---
title: Getting Started with Azure
description: >-
  Connect Microsoft Azure with Datadog using Azure app registration integration
  options. Configure metric collection, log forwarding, and Agent installation.
breadcrumbs: >-
  Docs > Getting Started > Introduction to Integrations > Getting Started with
  Azure
---

# Getting Started with Azure

## Overview{% #overview %}

Datadog offers multiple configuration options for the Azure integration. This guide provides an overview of the various options available for getting started with Azure, with links to Azure resources and tutorials that address specific use cases.

## Prerequisites{% #prerequisites %}

If you haven't already, create a [Datadog account](https://www.datadoghq.com/).

{% collapsible-section #required-permissions %}
#### Permissions required for integration setup

### In Azure{% #in-azure %}

Your Microsoft Entra ID user needs the following permissions:

#### Permission to create an app registration{% #permission-to-create-an-app-registration %}

**One** of the following must be true for the user:

- `Users can register applications` has been set to `Yes`
- The user has the [Application Developer](https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#application-developer) role

##### Admin roles within your subscriptions{% #admin-roles-within-your-subscriptions %}

Within the subscriptions you wish to monitor, you must have either:

- The **Owner** role
- Both the **Contributor** and **User Access Admin** roles

#### Permission to add and grant consent for Graph API permissions{% #permission-to-add-and-grant-consent-for-graph-api-permissions %}

The [Privileged Role Administrator role](https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#privileged-role-administrator) contains the required permissions.

### In Datadog{% #in-datadog %}

The `Datadog Admin Role`, or any other role with the `azure_configurations_manage` permission.
{% /collapsible-section %}

{% callout %}
# Important note for users on the following Datadog sites: us3.datadoghq.com

{% alert level="danger" %}
[Cloud Cost Management](https://docs.datadoghq.com/cloud_cost_management/setup/azure/?tab=billingaccounts&site=us3#overview) and [Log Archives](https://docs.datadoghq.com/logs/log_configuration/archives/?tab=azurestorage) require the app registration setup method. For Datadog accounts using the Azure Native integration, follow the setup steps on this page to create an app registration. If a subscription is connected through both methods, a redundancy warning appears in the Azure integration tile. This warning can be safely ignored for Cloud Cost Management and Log Archives.
{% /alert %}

{% /callout %}

## Setup{% #setup %}

Follow the instructions on this page to set up the **Azure integration** through an app registration, available for all Datadog sites.

{% video
   url="https://datadog-docs.imgix.net/images//getting_started/integrations/azure/GSwAzure_siteSelector.mp4" /%}

{% collapsible-section #quickstart-setup %}
#### Quickstart (recommended)

### Choose the Quickstart setup method if…{% #choose-the-quickstart-setup-method-if %}

- You are setting up Datadog for the first time.
- You prefer a UI-based workflow and want to minimize the time it takes to create a service principal with the required monitoring permissions.
- You want to automate setup steps in scripts or CI/CD pipelines.

### Instructions{% #instructions %}

1. In the Azure integration tile, click **+ Add New App registration**, then select **Quickstart**.
1. Copy the setup script, and run it in the Azure Cloud shell.
1. Return to the Datadog UI. You should see **CONNECTED** at the top right corner of the setup script.
1. Select the subscriptions and management groups to collect data from.
1. Optionally, click the metric collection toggle to disable all metric collection from Azure. You can also expand the **Advanced Configuration** dropdown to filter metrics by:
   - Resource provider
   - Tags
   - Hosts
   - App Service Plans
   - Container Apps

You can also click to enable custom metric collection from [Azure Application Insights](https://learn.microsoft.com/azure/azure-monitor/app/app-insights-overview), and disable the collection of usage metrics.

Optionally, click the resource collection toggle to disable the collection of configuration information from your Azure resources.

Enable log collection to set up and configure the services and diagnostic settings needed to forward logs to Datadog:

1. If a log forwarder already exists in the tenant, it is modified to extend its scope. Any changed settings apply to existing as well as newly-selected subscriptions or management groups.
1. If you're creating a new log forwarder:
   1. Enter a resource group name to store the log forwarder control plane
   1. Select a control plane subscription for the log-forwarding orchestration (LFO).
   1. Select a region for the control plane.**Note**: The resource group name, control plane subscription, and region fields only appear when creating a new log forwarder.
1. Optionally, open **Log filtering options** to filter logs by tags, or apply filtering for specific information (such as PII) using regex.

See the [Architecture section](https://docs.datadoghq.com/logs/guide/azure-automated-log-forwarding/#architecture) of the automated log forwarding guide for more information about this architecture.

Click **Confirm** to finish the setup.

{% /collapsible-section %}

{% collapsible-section #terraform-setup %}
#### Terraform

### Choose the Terraform setup method if…{% #choose-the-terraform-setup-method-if %}

- You manage infrastructure as code and want to keep the Datadog Azure integration under version control.
- You need to configure multiple tenants or subscriptions consistently with reusable provider blocks.
- You want a repeatable, auditable deployment process that fits into your Terraform-managed environment.

### Instructions{% #instructions-1 %}

Follow these steps to deploy the Datadog Azure integration through [Terraform](https://www.terraform.io).

{% tab title="Create an app registration" %}

1. In the [Azure integration tile](https://app.datadoghq.com/integrations/azure/), click **+ Add New App registration**, then select **Terraform**.

1. Select the subscriptions and management groups to collect data from.

1. Optionally, click the metric collection toggle to disable all metric collection from Azure. You can also expand the **Advanced Configuration** dropdown to filter metrics by:

   - Resource provider
   - Tags
   - Hosts
   - App Service Plans
   - Container Apps

You can also click to enable custom metric collection from [Azure Application Insights](https://learn.microsoft.com/azure/azure-monitor/app/app-insights-overview), and disable the collection of usage metrics.

1. Optionally, click the resource collection toggle to disable the collection of configuration information from your Azure resources.

1. Configure log collection:

   - If a log forwarder already exists in the tenant, extend its scope to include any new subscriptions or management groups.
   - If you're creating a new log forwarder:
     1. Enter a resource group name to store the log forwarder control plane.
     1. Select a control plane subscription for the log-forwarding orchestration (LFO).
     1. Select a region for the control plane.

See the [Architecture section](https://docs.datadoghq.com/logs/guide/azure-automated-log-forwarding/#architecture) of the automated log forwarding guide for more information about this architecture.

1. Copy and run the command under **Initialize and apply the Terraform**.

{% /tab %}

{% tab title="Use an existing app registration" %}

- You already have an app registration configured with the **Monitoring Reader** role for Datadog to monitor the provided scope (subscriptions or management groups), and don't want to create new resources.

1. Configure the [Datadog Terraform provider](https://registry.terraform.io/providers/DataDog/datadog/latest/docs) to interact with the Datadog API through a Terraform configuration.

1. Set up your Terraform configuration file using the example below as a base template. Ensure to update the following parameters before you apply the changes:

   - `tenant_name`: Your Azure Active Directory ID.
   - `client_id`: Your Azure application (client) ID.
   - `client_secret`: Your Azure web application secret key.

See the [Datadog Azure integration resource](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/integration_azure) page in the Terraform registry for further example usage and the full list of optional parameters, as well as additional Datadog resources.

```hcl
resource "datadog_integration_azure" "sandbox" {
  tenant_name   = "<AZURE_TENANT_NAME>"
  client_id     = "<AZURE_CLIENT_ID>"
  client_secret = "<AZURE_CLIENT_SECRET_KEY>"
}
```
Run `terraform apply`. Wait up to 10 minutes for data to start being collected, and then view the out-of-the-box Azure overview dashboard to see metrics sent by your Azure resources.
{% /tab %}

#### Managing multiple subscriptions or tenants{% #managing-multiple-subscriptions-or-tenants %}

You can use multiple provider blocks with aliases to manage Terraform resources across multiple subscriptions or tenants. Read [Provider Configuration](https://developer.hashicorp.com/terraform/language/providers/configuration) for more information.

### Monitor the integration status{% #monitor-the-integration-status %}

After the integration is configured, Datadog begins running a continuous series of calls to Azure APIs to collect critical monitoring data from your Azure environment. Sometimes these calls return errors (for example, if the provided credentials have expired). These errors can inhibit or block Datadog's ability to collect monitoring data.

When critical errors are encountered, the Azure integration generates events in the Datadog Events Explorer, and republishes them every five minutes. You can configure an Event Monitor to trigger when these events are detected and notify the appropriate team.

Datadog provides a monitor template to help you get started. To use the monitor template:

1. In Datadog, go to **Monitors** and click the **Browse Templates** button.
1. Search for and select the monitor template titled [[Azure] Integration Errors](https://app.datadoghq.com/monitors/templates?q=Azure%20%22integration%20errors%22&origination=all&p=1).
1. Make any desired modifications to the search query or alert conditions. By default, the monitor triggers whenever a new error is detected, and resolves when the error has not been detected for the past 15 minutes.
1. Update the notification and re-notification messages as desired. Note that the events themselves contain pertinent information about the event and are included in the notification automatically. This includes detailed information about the scope, error response, and common steps to remediate.
1. [Configure notifications](https://docs.datadoghq.com/monitors/notify/#configure-notifications-and-automations) through your preferred channels (email, Slack, PagerDuty, or others) to make sure your team is alerted about issues affecting Azure data collection.

{% /collapsible-section %}

{% collapsible-section #existing-app-registration-setup %}
#### Use an existing app registration

### Choose the existing app registration setup method if..{% #choose-the-existing-app-registration-setup-method-if %}

- You already have an app registration configured with the **Monitoring Reader** role for Datadog to monitor the provided scope (subscriptions or management groups), and don't want to create new resources.

If you need to set up an app registration for Datadog, see the Quickstart or Terraform setup methods.

### Instructions{% #instructions-2 %}

1. In the [Datadog Azure integration tile](https://app.datadoghq.com/integrations/azure), select **Add Existing**.
1. In the **Tenant ID** field, paste your Directory (tenant) ID.
1. In the **Client ID** field, paste the application (client) ID.
1. In the **Client Secret Value** field, paste the value of the app registration's client secret.
1. Optionally, click the **Monitor Automuting** toggle to disable monitor automuting.
1. Optionally, click the metric collection toggle to disable all metric collection from Azure. You can also expand the **Advanced Configuration** dropdown to filter metrics by:
   - Resource provider
   - Tags
   - Hosts
   - App Service Plans
   - Container Apps

You can also click to enable custom metric collection from [Azure Application Insights](https://learn.microsoft.com/azure/azure-monitor/app/app-insights-overview), and disable the collection of usage metrics.
Optionally, click the resource collection toggle to disable the collection of configuration information from your Azure resources.Click **Create Configuration**.
{% /collapsible-section %}

## Metric collection{% #metric-collection %}

Datadog's Azure integration is built to collect all metrics from [Azure Monitor](https://learn.microsoft.com/azure/azure-monitor/reference/supported-metrics/metrics-index). The [Integrations page](https://docs.datadoghq.com/integrations/#cat-azure) shows a curated list of predefined sub-integrations that provide additional out-of-the-box dashboards and monitors for specific Azure services. Many of these integrations are installed by default when Datadog recognizes data coming in from your Azure account. However, Datadog can ingest metrics from **any Azure Monitor-supported resource**, even if it doesn't have a dedicated sub-integration tile.

You can find your Azure metrics in the metrics summary page in the Datadog platform by navigating to `Metrics > Summary` and searching for `Azure`.

{% image
   source="https://datadog-docs.imgix.net/images/getting_started/integrations/azure/GSwAzure_metricExplorer.d88d4c7e4a9e94ad1cc2316b8e0bdc4c.png?auto=format"
   alt="Metric summary image" /%}

## Enable log collection{% #enable-log-collection %}

You can use the automated log forwarding feature to setup and configure the services and diagnostic settings needed to forward logs to Datadog. If an automated log forwarding control plane already exists in the tenant, this flow modifies it and extends its scope to include the selected subscriptions or management groups. For more detail, see [Azure Automated Log Forwarding Setup](https://docs.datadoghq.com/logs/guide/azure-automated-log-forwarding/).

Datadog recommends using the Agent or DaemonSet to send logs from Azure. If direct streaming isn't possible, you can use an Azure Resource Manager (ARM) template to [automate log forwarding setup](https://docs.datadoghq.com/logs/guide/azure-automated-log-forwarding/) across your Azure environment with no manual configuration. This feature automatically manages and scales log forwarding services.

{% collapsible-section #automated-log-forwarding-setup %}
#### Automated (recommended)

### Choose the automated log forwarding setup method if…{% #choose-the-automated-log-forwarding-setup-method-if %}

- You haven't already set up logs through the Quickstart setup method.
- You prefer a UI-based workflow and want to minimize the time it takes to create a service principal with the required monitoring permissions.
- You want to automate setup steps in scripts or CI/CD pipelines.

### Instructions{% #instructions-3 %}

1. Open the [Automated Log Forwarding ARM template](https://portal.azure.com/#create/Microsoft.Template/uri/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FDataDog%2Fintegrations-management%2Fmain%2Fazure%2Flogging_install%2Fdist%2Fazuredeploy.json/createUIDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FDataDog%2Fintegrations-management%2Fmain%2Fazure%2Flogging_install%2Fdist%2FcreateUiDefinition.json) in Azure.
1. Configure your Azure project and instance details on the [Basics tab](https://docs.datadoghq.com/logs/guide/azure-automated-log-forwarding/#basics).
1. Enter your Datadog credentials on the [Datadog Configuration tab](https://docs.datadoghq.com/logs/guide/azure-automated-log-forwarding/#datadog-configuration).
1. Acknowledge deployment warnings on the [Deployment tab](https://docs.datadoghq.com/logs/guide/azure-automated-log-forwarding/#deployment).
1. Start the deployment process on the [Review + create tab](https://docs.datadoghq.com/logs/guide/azure-automated-log-forwarding/#review--create).

{% callout %}
# Important note for users on the following Datadog sites: us3.datadoghq.com

{% alert level="danger" %}
[Log Archives](https://docs.datadoghq.com/logs/log_configuration/archives/?tab=azurestorage) require the app registration setup method. For Datadog accounts using the Azure Native integration, follow the steps on this page to create an app registration.
{% /alert %}

{% /callout %}

See [Azure Automated Log Forwarding Architecture](https://docs.datadoghq.com/logs/guide/azure-automated-log-forwarding/#architecture) for more details.
{% /collapsible-section %}

{% collapsible-section #container-app-log-forwarding-setup %}
#### Container App

### Choose the Container App log forwarding method if…{% #choose-the-container-app-log-forwarding-method-if %}

- You prefer to manually configure [diagnostic settings](https://learn.microsoft.com/azure/azure-monitor/platform/diagnostic-settings) on the resources you want to forward logs from.

## Instructions{% #instructions-4 %}

1. Click the button below, and fill in the form on the Azure Portal. Datadog automatically deploys the Azure resources required to forward logs into your Datadog account.

[](https://portal.azure.com/#create/Microsoft.Template/uri/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FDataDog%2Fintegrations-management%2Fmain%2Fazure%2Flogging_install%2Fdist%2Fforwarder.json)

1. After the template deployment finishes, set up [diagnostic settings](https://learn.microsoft.com/azure/azure-monitor/platform/diagnostic-settings) for each log source to send Azure platform logs (including resource logs) to the Storage Account created during deployment.

**Note**: Resources can only stream to a Storage Account in the same Azure region.
{% /collapsible-section %}

## Log archiving{% #log-archiving %}

Archiving logs to Azure Blob Storage requires an App Registration. If you haven't already, follow the [automatic](https://docs.datadoghq.com/logs/guide/azure-automated-log-forwarding) or [manual](https://docs.datadoghq.com/logs/guide/azure-manual-log-forwarding) setup instructions to configure the integration using an App Registration. App Registrations created for archiving purposes do not need the `Monitoring Reader` role.

After configuring an App Registration, [create a log archive](https://docs.datadoghq.com/logs/log_configuration/archives/?tab=azurestorage#configure-an-archive) that writes to Azure Blob Storage.

**Note**: If your storage bucket is in a subscription being monitored through the Azure Native integration, a redundancy warning appears in the Azure integration tile. This warning can be safely ignored for log archiving.

## Get more from the Datadog Platform{% #get-more-from-the-datadog-platform %}

### Install the Agent for greater visibility into your application{% #install-the-agent-for-greater-visibility-into-your-application %}

After you set up your Azure integration, Datadog crawlers automatically collect Azure metrics, but you can gain even deeper visibility into your Azure instances with the [Datadog Agent](https://docs.datadoghq.com/getting_started/agent/). Installing the Datadog Agent into your environment allows you to collect additional data including, but not limited to:

- **Application health**
- **Process utilization**
- **System-level metrics**

You can also use the built-in StatsD client to send custom metrics from your applications, to correlate what's happening with your applications, users, and system. See the guide on [*Why should I install the Datadog Agent on my cloud instances?*](https://docs.datadoghq.com/agent/guide/why-should-i-install-the-agent-on-my-cloud-instances/) for more information on the benefits of installing the Datadog Agent on your instances.

Use the Azure extension to install the Datadog Agent on Windows VMs, Linux x64 VMs, and Linux ARM-based VMs. You can also use the AKS Cluster Extension to deploy the Agent to your AKS Clusters.

{% tab title="VM Extension" %}

1. In the [Azure portal](https://portal.azure.com), select the appropriate VM.
1. From the left sidebar, under **Settings**, select **Extensions + applications**.
1. Click **+ Add**.
1. Search for and select the `Datadog Agent` extension.
1. Click **Next**.
1. Enter your [Datadog API key](https://app.datadoghq.com/organization-settings/api-keys) and [Datadog site](https://docs.datadoghq.com/getting_started/site/), and click **OK**.

To install the Agent based on operating system or CI and CD tool, see the [Datadog Agent installation instructions](https://app.datadoghq.com/account/settings/agent/latest).

**Note**: Domain controllers are not supported when installing the Datadog Agent with the Azure extension.
{% /tab %}

{% tab title="AKS Cluster Extension" %}
The Datadog AKS Cluster Extension allows you to deploy the Datadog Agent natively within Azure AKS, avoiding the complexity of third-party management tools. To install the Datadog Agent with the AKS Cluster Extension:

1. Go to your AKS cluster in the Azure portal.
1. From the left sidebar of the AKS cluster, select **Extensions + applications** under **Settings**.
1. Search for and select the `Datadog AKS Cluster Extension`.
1. Click **Create**, and follow the instructions in the tile using your [Datadog credentials](https://docs.datadoghq.com/account_management/api-app-keys/) and [Datadog site](https://docs.datadoghq.com/getting_started/site/).

{% /tab %}

## Troubleshooting{% #troubleshooting %}

See [Troubleshooting](https://docs.datadoghq.com/integrations/guide/azure-advanced-configuration/#azure-integration-troubleshooting) in the Azure Advanced Configuration guide.

Still need help? Contact [Datadog support](https://docs.datadoghq.com/help/).

## Further Reading{% #further-reading %}

- [Accelerate your Azure integration setup with guided onboarding](https://www.datadoghq.com/blog/azure-integration-onboarding/)
- [Microsoft Azure integration](https://docs.datadoghq.com/integrations/azure/#overview)
- [Why should I install the Datadog Agent on my cloud instances?](https://docs.datadoghq.com/agent/guide/why-should-i-install-the-agent-on-my-cloud-instances/)