Azure: Services & Architecture
by Sergey Okinchuk
SentinelMonitor

Chapter Six

Monitoring & Management

Six services for visibility, governance, and control of an Azure estate. Telemetry routes through one platform — Azure Monitor — while Policy and Resource Manager keep the estate consistent and auditable.

6 services

Core Terminology

Azure's management plane shares a vocabulary for telemetry and governance. These terms recur across the chapter.

Azure Monitor
The umbrella platform for metrics, logs, alerts, and dashboards. Application Insights and Log Analytics are parts of it, not separate products.
Log Analytics Workspace
The store and query engine for log and telemetry data, queried with KQL. Where Monitor, Sentinel, and Defender data lands.
KQL
Kusto Query Language — the read-only query language for logs and telemetry across Monitor, Sentinel, and Resource Graph.
ARM Template / Bicep
Declarative definitions of Azure resources. ARM is the JSON form; Bicep is the readable language that compiles to it.
Azure Policy
Rules evaluated against resources to audit or enforce configuration — allowed regions, required tags, denied SKUs — at scale.
Management Group
A container above subscriptions for applying policy and access across many subscriptions at once — the top of the governance hierarchy.

Services in This Chapter

Service 40
Azure Monitor
The platform for metrics, logs, alerts, and dashboards across every Azure resource. The single pane the other observability services feed into.
Observability
Service 41
Log Analytics
The log store and KQL query engine inside Azure Monitor. Where platform logs, app telemetry, and security signals are collected and analyzed.
Logs
Service 42
Application Insights
Application performance monitoring — distributed traces, dependencies, exceptions, and live metrics — for web apps and services. APM as part of Monitor.
APM
Service 43
Azure Policy
Audit and enforce resource configuration at scale: allowed Regions, required tags, denied SKUs. Governance as code across subscriptions.
Governance
Service 44
Azure Resource Manager
The deployment and management layer for everything in Azure. ARM templates and Bicep declare resources; RBAC and tags apply through it.
IaC
Service 45
Azure Arc
Projects on-premises and other-cloud servers, Kubernetes clusters, and databases into Azure for unified policy, monitoring, and management.
HybridManagement