Azure Integration
Connect your entire Azure environment to TigerOps in minutes. Monitor AKS, Azure Functions, Cosmos DB, App Service, Event Hubs, and 35+ services with AI-powered anomaly detection and autonomous remediation.
How It Works
Register an App in Entra ID
Register a TigerOps application in Microsoft Entra ID (formerly Azure AD) and create a client secret. This takes about 2 minutes in the Azure portal.
Assign the Monitoring Reader Role
Grant the TigerOps app the Monitoring Reader role at the subscription or resource group scope. Read-only access only — no write permissions needed.
Enter Credentials in TigerOps
Paste the Tenant ID, Client ID, and Client Secret into the TigerOps Azure integration panel. We immediately begin discovering subscriptions and resources.
Resources Auto-Discovered
TigerOps scans your subscriptions and begins collecting Azure Monitor metrics for all discovered resources — AKS, Functions, Cosmos DB, App Service, and more.
What You Get Out of the Box
AKS Cluster Monitoring
Full node, pod, namespace, and deployment-level telemetry for Azure Kubernetes Service clusters with automatic workload discovery.
Azure Functions Observability
Track function invocations, execution duration, failures, and cold starts with automatic correlation to downstream service dependencies.
Cosmos DB Performance
Request unit consumption, partition key hotspots, replication lag, and latency percentiles across all Cosmos DB APIs.
App Service & Container Apps
HTTP response times, CPU/memory utilization, autoscale events, and deployment-correlated performance for App Service and Container Apps.
Event Hubs & Service Bus
Consumer group lag, message throughput, throttling events, and dead-letter queue depth for Event Hubs and Service Bus namespaces.
Multi-Subscription View
Monitor all Azure subscriptions in a single TigerOps workspace with per-subscription filtering and cross-subscription incident correlation.
Azure CLI Setup
Register the TigerOps app and assign the Monitoring Reader role using the Azure CLI.
#!/bin/bash
# TigerOps Azure Integration Setup
# Prerequisites: az cli logged in, correct subscription selected
SUBSCRIPTION_ID=$(az account show --query id -o tsv)
APP_NAME="tigerops-monitoring"
# Create the app registration
APP=$(az ad app create --display-name "$APP_NAME" -o json)
APP_ID=$(echo $APP | jq -r '.appId')
# Create a service principal
az ad sp create --id $APP_ID
# Create a client secret (valid 2 years)
SECRET=$(az ad app credential reset \
--id $APP_ID \
--years 2 \
--query password -o tsv)
# Assign Monitoring Reader at subscription scope
az role assignment create \
--assignee $APP_ID \
--role "Monitoring Reader" \
--scope "/subscriptions/$SUBSCRIPTION_ID"
TENANT_ID=$(az account show --query tenantId -o tsv)
echo "=== TigerOps Azure Credentials ==="
echo "Tenant ID: $TENANT_ID"
echo "Client ID: $APP_ID"
echo "Client Secret: $SECRET"
echo "Subscription: $SUBSCRIPTION_ID"
echo ""
echo "Paste these values into TigerOps > Integrations > Azure"Common Questions
What Azure permissions does TigerOps require?
TigerOps requires the Monitoring Reader built-in role at the subscription or resource group level. This grants read-only access to Azure Monitor metrics and resource metadata. No write permissions are ever needed. We also optionally use the Reader role for resource discovery.
Does TigerOps support Azure Government or sovereign clouds?
Yes. TigerOps supports Azure Government (US Gov), Azure China 21Vianet, and other sovereign cloud endpoints. You can configure the Azure environment (AzurePublicCloud, AzureUSGovernmentCloud, etc.) during the integration setup.
How does TigerOps compare to Azure Monitor?
Azure Monitor is excellent for Azure-native metrics and alerts. TigerOps builds on top of it by ingesting Azure Monitor data alongside your application traces, logs from on-premises and other clouds, and custom metrics — giving the AI SRE a unified view to perform cross-service root cause analysis that Azure Monitor cannot do alone.
Can I monitor AKS without installing an agent?
For AKS cluster-level metrics (node utilization, pod counts, control plane health), TigerOps can pull data from the Azure Monitor API without an agent. For workload-level application traces and custom metrics, deploying the TigerOps DaemonSet or the OpenTelemetry collector is recommended.
Does TigerOps support Managed Identity for authentication?
Yes. If TigerOps is deployed within Azure (e.g., on an AKS node), you can use Managed Identity instead of a client secret for authentication — eliminating long-lived credentials entirely. Configuration details are in our Azure setup guide.
Connect Azure in Minutes
No credit card required. Read-only permissions. SOC 2 Type II compliant.