The Coralogix **Azure Infrastructure Explorer** integration connects your Azure subscriptions to Coralogix and periodically collects resource metadata for Azure **Virtual Machines** and **Virtual Machine Scale Set VMs**. The collected metadata enriches logs, traces, and dashboards with cloud context so you can correlate telemetry against the resources it came from. ## Overview Azure Infrastructure Explorer authenticates as an Azure **service principal** with the **Reader** role on each subscription you want to scan, then calls the Azure Resource Manager **Compute** API on a configurable schedule. For every Virtual Machine and every Virtual Machine Scale Set instance found, the integration sends a metadata record to Coralogix that includes the raw Azure resource description plus standard cloud attributes (`cloud.provider`, `cloud.account.id`, `cloud.account.name`). The default poll interval is `10` minutes, which is also the minimum allowed value. ### Supported resources The integration currently collects metadata for the following Azure resource types: - Virtual Machines (`Microsoft.Compute/virtualMachines`) - Virtual Machine Scale Set VMs (`Microsoft.Compute/virtualMachineScaleSets/virtualMachines`) Other Azure resource types, such as Storage accounts, Key Vault, AKS, and Networking, are not collected by Azure Infrastructure Explorer. Use [Azure Activity Logs](https://coralogix.com/docs/integrations/azure/azure-activity-logs/index.md), [Azure Resource Logs](https://coralogix.com/docs/integrations/azure/azure-resource-logs/index.md), or [Azure Metrics](https://coralogix.com/docs/integrations/azure/azure-metrics/index.md) for those signals. ### Authentication methods The integration supports two authentication methods: - **Client Credentials**: you create an Azure app registration in your tenant and provide its client credentials to Coralogix. - **Multi-Tenant App**: you authorize the application provided by Coralogix to access your Azure tenant. This method does not require static credentials. | Topic | Client Credentials | Multi-Tenant App | | ------------------------------- | ------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------- | | What you create in Azure | An app registration in your tenant | No customer-managed app registration is required | | `Tenant ID` value in Coralogix | Azure **Directory (tenant) ID** from **Microsoft Entra ID**, then **Overview** | Azure **Directory (tenant) ID** from **Microsoft Entra ID**, then **Overview** | | `Client ID` and `Client Secret` | Required | Not required | | Who completes authorization | A user who can create and configure the app registration and assign subscription IAM roles | A user who can grant tenant consent in Entra and assign subscription IAM roles | | Which identity gets `Reader` | The service principal for your Azure app registration | The Coralogix enterprise application or service principal created after authorization | ## Prerequisites - An Azure subscription where you have permission to assign the **Reader** role at the subscription scope, such as **Owner**, **User Access Administrator**, or an equivalent role with `Microsoft.Authorization/roleAssignments/write`. - For the **Client Credentials** flow: permission to create an app registration and a client secret in **Microsoft Entra ID**. - For the **Multi-Tenant App** flow: permission to grant tenant consent to a multi-tenant Microsoft Entra application, such as **Cloud Application Administrator** or **Application Administrator**. - A Coralogix user with the **Integrations - Deploy** permission. ## Select an authentication flow Pick the setup path that matches your Azure authentication model: - [Client Credentials](#client-credentials-only): create an app registration in your Azure tenant and provide its client credentials to Coralogix. - [Multi-Tenant App](#multi-tenant-app-only): authorize the Coralogix application in your Azure tenant without creating your own app registration. ## Azure Infrastructure Explorer integration deployment **STEP 1.** Access **Data Flow**, then **Integrations**. **STEP 2.** From the **Integrations** section, select **Azure Infrastructure Explorer**. **STEP 3.** Select **ADD NEW**. **STEP 4.** Pick the authentication flow: **CLIENT CREDENTIALS** or **MULTI-TENANT APP**. Use the flow-specific step that applies to you: - If you chose **Client Credentials**, complete [Step 5](#client-credentials-only). - If you chose **Multi-Tenant App**, skip to [Step 6](#common-settings). ### Client Credentials only **STEP 5.** If you chose **Client Credentials** and do not already have an Azure app registration for this integration, select **GO TO AZURE PORTAL** and complete the following steps: - **STEP 5.1.** Go to **App registrations**. - **STEP 5.2.** Select **New registration**, enter a name, select **Accounts in this organizational directory only (Single tenant)**, and select **Register**. - **STEP 5.3.** Open the new registration and copy: - the **Directory (tenant) ID** from **Overview** - the **Application (client) ID** from **Overview** - **STEP 5.4.** Go to **Certificates & secrets**, then **Client secrets**, select **New client secret**, fill in **Description** and an expiration period, select **Add**, and copy the generated secret value immediately. The value is shown only once. If you want to scan more than one subscription, you do not need multiple app registrations. Reuse the same application and assign it the **Reader** role in each subscription separately. ### Common settings **STEP 6.** Return to the Coralogix Azure Infrastructure Explorer integration tab and define your **Settings**: - **Integration Name**: a name for your integration (auto-filled with the default name). - **Tenant ID**: enter the Azure **Directory (tenant) ID** from **Microsoft Entra ID**, then **Overview**. - **Subscription IDs**: enter one or more Azure Subscription IDs to scan. At least one subscription is required. The integration identity must have the **Reader** role on every subscription you list. - **Client ID**: - **Client Credentials**: enter the **Application (client) ID** from the Azure app registration. - **Multi-Tenant App**: leave this blank. - **Client Secret**: - **Client Credentials**: enter the client secret value from **Certificates & secrets**. - **Multi-Tenant App**: leave this blank. - **Poll Interval (Minutes)**: how often the integration scans your subscriptions. The default and minimum value is `10`. - **Scan Virtual Machines**: when enabled, the integration collects metadata for standalone Azure Virtual Machines. - **Scan Virtual Machines Scale Sets**: when enabled, the integration collects metadata for VM instances inside Virtual Machine Scale Sets. **STEP 7.** Select **NEXT**. ### Multi-Tenant App only **STEP 8.** If you chose **Multi-Tenant App**, select **Authorize** in Coralogix. Review the Microsoft authorization screen and select **Accept**. Note The **Authorize** action starts in Coralogix, not in Azure. A successful authorization creates or provisions the Coralogix enterprise application or service principal in your tenant. ### Assign Reader **STEP 9.** Assign the **Reader** role to the correct service principal: - **Client Credentials**: the service principal associated with your Azure app registration. - **Multi-Tenant App**: the Coralogix enterprise application or service principal created after **Authorize**. Repeat the following steps for every subscription listed in **Subscription IDs**. - **STEP 9.1.** Log in to the Azure Portal and select the subscription. - **STEP 9.2.** Select **Access Control (IAM)** from the left menu. - **STEP 9.3.** Select **+ Add**, then **Add role assignment** at the top of the Access Control panel. - **STEP 9.4.** In the Add role assignment panel, search for **Reader** and select it. - **STEP 9.5.** Under **Members**, select **User, group, or service principal**, then select **+ Select members**. - **STEP 9.6.** Search for the correct target for your flow: - **Client Credentials**: the service principal that belongs to your Azure app registration. - **Multi-Tenant App**: the Coralogix enterprise application or service principal created after **Authorize**. After review and assignment, the selected service principal appears with **Reader** permissions under the **Role assignments** tab. **STEP 10.** Select **Complete**. ## Verify the setup - In **Microsoft Entra ID**, then **Enterprise applications**, confirm that the Coralogix enterprise application exists after a successful **Multi-Tenant App** authorization. - In each subscription you listed in **Subscription IDs**, open **Access Control (IAM)** and confirm the correct service principal has the **Reader** role. - On the Coralogix **Integrations** page, confirm the integration shows **Active** within one poll interval (default `10` minutes). - In Coralogix, run a query against your metadata to confirm records are arriving with `cloud.provider="azure"`. ## Parameters and descriptions | Parameter | Description | Default | Required | | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | ----------- | | **Integration Name** | Display name shown in the integrations list. | `Azure Infrastructure Explorer` | Yes | | **Tenant ID** | The Azure **Directory (tenant) ID** that contains the app registration or that has consented to the Coralogix multi-tenant app. | | Yes | | **Client ID** | The **Application (client) ID** of the app registration. **Client Credentials** flow only. | | Conditional | | **Client Secret** | The client secret value from **Certificates & secrets**. **Client Credentials** flow only. | | Conditional | | **Subscription IDs** | One or more Azure Subscription IDs to scan. At least one subscription is required. | | Yes | | **Poll Interval (Minutes)** | How often the integration scans your subscriptions. Minimum `10`. | `10` | No | | **Scan Virtual Machines** | When enabled, the integration collects metadata for Azure Virtual Machines. | `true` | Yes | | **Scan Virtual Machines Scale Sets** | When enabled, the integration collects metadata for VM instances inside Virtual Machine Scale Sets. | `true` | Yes | ## What gets collected For every scanned resource, the integration sends a metadata record to Coralogix with the following attributes: - `cloud.provider`: always `azure` - `cloud.account.id`: the Azure Subscription ID that owns the resource - `cloud.account.name`: the subscription display name, when available - `cx.entity.interval`: the configured poll interval, in seconds - `azure.virtual_machine.raw_description`: the full Azure resource JSON for Virtual Machines - `azure.virtual_machine_scale_set_vm.raw_description`: the full Azure resource JSON for Virtual Machine Scale Set instances ## Limitations - Only Azure Virtual Machines and Virtual Machine Scale Set VMs are collected. Other Azure resource types are not supported by this integration. - Subscriptions must be listed explicitly. Tenant-wide auto-discovery of subscriptions is not yet supported. - The minimum poll interval is `10` minutes. Lower values are rejected. - The integration is gated by a feature flag during early rollout. If **Azure Infrastructure Explorer** does not appear in your **Integrations** catalog, contact Coralogix Support. ## Related resources - [AWS Infrastructure Explorer integration](https://coralogix.com/docs/integrations/aws/aws-infrastructure-explorer/index.md) - [Infrastructure Explorer overview](https://coralogix.com/docs/user-guides/infrastructure/infrastructure-explorer/overview/index.md) - [Getting started with host monitoring](https://coralogix.com/docs/user-guides/infrastructure/infrastructure-explorer/getting-started-host-monitoring/index.md) - [Explore infra resources](https://coralogix.com/docs/user-guides/infrastructure/infrastructure-explorer/explore-infra/index.md) - [Ownership](https://coralogix.com/docs/user-guides/infrastructure/infrastructure-explorer/ownership/index.md) ## Support **Need help?** Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up. Feel free to contact us **via our in-app chat** or by emailing [support@coralogix.com](mailto:support@coralogix.com).