor action groups to trigger webhooks when alerts fire, which in turn create incidents in ITSM platforms like ServiceNow, Freshservice, Jira Service Management, or Zendesk. This ensures every alert generates a tracked ticket with proper categorisation, prioritisation, and assignment — no alerts are silently ignored or lost in an email inbox.
Microsoft also provides the IT Service Management Connector (ITSMC) as a native Azure Monitor feature, offering out-of-the-box integration with ServiceNow, System Center Service Manager, Provance, and Cherwell. For ServiceNow users, the newer Secure Webhook integration provides a more robust, Azure AD-authenticated connection that creates incidents directly in ServiceNow with full alert context.
For managed service providers supporting UK businesses, the integration between Azure Monitor and their PSA (Professional Services Automation) tool is critical. Alerts should automatically create tickets in the MSP's ticketing system, assigned to the appropriate support tier based on severity, with all relevant diagnostic data attached. This reduces mean time to resolution by eliminating the manual step of logging tickets and gathering initial diagnostic information.
Building Your Monitoring Strategy
Deploying Azure Monitor is not a one-time project but an evolving practice that matures over time. Start with the fundamentals and build complexity gradually.
Phase one: Foundation. Enable diagnostic settings on all Azure resources, deploy the Azure Monitor Agent to all virtual machines, create a Log Analytics workspace with appropriate retention settings, and configure basic metric alerts for critical resources (VM CPU, memory, disk; database DTU consumption; App Service response times and error rates).
Phase two: Application monitoring. Deploy Application Insights to customer-facing and business-critical applications, configure availability tests (synthetic monitoring) to detect outages from external perspectives, build application-specific dashboards showing key health metrics, and set up smart detection rules that automatically identify anomalies in application behaviour.
Phase three: Advanced operations. Create workbooks (interactive reports that combine metrics, logs, and text) for deep-dive investigations. Implement automated remediation using Azure Functions triggered by alerts. Deploy Azure Monitor for Network to gain visibility into network performance and connectivity. Integrate with Microsoft Sentinel for unified security monitoring alongside operational monitoring.
Ready to Move from Reactive to Proactive IT Management?
Cloudswitched helps UK businesses implement comprehensive Azure monitoring solutions that catch problems before they impact your users. From initial Azure Monitor configuration and Log Analytics workspace design to custom dashboards, alerting strategies, and ITSM integration, we build the monitoring foundation that transforms your IT operations. Contact us to discuss your monitoring requirements.
GET IN TOUCH
CloudSwitched
Centrally located in London, Shoreditch, we offer a range of IT services and solutions to small/medium sized companies.