In my previous articles, I have briefly talked about the capabilities of Grafana and how grafana helps enhance the logging and reporting mechanism of Azure Monitor. Please check my previous article here, if you haven’t checked already. Grafana is a popular open-source analytics visualization tool that allows users to bring together logs, traces, metrics, and other disparate data from across an organization, regardless of where they are stored.

Until recently if your organization wanted to use Grafana, you would have to go through manual installation and configuration. This requires managing an additional infrastructure component where Grafana would be hosted. Microsoft recently announced Azure Managed Grafana in preview. This lets you create Azure Managed Grafana in a few clicks.

How it works?

As part of the setup, it creates below two components:

  • System Assigned managed identity for Azure Managed Grafana which is assigned “Monitoring Reader” permission at the target Azure Subscription. This lets managed identity for Grafana read all the monitoring data for reporting.
  • This also lets you create Grafana administrator roles. By default, your account is included as Grafana administrator role, unless checked explicitly.

Seamless connection across Azure data sources and beyond

The Grafana application lets users easily visualize all their telemetry data in a single user interface. As we all know Grafana can help users visualize and correlate multiple data sources across on-premises, Azure, and multi-cloud environments. Azure Managed Grafana particularly optimizes this experience for Azure-native data stores such as Azure Monitor and Data Explorer thus making it easy for customers to connect to any resource in their subscription and view all resulting telemetry in a familiar Grafana dashboard.

Customers can preserve existing charts in the Azure portal that are used for monitoring. Through service-to-service integration, our customers can bring any chart in the Azure portal over to their Azure Managed Grafana instance with a one-click “pin to” operation thus automating the entire migration process. 

Azure Managed Grafana also provides a rich set of built-in dashboards for various Azure Monitor features to help customers easily build new visualizations. For example, some features with built-in dashboards include Azure Monitor application insights, Azure Monitor container insights, Azure Monitor virtual machines insights, and Azure Monitor alerts.

Azure Managed Grafana also provides a rich set of built-in dashboards for various Azure Monitor features to help customers easily build new visualizations. For example, some features with built-in dashboards include Azure Monitor application insights, Azure Monitor container insights, Azure Monitor virtual machines insights, and Azure Monitor alerts.

This image is a dashboard titled “General / Azure Monitor - Application Insights”. Below are graphs that capture Application Insights telemetry on usage, reliability, responsiveness and browser.

Secured access and sharing of Grafana dashboards with Azure Active Directory

In Azure Managed Grafana, customers can customize user permissions with specific roles and assignments stored in Azure Active Directory. These definitions are mapped transparently to Grafana’s internal roles, which enforces the actual access control. This integration enables both simplicity and consistency by allowing customers to manage users in their teams and authorize their use of a Grafana instance centrally through Azure Active Directory.

On the backend, Azure Managed Grafana can be configured to access Azure Monitor through a managed identity that was set up as part of the Grafana instance creation. Using this option, customers do not need to deal with another credential separately—though that is still possible if preferred.