Get in touch with us!

Try Azure Operational Insights for free

We are moving to an era with fewer people managing more servers. With Azure Operational Insights we are able to collect and search data from multiple servers for analysis. When the data is collected by an agent, we can either use intelligence pack provided by Microsoft or other 3rd party provider or we can collect our custom event log data to provide insights and visualize on a dashboard. From both Windows and Linux systems.

In this post I will explain how to setup your first workspace and connect your first server. I will use the Azure VM extension. It is also possible to install the agent with an MSI if you are using any on-prem servers or if you already have SCOM implemented you can use the SCOM agent to collect data.


  • Azure subscription
  • Azure ARM cmdlets
  • Virtual machine in Azure (Optional)


Let’s start!

First we need to create our “Workspace”. This is the Operational Insights object, we can have multiple workspaces for different departments or systems if we like to.

We can only deploy to West Europe or East US.

$ResourceGroupName = 'slask'

$Name = 'altitude365'

New-AzureRmOperationalInsightsWorkspace -ResourceGroupName $ResourceGroupName -Name $Name -Location "West Europe" -Sku free


When our workspace is created we can get the URL to our workspace. (Yes, you can also google “operational insights” and look for a sign in page.)

Get-AzureRmOperationalInsightsWorkspace -ResourceGroupName $ResourceGroupName -Name $Name | select PortalUrl

The first thing we want to do in the portal is enable an intelligence pack. Go ahead and click on Solutions Gallery when you are signed in. It will take a while before the intelligence pack is activated.


In the Solutions Gallery we need to select something interesting. I will select “System Update Assessment”. You can select everyone if you feel like so. On the next page just click on add and it will start to load. More intelligence packs will be added over time. The AD and SQL packs are really great, if any missconfiguration is found you will be warrned and provided with best pracites infromation about how to fix the issue.



We are now ready to install our agent. In order to install the agent we will need the Workspace ID and Workspace Key. These can be found under settings in the Operational Insights portal or by using Powershell.

Workspace ID

Get-AzureRmOperationalInsightsWorkspace -ResourceGroupName $ResourceGroupName -Name $Name | select CustomerId

Workspace Key

Get-AzureRmOperationalInsightsWorkspaceSharedKeys -ResourceGroupName $ResourceGroupName -Name $Name 

Create two hash tables with our information.

$ProtectedSettings = @{'workspaceKey' = 'UrtISvJ0aRcUbHrPwVE5WbzJYdjusUGGGzyzbZFBGqPTg5/jODZFTmFZZ4RJQMOduZCyk6QeSFppeO4hsct6rQ==' }

$Settings = @{'workspaceId' = 'b90d4ffd-837c-4b66-b42c-bbe89f685279'}


Add the Operational Insights extension to a virtual machine.

$myvm = Get-AzureRmVM -ResourceGroupName $ResourceGroupName -Name myvm01

$myvm | Set-AzureRmVMExtension -ResourceGroupName $ResourceGroupName -VMName myvm01 -Name Altitude365-OperationalInsights -Publisher 'Microsoft.EnterpriseCloud.Monitoring' -ExtensionType 'MicrosoftMonitoringAgent' -TypeHandlerVersion '1.0' -Settings $Settings -ProtectedSettings $ProtectedSettings

$myvm | Update-AzureRmVM

Now we just have to wait. When the extension and the intelligent pack is ready we can get some information. For example myvm01 is not patched this month and is missing 7 updates, 5 of these are critical or security.


We do also get some example queries to run. You can also write your own.


Remember to try out the event log searches and customize your own dashboard. There is much more to explore in the Operational Management Suit.

Thank you for reading.

Submit a Comment

Your email address will not be published. Required fields are marked *