# Microsoft Azure

This guide will help you connect Weavestream to your Azure subscription to monitor backups, virtual machines, and Azure AD Domain Services.

Weavestream can monitor the following Azure resources:

• 🔄 Backup Jobs - Track backup success/failure across Recovery Services Vaults
• 💻 Virtual Machines - Monitor VM status, power state, and health
• 🔐 Azure AD Domain Services - Track domain service health and alerts
• 📊 Resource Health - Overall health status of your Azure resources
• 📋 Activity Logs - Recent changes and operations in your subscription

Estimated Setup Time: 15-20 minutes

• Azure subscription with Owner or Contributor access
• Resources you want to monitor (VMs, Backup Vaults, etc.)
• Weavestream installed on your Mac

This creates credentials that allow Weavestream to securely access your Azure data.

1. Go to https://portal.azure.com
2. Sign in with your Azure account

1. In the search bar at the top, type "App registrations"
2. Click "App registrations" in the results
3. Click "+ New registration"
4. Fill in the registration form:
   • Name: Weavestream-Monitor (or any name you prefer)
   • Supported account types: Select "Accounts in this organizational directory only"
   • Redirect URI: Leave blank
5. Click "Register"

After registration, you'll see the app overview page. Copy and save these values - you'll need them later:

📋 Application (client) ID

• Example: 12345678-1234-1234-1234-123456789abc
• Location: Visible on the Overview page

📋 Directory (tenant) ID

• Example: 87654321-4321-4321-4321-cba987654321
• Location: Visible on the Overview page

📋 Subscription ID

• Click on "Subscriptions" in the search bar
• Copy your subscription ID
• Example: abcdef01-2345-6789-abcd-ef0123456789

1. In the left sidebar, click "Certificates & secrets"
2. Click "+ New client secret"
3. Fill in:
   • Description: Weavestream Access
   • Expires: Recommended: 24 months
4. Click "Add"
5. ⚠️ IMPORTANT: Immediately copy the secret Value (not the Secret ID)
   • It looks like: abc123~XyZ456-RandomLongString
   • You cannot view this again! If you lose it, you'll need to create a new one.

Give Weavestream permission to read your Azure resources.

1. In Azure Portal search bar, type "Subscriptions"
2. Click on your subscription name

1. In the left sidebar, click "Access control (IAM)"
2. Click "+ Add" → "Add role assignment"

On the Role tab:

1. In the search box, type "Reader"
2. Select the "Reader" role (gives read-only access)
3. Click "Next"

On the Members tab:

1. Assign access to: Select "User, group, or service principal"
2. Click "+ Select members"
3. Search for "Weavestream-Monitor" (or whatever you named your app)
4. Click on it to select it
5. Click "Select" button at the bottom
6. Click "Review + assign"
7. Click "Review + assign" again to confirm

✅ Your app now has read-only access to your Azure subscription!

You'll need to know what you want to monitor.

1. Search for "Subscriptions" in Azure Portal
2. Click on your subscription
3. Copy the Subscription ID from the overview page

1. Search for "Resource groups" in Azure Portal
2. Note the names of resource groups containing resources you want to monitor
3. Example: production-rg, backups-rg, etc.

If monitoring backups:

1. Search for "Recovery Services vaults" in Azure Portal
2. Note the vault names
3. Note which resource group each vault is in

If monitoring VMs:

1. Search for "Virtual machines" in Azure Portal
2. Note the VM names you want to monitor
3. Note which resource group each VM is in

If monitoring Azure AD DS:

1. Search for "Azure AD Domain Services" in Azure Portal
2. Note the domain name (e.g., contoso.com)
3. Note the resource group

Now let's add Azure to Weavestream!

1. Open Weavestream
2. In the sidebar, click the "+" button
3. Select "Add Source"
4. Fill in the source details:
   • Name: Azure
   • Base URL: https://management.azure.com
   • Auth Type: Select OAuth or Custom (depending on your Weavestream version)
   • Icon: Choose the cloud or server.rack icon
   • Color: Choose blue (#007AFF) or your preference

5. Credentials: You'll need to store your Azure credentials. The exact method depends on your Weavestream version:

   If you have OAuth fields:

   • Tenant ID: Paste your Directory (tenant) ID
   • Client ID: Paste your Application (client) ID
   • Client Secret: Paste your client secret value

   If using API Key field:

   • You may need to get an access token first (see troubleshooting section)
6. Click "Add" or "Save"

Now add specific endpoints to monitor different Azure resources.

Monitor backup success/failure across your vaults.

Configuration:

• Name: Backup Jobs
• Path: /subscriptions/{YOUR_SUBSCRIPTION_ID}/resourceGroups/{YOUR_RESOURCE_GROUP}/providers/Microsoft.RecoveryServices/vaults/{YOUR_VAULT_NAME}/backupJobs

Replace:

• {YOUR_SUBSCRIPTION_ID} with your actual subscription ID
• {YOUR_RESOURCE_GROUP} with the resource group containing your vault
• {YOUR_VAULT_NAME} with your vault name

Query Parameters:

• api-version: 2023-01-01

Example Path:

/subscriptions/abc-123/resourceGroups/backups-rg/providers/Microsoft.RecoveryServices/vaults/ProductionVault/backupJobs

Field Mapping:

• ID Field: id
• Title Field: properties.jobType
• Date Field: properties.startTime
• Summary Fields: properties.entityFriendlyName, properties.operation
• Status Field: properties.status
  • Map Completed → ok
  • Map Failed → critical
  • Map InProgress → info

Monitor all VMs in your subscription.

Configuration:

• Name: Virtual Machines
• Path: /subscriptions/{YOUR_SUBSCRIPTION_ID}/providers/Microsoft.Compute/virtualMachines

Replace:

• {YOUR_SUBSCRIPTION_ID} with your actual subscription ID

Query Parameters:

• api-version: 2023-03-01
• $expand: instanceView (this adds power state information)

Example Path:

/subscriptions/abc-123/providers/Microsoft.Compute/virtualMachines

Field Mapping:

• ID Field: id
• Title Field: name
• Date Field: Use current sync time
• Summary Fields: properties.hardwareProfile.vmSize, location, properties.provisioningState
• Status Field: properties.instanceView.statuses[0].code
  • Map PowerState/running → ok
  • Map PowerState/stopped → warning
  • Map PowerState/deallocated → info

Note: To monitor VMs in a specific resource group instead of all VMs:

/subscriptions/{YOUR_SUBSCRIPTION_ID}/resourceGroups/{YOUR_RESOURCE_GROUP}/providers/Microsoft.Compute/virtualMachines

Monitor Azure AD Domain Services health.

Configuration:

• Name: Azure AD Domain Services
• Path: /subscriptions/{YOUR_SUBSCRIPTION_ID}/providers/Microsoft.AAD/domainServices

Replace:

• {YOUR_SUBSCRIPTION_ID} with your actual subscription ID

Query Parameters:

• api-version: 2021-05-01

Example Path:

/subscriptions/abc-123/providers/Microsoft.AAD/domainServices

Field Mapping:

• ID Field: id
• Title Field: properties.domainName
• Date Field: Use current sync time
• Summary Fields: location, properties.syncScope, properties.ldapsSettings.ldaps
• Status Field: properties.provisioningState
  • Map Succeeded → ok
  • Map Failed → critical
  • Map Updating → warning

Get overall health status of all your Azure resources.

Configuration:

• Name: Resource Health
• Path: /subscriptions/{YOUR_SUBSCRIPTION_ID}/providers/Microsoft.ResourceHealth/availabilityStatuses

Query Parameters:

• api-version: 2022-10-01

Field Mapping:

• ID Field: id
• Title Field: name
• Date Field: properties.occurredTime
• Summary Fields: properties.summary, properties.reasonType
• Status Field: properties.availabilityState
  • Map Available → ok
  • Map Unavailable → critical
  • Map Degraded → warning
  • Map Unknown → unknown

Monitor recent changes and operations in your subscription.

Configuration:

• Name: Activity Log
• Path: /subscriptions/{YOUR_SUBSCRIPTION_ID}/providers/Microsoft.Insights/eventtypes/management/values

Query Parameters:

• api-version: 2015-04-01
• $filter: eventTimestamp ge '2024-01-01T00:00:00Z'

Note: Update the date filter to a recent date (e.g., last 7 days) for better performance.

Field Mapping:

• ID Field: id
• Title Field: operationName.localizedValue
• Date Field: eventTimestamp
• Summary Fields: caller, resourceGroupName, status.localizedValue
• Status Field: status.value
  • Map Succeeded → ok
  • Map Failed → critical
  • Map Started → info

1. Click on each endpoint you created
2. Click "Sync Now" or wait for automatic sync
3. Verify that items appear in the list
4. Check that field mappings are working correctly

Make it easy to find important information with Smart Filters.

1. Under Azure source, click "+" → "New Filter"
2. Name: Failed Backups - Last 7 Days
3. Select Endpoint: Backup Jobs
4. Add Conditions:
   • Field: properties.status
   • Operator: equals
   • Value: Failed
   • AND
   • Field: properties.startTime
   • Operator: in last
   • Value: 7 days
5. Logic: Match ALL conditions (AND)
6. Save

1. Create new filter
2. Name: Stopped Virtual Machines
3. Select Endpoint: Virtual Machines
4. Add Condition:
   • Field: properties.instanceView.statuses[0].code
   • Operator: contains
   • Value: stopped
5. Save

1. Create new filter
2. Name: Critical Issues
3. Select Endpoints: All Azure endpoints
4. Add Condition:
   • Field: status (your mapped status field)
   • Operator: is
   • Value: critical
5. Save

Ask questions about your Azure environment!

About Backups:

• "Show me all failed backups from last week"
• "Which backup jobs took the longest?"
• "Are there any backup failures I should worry about?"

About VMs:

• "How many VMs are currently running?"
• "Which VMs are stopped?"
• "Show me VMs that need attention"

About Overall Health:

• "What critical issues do I have in Azure?"
• "Summarize my Azure environment health"
• "What changed in the last 24 hours?"

Solution:

1. Verify your Client ID, Tenant ID, and Client Secret are correct
2. Make sure you copied the secret Value, not the Secret ID
3. Check that the secret hasn't expired
4. Verify the app registration has Reader role on your subscription

Solution: Make sure you added the api-version query parameter to each endpoint as specified in the configuration.

Solution:

1. Verify the resource exists in your subscription (e.g., you have Azure AD DS deployed)
2. Check that you're using the correct subscription ID
3. Verify the path is typed correctly with no typos

Solution:

1. Check that the service principal has Reader permissions
2. Verify you're using the correct resource group and resource names
3. Try the "All VMs" endpoint first (doesn't require resource group)
4. Check Azure Portal to confirm the resources exist

Solution: OAuth tokens expire after 1 hour. Weavestream should automatically refresh them. If not:

1. Try removing and re-adding the Azure source
2. Verify the client secret is still valid (not expired)
3. Check that the app registration still has permissions

Solution:

1. Click on an item and view the "Raw JSON" to see the actual structure
2. Adjust your field paths to match the actual JSON structure
3. Remember to use dot notation for nested fields (e.g., properties.status)

If you need to manually get an access token for testing:

Using PowerShell:

$tenantId = "YOUR_TENANT_ID"
$clientId = "YOUR_CLIENT_ID"
$clientSecret = "YOUR_CLIENT_SECRET"

$tokenUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$body = @{
    client_id     = $clientId
    scope         = "https://management.azure.com/.default"
    client_secret = $clientSecret
    grant_type    = "client_credentials"
}

$response = Invoke-RestMethod -Method Post -Uri $tokenUrl -Body $body
$token = $response.access_token

Write-Host "Token: $token"

Using curl (macOS/Linux):

curl -X POST \
  "https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/token" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=https://management.azure.com/.default" \
  -d "grant_type=client_credentials"

The token is valid for 1 hour and can be used in the Authorization header:

Authorization: Bearer YOUR_TOKEN

• Use the Reader role (read-only access)
• Set client secret expiration to 24 months maximum
• Rotate secrets regularly
• Store credentials securely (Weavestream uses macOS Keychain)
• Limit access to only subscriptions that need monitoring

• Use Owner or Contributor roles (too much access)
• Set secrets to never expire
• Share your client secret with anyone
• Use the same app registration for multiple purposes
• Store secrets in plain text anywhere

• App Registrations: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app
• Service Principals: https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals
• Azure REST API: https://learn.microsoft.com/en-us/rest/api/azure/

• Adding Sources: [link to your docs]
• Creating Filters: [link to your docs]
• AI Analysis: [link to your docs]

If you run into issues:

1. Check the Troubleshooting section above
2. Verify your setup in Azure Portal
3. Test API calls manually using PowerShell or curl
4. Contact Weavestream support with:
   • Screenshots of your configuration (hide sensitive IDs)
   • Error messages you're seeing
   • Which endpoint is failing

Before you finish, verify:

• ✅ App registration created in Azure
• ✅ Client secret created and saved securely
• ✅ Reader role assigned to your subscription
• ✅ Azure source added to Weavestream
• ✅ At least one endpoint configured and syncing
• ✅ Field mappings working correctly
• ✅ Smart filters created for common scenarios
• ✅ Tested AI questions on your Azure data

You're all set! Weavestream is now monitoring your Azure environment. 🎉

Last updated: February 2026