Azure Infrastructure Explorer
The Coralogix Azure Infrastructure Explorer integration connects your Azure subscriptions to Coralogix and periodically collects resource metadata for Azure Virtual Machines and Virtual Machine Scale Set VMs. The collected metadata enriches logs, traces, and dashboards with cloud context so you can correlate telemetry against the resources it came from.
Overview
Azure Infrastructure Explorer authenticates as an Azure service principal with the Reader role on each subscription you want to scan, then calls the Azure Resource Manager Compute API on a configurable schedule. For every Virtual Machine and every Virtual Machine Scale Set instance found, the integration sends a metadata record to Coralogix that includes the raw Azure resource description plus standard cloud attributes (cloud.provider, cloud.account.id, cloud.account.name).
The default poll interval is 10 minutes, which is also the minimum allowed value.
Supported resources
The integration currently collects metadata for the following Azure resource types:
- Virtual Machines (
Microsoft.Compute/virtualMachines) - Virtual Machine Scale Set VMs (
Microsoft.Compute/virtualMachineScaleSets/virtualMachines)
Other Azure resource types, such as Storage accounts, Key Vault, AKS, and Networking, are not collected by Azure Infrastructure Explorer. Use Azure Activity Logs, Azure Resource Logs, or Azure Metrics for those signals.
Authentication methods
The integration supports two authentication methods:
- Client Credentials: you create an Azure app registration in your tenant and provide its client credentials to Coralogix.
- Multi-Tenant App: you authorize the application provided by Coralogix to access your Azure tenant. This method does not require static credentials.
| Topic | Client Credentials | Multi-Tenant App |
|---|---|---|
| What you create in Azure | An app registration in your tenant | No customer-managed app registration is required |
Tenant ID value in Coralogix | Azure Directory (tenant) ID from Microsoft Entra ID, then Overview | Azure Directory (tenant) ID from Microsoft Entra ID, then Overview |
Client ID and Client Secret | Required | Not required |
| Who completes authorization | A user who can create and configure the app registration and assign subscription IAM roles | A user who can grant tenant consent in Entra and assign subscription IAM roles |
Which identity gets Reader | The service principal for your Azure app registration | The Coralogix enterprise application or service principal created after authorization |
Prerequisites
- An Azure subscription where you have permission to assign the Reader role at the subscription scope, such as Owner, User Access Administrator, or an equivalent role with
Microsoft.Authorization/roleAssignments/write. - For the Client Credentials flow: permission to create an app registration and a client secret in Microsoft Entra ID.
- For the Multi-Tenant App flow: permission to grant tenant consent to a multi-tenant Microsoft Entra application, such as Cloud Application Administrator or Application Administrator.
- A Coralogix user with the Integrations - Deploy permission.
Select an authentication flow
Pick the setup path that matches your Azure authentication model:
- Client Credentials: create an app registration in your Azure tenant and provide its client credentials to Coralogix.
- Multi-Tenant App: authorize the Coralogix application in your Azure tenant without creating your own app registration.
Azure Infrastructure Explorer integration deployment
STEP 1. Access Data Flow, then Integrations.
STEP 2. From the Integrations section, select Azure Infrastructure Explorer.
STEP 3. Select ADD NEW.
STEP 4. Pick the authentication flow: CLIENT CREDENTIALS or MULTI-TENANT APP.
Use the flow-specific step that applies to you:
Client Credentials only
STEP 5. If you chose Client Credentials and do not already have an Azure app registration for this integration, select GO TO AZURE PORTAL and complete the following steps:
STEP 5.1. Go to App registrations.
STEP 5.2. Select New registration, enter a name, select Accounts in this organizational directory only (Single tenant), and select Register.
STEP 5.3. Open the new registration and copy:
- the Directory (tenant) ID from Overview
- the Application (client) ID from Overview
STEP 5.4. Go to Certificates & secrets, then Client secrets, select New client secret, fill in Description and an expiration period, select Add, and copy the generated secret value immediately. The value is shown only once.
If you want to scan more than one subscription, you do not need multiple app registrations. Reuse the same application and assign it the Reader role in each subscription separately.
Common settings
STEP 6. Return to the Coralogix Azure Infrastructure Explorer integration tab and define your Settings:
Integration Name: a name for your integration (auto-filled with the default name).
Tenant ID: enter the Azure Directory (tenant) ID from Microsoft Entra ID, then Overview.
Subscription IDs: enter one or more Azure Subscription IDs to scan. At least one subscription is required. The integration identity must have the Reader role on every subscription you list.
Client ID:
- Client Credentials: enter the Application (client) ID from the Azure app registration.
- Multi-Tenant App: leave this blank.
Client Secret:
- Client Credentials: enter the client secret value from Certificates & secrets.
- Multi-Tenant App: leave this blank.
Poll Interval (Minutes): how often the integration scans your subscriptions. The default and minimum value is
10.Scan Virtual Machines: when enabled, the integration collects metadata for standalone Azure Virtual Machines.
Scan Virtual Machines Scale Sets: when enabled, the integration collects metadata for VM instances inside Virtual Machine Scale Sets.
STEP 7. Select NEXT.
Multi-Tenant App only
STEP 8. If you chose Multi-Tenant App, select Authorize in Coralogix. Review the Microsoft authorization screen and select Accept.
Note
The Authorize action starts in Coralogix, not in Azure. A successful authorization creates or provisions the Coralogix enterprise application or service principal in your tenant.
Assign Reader
STEP 9. Assign the Reader role to the correct service principal:
- Client Credentials: the service principal associated with your Azure app registration.
- Multi-Tenant App: the Coralogix enterprise application or service principal created after Authorize.
Repeat the following steps for every subscription listed in Subscription IDs.
STEP 9.1. Log in to the Azure Portal and select the subscription.
STEP 9.2. Select Access Control (IAM) from the left menu.
STEP 9.3. Select + Add, then Add role assignment at the top of the Access Control panel.
STEP 9.4. In the Add role assignment panel, search for Reader and select it.
STEP 9.5. Under Members, select User, group, or service principal, then select + Select members.
STEP 9.6. Search for the correct target for your flow:
- Client Credentials: the service principal that belongs to your Azure app registration.
- Multi-Tenant App: the Coralogix enterprise application or service principal created after Authorize.
After review and assignment, the selected service principal appears with Reader permissions under the Role assignments tab.
STEP 10. Select Complete.
Verify the setup
- In Microsoft Entra ID, then Enterprise applications, confirm that the Coralogix enterprise application exists after a successful Multi-Tenant App authorization.
- In each subscription you listed in Subscription IDs, open Access Control (IAM) and confirm the correct service principal has the Reader role.
- On the Coralogix Integrations page, confirm the integration shows Active within one poll interval (default
10minutes). - In Coralogix, run a query against your metadata to confirm records are arriving with
cloud.provider="azure".
Parameters and descriptions
| Parameter | Description | Default | Required |
|---|---|---|---|
| Integration Name | Display name shown in the integrations list. | Azure Infrastructure Explorer | Yes |
| Tenant ID | The Azure Directory (tenant) ID that contains the app registration or that has consented to the Coralogix multi-tenant app. | Yes | |
| Client ID | The Application (client) ID of the app registration. Client Credentials flow only. | Conditional | |
| Client Secret | The client secret value from Certificates & secrets. Client Credentials flow only. | Conditional | |
| Subscription IDs | One or more Azure Subscription IDs to scan. At least one subscription is required. | Yes | |
| Poll Interval (Minutes) | How often the integration scans your subscriptions. Minimum 10. | 10 | No |
| Scan Virtual Machines | When enabled, the integration collects metadata for Azure Virtual Machines. | true | Yes |
| Scan Virtual Machines Scale Sets | When enabled, the integration collects metadata for VM instances inside Virtual Machine Scale Sets. | true | Yes |
What gets collected
For every scanned resource, the integration sends a metadata record to Coralogix with the following attributes:
cloud.provider: alwaysazurecloud.account.id: the Azure Subscription ID that owns the resourcecloud.account.name: the subscription display name, when availablecx.entity.interval: the configured poll interval, in secondsazure.virtual_machine.raw_description: the full Azure resource JSON for Virtual Machinesazure.virtual_machine_scale_set_vm.raw_description: the full Azure resource JSON for Virtual Machine Scale Set instances
Limitations
- Only Azure Virtual Machines and Virtual Machine Scale Set VMs are collected. Other Azure resource types are not supported by this integration.
- Subscriptions must be listed explicitly. Tenant-wide auto-discovery of subscriptions is not yet supported.
- The minimum poll interval is
10minutes. Lower values are rejected. - The integration is gated by a feature flag during early rollout. If Azure Infrastructure Explorer does not appear in your Integrations catalog, contact Coralogix Support.
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to contact us via our in-app chat or by emailing [email protected].