How to Enable VM Insights on an Azure Virtual Machine Using Bicep

To monitor your virtual machines in Azure, Application Insights gives you a solid way to collect telemetry data. In this post, I’ll show you how to enable VM Insights on an Azure Virtual Machine with a Bicep module I recently worked on.

The Goal

We aim to:

Enable diagnostics on an Azure VM.
Send logs and performance metrics to Application Insights.
Use a Bicep module to automate the setup.

The Solution: A Bicep Module

Below is the Bicep module I crafted to enable VM Insights:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
param name string
param location string
param storageAccountName string
param instanceName string

resource appInsights 'Microsoft.Insights/components@2020-02-02-preview' existing = {
  name: 'appi-${name}'
}

resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = {
  name: storageAccountName
}

resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-03-01' existing = {
  name: 'vm-${instanceName}-${name}'
}

resource extension 'Microsoft.Compute/virtualMachines/extensions@2018-10-01' = {
  location: location
  parent: virtualMachine
  name: 'IaaSDiagnostics'
  properties: {
    publisher: 'Microsoft.Azure.Diagnostics'
    type: 'IaaSDiagnostics'
    typeHandlerVersion: '1.5'
    autoUpgradeMinorVersion: true
    settings: {
      WadCfg: {
        DiagnosticMonitorConfiguration: {
          overallQuotaInMB: '4096'
          sinks: 'applicationInsights'
          Directories: {
            scheduledTransferPeriod: 'PT1M'
            sinks: 'applicationInsights'
            IISLogs: {
              containerName: 'iislogs'
            }
            FailedRequestLogs: {
              containerName: 'failedrequestlogs'
            }
          }
          PerformanceCounters: {
            scheduledTransferPeriod: 'PT1M'
            sinks: 'AzureMonitor'
            PerformanceCounterConfiguration: []
          }
          WindowsEventLog: {
            scheduledTransferPeriod: 'PT5M'
            sinks: 'applicationInsights'
            DataSource: [
              {
                name: 'Application!*[System[(Level <=3)]]'
              }
              {
                name: 'System!*[System[(Level <=3)]]'
              }
              {
                name: 'System!*[System[Provider[@Name=\'Microsoft Antimalware\']]]'
              }
              {
                name: 'Security!*[System[(Level <= 3)]'
              }
            ]
          }
          Logs: {
            sinks: 'applicationInsights'
            DataSource: [
              {
                name: 'Application!*'
              }
              {
                name: 'System!*'
              }
              {
                name: 'Security!*'
              }
            ]
          }
          Crashes: ''
          Syslog: ''
        }
        SinksConfig: {
          Sink: [
            {
              name: 'AzureMonitor'
              AzureMonitor: {}
            }
            {
              name: 'applicationInsights'
              ApplicationInsights: appInsights.properties.InstrumentationKey
            }
          ]
        }
      }
      StorageAccount: storageAccount.name
      StorageType: 'TableAndBlob'
    }
    protectedSettings: {
      storageAccountName: storageAccount.name
      storageAccountKey: storageAccount.listKeys().keys[0].value
    }
  }
}

Key Components

Application Insights

The appInsights resource is defined as an existing resource. Make sure to create an Application Insights instance before using this module.

Storage Account

Used for storing diagnostic logs and data. The storage account is also referenced as an existing resource.

Virtual Machine

The target VM must exist before deploying this module. The Bicep code references the VM as an existing resource.

VM Extension

The IaaSDiagnostics extension is the critical piece that connects the VM to Application Insights. It configures various settings, including performance counters, logs, and event logs.

How It Works

Diagnostics Configuration (WadCfg) Defines settings for logs, performance counters, and event logs that are collected from the VM.
Sinks Configuration Routes the collected telemetry data to both Azure Monitor and Application Insights.
Protected Settings Includes sensitive data such as the storage account key to securely connect to the storage account.

Conclusion

This Bicep module simplifies enabling VM Insights on Azure Virtual Machines, so you get detailed monitoring and diagnostics without manual setup. With telemetry routed to Application Insights, you can watch your VM’s health and performance in real time.

Do you have a different approach to enabling VM Insights? Let me know in the comments!

References: