Azure Government Monitoring + Management

This article outlines the monitoring and management services variations and considerations for the Azure Government environment.

Advisor

Advisor is in public preview in Azure Government.

For more information, see Advisor public documentation.

Variations

The following Advisor recommendations are not currently available in Azure Government:

  • Security
    • Security recommendations from Security Center
  • Cost
    • Optimize virtual machine spend by resizing or shutting down underutilized instances
    • Eliminate unprovisioned ExpressRoute circuits
  • Performance
    • Improve App Service performance and reliability
    • Improve Redis Cache performance and reliability

Automation

Automation is generally available in Azure Government.

For more information, see Automation public documentation.

Backup

Backup is generally available in Azure Government.

For more information, see Azure Government Backup.

Policy

Policy is generally available in Azure Government.

For more information, see Azure Policy.

Site Recovery

Azure Site Recovery is generally available in Azure Government.

For more information, see Site Recovery commercial documentation.

Variations

The following Site Recovery features are not currently available in Azure Government:

  • Email notification
Site Recovery Classic Resource Manager
VMWare/Physical GA GA
Hyper-V GA GA
Site to Site GA GA

The following URLs for Site Recovery are different in Azure Government:

Azure Public Azure Government Notes
*.hypervrecoverymanager.windowsazure.com *.hypervrecoverymanager.windowsazure.us Access to the Site Recovery Service
*.backup.windowsazure.com *.backup.windowsazure.us Access to Protection Service
*.blob.core.windows.net *.blob.core.usgovcloudapi.net For storing the VM Snapshots
http://cdn.mysql.com/archives/mysql-5.5/mysql-5.5.37-win32.msi http://cdn.mysql.com/archives/mysql-5.5/mysql-5.5.37-win32.msi To download MySQL

Monitor

Azure Monitor is generally available in Azure Government.

For more information, see Monitor commercial documentation.

Variations

The following sections detail differences and workarounds for features of Azure Monitor in Azure Government:

Action Groups

Action Groups are generally available in Azure Government with no differences from commercial Azure.

Activity Log Alerts

Activity Log Alerts are generally available in Azure Government with no differences from commercial Azure.

Alerts Experience

The unified alerts UI experience is not available in Azure Government.

Autoscale

Autoscale is generally available in Azure Government.

If you are using PowerShell/ARM/REST calls to specify settings, set the "Location" of the Autoscale to "USGov Virginia" or "USGov Iowa". The resource targeted by Autoscale can exist in any region. An example of the setting is below:

$rule1 = New-AzureRmAutoscaleRule -MetricName "Requests" -MetricResourceId "/subscriptions/S1/resourceGroups/RG1/providers/Microsoft.Web/sites/WebSite1" -Operator GreaterThan -MetricStatistic Average -Threshold 10 -TimeGrain 00:01:00 -ScaleActionCooldown 00:05:00 -ScaleActionDirection Increase -ScaleActionScaleType ChangeCount -ScaleActionValue "1" 
$rule2 = New-AzureRmAutoscaleRule -MetricName "Requests" -MetricResourceId "/subscriptions/S1/resourceGroups/RG1/providers/Microsoft.Web/sites/WebSite1" -Operator GreaterThan -MetricStatistic Average -Threshold 10 -TimeGrain 00:01:00 -ScaleActionCooldown 00:10:00 -ScaleActionDirection Increase -ScaleActionScaleType ChangeCount -ScaleActionValue "2"
$profile1 = New-AzureRmAutoscaleProfile -DefaultCapacity 2 -MaximumCapacity 10 -MinimumCapacity 2 -Rules $rule1, $rule2 -Name "MyProfile"
$webhook_scale = New-AzureRmAutoscaleWebhook -ServiceUri https://example.com?mytoken=mytokenvalue
$notification1= New-AzureRmAutoscaleNotification -CustomEmails myname@company.com -SendEmailToSubscriptionAdministrator -SendEmailToSubscriptionCoAdministrators -Webhooks $webhook_scale
Add-AzureRmAutoscaleSetting -Location "USGov Virginia" -Name "MyScaleVMSSSetting" -ResourceGroup sdubeys-usgv -TargetResourceId /subscriptions/s1/resourceGroups/rg1/providers/Microsoft.Web/serverFarms/ServerFarm1 -AutoscaleProfiles $profile1 -Notifications $notification1

If you are interested in implementing autoscale on your resources, use PowerShell/ARM/Rest calls to specify the settings.

For more information on using PowerShell, see public documentation.

Diagnostic Logs

Diagnostic Logs are generally available in Azure Government with no differences from commercial Azure.

Metrics

Metrics are generally available in Azure Government. However, multi-dimensional metrics are supported only via the REST API. The ability to show multi-dimensional metrics is in preview in the Azure Government portal.

Metric Alerts

The first generation of metrics alerts is generally available in both Azure Government and commercial Azure. The first generation is called Alerts (Classic). A second generation of alerts is available only in commercial Azure.

When using PowerShell/ARM/Rest calls to create Metric Alerts, you will need to set the "Location" of the metric alert to "USGov Virginia" or "USGov Iowa". An example of the setting is below:

$actionEmail = New-AzureRmAlertRuleEmail -CustomEmail myname@company.com 
$actionWebhook = New-AzureRmAlertRuleWebhook -ServiceUri https://example.com?token=mytoken 
Add-AzureRmMetricAlertRule -Name vmcpu_gt_1 -Location "USGov Virginia" -ResourceGroup myrg1 -TargetResourceId /subscriptions/s1/resourceGroups/myrg1/providers/Microsoft.ClassicCompute/virtualMachines/my_vm1 -MetricName "Percentage CPU" -Operator GreaterThan -Threshold 1 -WindowSize 00:05:00 -TimeAggregationOperator Average -Actions $actionEmail, $actionWebhook -Description "alert on CPU > 1%" 

For more information on using PowerShell, see public documentation.

Log Analytics

Log Analytics is generally available in Azure Government.

Variations

  • Solutions that are available in Azure Government include:
    • Network Performance Monitor (NPM) - NPM is a cloud-based network monitoring solution for public and hybrid cloud environments. Organizations use NPM to monitor network availability across on-premises and cloud environments. Endpoint Monitor - a subcapability of NPM, monitors network connectivity to applications.

The following Log Analytics features and solutions are not currently available in Azure Government.

  • Solutions that are in preview in Microsoft Azure, including:
    • Service Map
    • Windows 10 Upgrade Analytics solution
    • Application Insights solution
    • Azure Networking Security Group Analytics solution
    • Azure Automation Analytics solution
    • Key Vault Analytics solution
  • Solutions and features that require updates to on-premises software, including:
    • Surface Hub solution
  • Features that are in preview in public Azure, including:
    • Export of data to Power BI
  • Azure metrics and Azure diagnostics
  • Operations Management Suite mobile application

The URLs for Log Analytics are different in Azure Government:

Azure Public Azure Government Notes
mms.microsoft.com oms.microsoft.us Log Analytics portal
workspaceId.ods.opinsights.azure.com workspaceId.ods.opinsights.azure.us Data collector API
*.ods.opinsights.azure.com *.ods.opinsights.azure.us Agent communication - configuring firewall settings
*.oms.opinsights.azure.com *.oms.opinsights.azure.us Agent communication - configuring firewall settings
*.blob.core.windows.net *.blob.core.usgovcloudapi.net Agent communication - configuring firewall settings
portal.loganalytics.io portal.loganalytics.us Advanced Analytics Portal - configuring firewall settings
api.loganalytics.io api.loganalytics.us Advanced Analytics Portal - configuring firewall settings
docs.loganalytics.io docs.loganalytics.us Advanced Analytics Portal - configuring firewall settings
*.azure-automation.net *.azure-automation.us Azure Automation - configuring firewall settings
N/A *.usgovtrafficmanager.net Azure Traffic Manager - configuring firewall settings

The following Log Analytics features behave differently in Azure Government:

Frequently asked questions

  • Can I migrate data from Log Analytics in Microsoft Azure to Azure Government?
    • No. It is not possible to move data or your workspace from Microsoft Azure to Azure Government.
  • Can I switch between Microsoft Azure and Azure Government workspaces from the Operations Management Suite Log Analytics portal?
    • No. The portals for Microsoft Azure and Azure Government are separate and do not share information.

For more information, see Log Analytics public documentation.

Scheduler

For information on this service and how to use it, see Azure Scheduler Documentation.

Azure portal

The Azure Government portal can be accessed here.

Azure Resource Manager

For information on this service and how to use it, see Azure Resource Manager Documentation.

Next steps