Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Configure Application Insights

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: Monitor-011

Ensure that an Application Insights resource is created and configured to monitor your web applications in real time. Application Insights is an extension of Azure Monitor that provides advanced application performance monitoring solutions. The log data collected by Application Insights includes application metrics, telemetry data, and application trace logging data. This valuable information offers organizations in-depth insights into application activity and transactions. By leveraging this data, organizations can effectively address security and performance metrics in their modern web applications, enabling both proactive and retroactive approaches.

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Security
Reliability
Cost
optimisation
Performance
efficiency
Operational
excellence

Application Insights grants you complete visibility into your web application, encompassing all components and dependencies within your complex distributed architecture. This comprehensive toolset incorporates robust analytics capabilities, facilitating issue diagnosis and offering insights into user behavior within your application. Its primary objective is to aid you in continuously enhancing performance and usability. Whether your applications run on .NET, Node.js, Java EE, or are hosted on-premises, in a hybrid environment, or on any public cloud platform, Application Insights seamlessly accommodates to your needs.


Audit

To determine if there is at least one Application Insights resource created and configured within your Azure cloud account, perform the following actions:

Using Azure Console

01 Sign in to the Azure Management Console.

02 Navigate to Application Insights blade at https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/microsoft.insights%2Fcomponents.

03 On the Application Insights page, select the subscription that you want to examine from the Subscription filter box and choose Apply.

04 Check for any Application Insights resources created for the selected subscription. If there are no Application Insights resources listed on this page and the following confirmation status is returned: No Application Insights app to display, Microsoft Azure Application Insights is not configured for web applications in the selected Azure subscription.

05 Repeat steps no. 3 and 4 for each subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run monitor app-insights component show command (Windows/macOS/Linux) to describe the configuration details for the Application Insights resources available within the selected Azure subscription:

az monitor app-insights component show 
  --subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

02 Type Y and press Enter to install the application-insights extension:

The command requires the extension application-insights. Do you want to install it now? The command will continue to run after the extension is installed. (Y/n): Y

03 The command output should return the requested configuration information:

[]

If the monitor app-insights component show command output returns an empty array, i.e. [], as shown in the example above, Microsoft Azure Application Insights is not configured for web applications in the selected Azure subscription.

04 Repeat steps no. 1 – 3 for each subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To create and configure an Application Insights resource in order to monitor your live web applications using the Azure Application Insights service, perform the following actions:

Using Azure Console

01 Sign in to the Azure Management Console.

02 Navigate to Application Insights blade at https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/microsoft.insights%2Fcomponents.

03 On the Application Insights page, select the subscription that you want to access from the Subscription filter box and choose Apply.

04 Choose Create to deploy your new Application Insights resource.

05 On the Application Insights setup page, perform the following operations:

  1. For Basics, select the target Azure subscription, resource group, and region, and type a name for the new Application Insights resource in the Name box. Set the Resource Mode to Workspace-based, choose the subscription for the workspace, then select the Log Analytics Workspace required for Application Insights. Choose Next : Tags > to continue the setup process.
  2. For Tags, configure any required tags sets and choose Next : Review + create > to continue.
  3. For Review + create, review the resource configuration details and choose Create to deploy your new Application Insights resource.

06 Repeat steps no. 3 – 5 for each subscription available within your Microsoft Azure cloud account.

Using Azure CLI

01 Run monitor app-insights component create command (Windows/macOS/Linux) to create a new Microsoft Azure Application Insights resource for the selected subscription:

az monitor app-insights component create 
  --app cc-web-app-insights 
  --resource-group cloud-shell-storage-westeurope 
  --location westeurope 
  --kind "web" 
  --workspace cc-web-log-analytics-workspace 
  --subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

02 Type Y and press Enter to install the application-insights extension:

The command requires the extension application-insights. Do you want to install it now? The command will continue to run after the extension is installed. (Y/n): Y

03 The command output should return the configuration information available for the new Application Insights resource:

{
	"appId": "abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"applicationId": "cc-web-app-insights",
	"applicationType": "web",
	"creationDate": "2023-06-06T15:45:48.282478+00:00",
	"disableIpMasking": null,
	"flowType": "Bluefield",
	"hockeyAppId": null,
	"hockeyAppToken": null,
	"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/microsoft.insights/components/cc-web-app-insights",
	"immediatePurgeDataOn30Days": null,
	"ingestionMode": "LogAnalytics",
	"kind": "web",
	"laMigrationDate": null,
	"location": "westeurope",
	"name": "cc-web-app-insights",
	"namePropertiesName": "cc-web-app-insights",
	"privateLinkScopedResources": null,
	"provisioningState": "Succeeded",
	"publicNetworkAccessForIngestion": "Enabled",
	"publicNetworkAccessForQuery": "Enabled",
	"requestSource": "rest",
	"resourceGroup": "cloud-shell-storage-westeurope",
	"retentionInDays": 90,
	"samplingPercentage": null,
	"tags": {},
	"tenantId": "abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"type": "microsoft.insights/components",
	"workspaceResourceId": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/microsoft.OperationalInsights/workspaces/cc-web-log-analytics-workspace"
}

04 Repeat steps no. 1 – 3 for each subscription available within your Microsoft Azure cloud account.

References

Publication date Jun 12, 2019