Step-by-step guide: Digging deep into Azure Service Map

We covered the entire Service Map deployment including the client portion in a previous article here at TechGenix. Now it is time to explore the functionalities available in this useful service.

We can start by opening the Service Map and there are a couple of ways to achieve this task: My favorite is opening the OMS Workspace that is hosting the service. Click on Solutions and then ServiceMap(LogAnlytics-Name) entry. In the new blade, click on the Service Map box located at the Summary section. Another option is opening the OMS portal, and the same Service Map box will be listed there — click on it.

The interface is powerful but at the same time simple, with most of the features just one click away. This facilitates the process to troubleshoot and helps us understand what is going on. In the past, doing a similar process would require several tools such as SysInternal Tools and Wireshark.

Let’s start with a long view of the interface: When troubleshooting, we must understand the time range of the information being displayed and we can define that on item 1 in the image below. In item 2 and item 3, we can see all the servers reporting to the service, and we can group them in Groups. Groups are key to group together servers sharing the same workload and that helps to see the flow from a macro perspective. For example, creating groups for different tiers such as frontend, backend, databases, etc.

Note: All Service Map data is stored in Log Analytics for seven days in free workspaces, and 30 days for all other paid options.

Item 4 is key for troubleshooting. Using the first two buttons, collapse and expand allow us to show more information, and we can click more than once to get more information. In the filter, we can decide to see objects that do not have the agent installed (Show non-agents backends). My recommendation is to always leave the filter enabled to see the entire picture.

In item 5 we have a toolbox of additional information, and the badges will be displayed based on the context of the selected object. We will explore some of those options in the next section. It integrates with other solutions from OMS workspaces, such as Azure Alerts, Change Tracking, Updates, Log Events, and Performance.

The easy way to get a good idea how to use Service Map is selecting the desired computer that is listed on the Machines tab. Keep in mind that only computers that have the installed agents (it is plural because we need the Microsoft Monitoring Agent and the Dependency Agent installed on the VM) will be listed.

Let’s start by clicking on the server TORFS01, and to make things more interesting, let’s expand (second icon on the right in the Legend area). The result will be all connections from that VM to other objects, but also the process that initiated that connection. It is important to notice that Port 443 (https) is a Server Group automatically created by the solution, and within that group, we have all IPs that server connected using that port. Is it great or what?

Another useful option is checking who is connecting to your VM. We can easily check that by clicking on the Clients that we have connections to (the arrow points from the object/group to your selected server) and we can see them in the properties. It will list all public IPs and the port that they were using. In less than one hour we had five public IPs trying to connect to our VM while writing this article. That is one of the reasons to avoid exposing your VMs with public IP if they are not required to.

A common scenario during security investigations/incidents is to find out what any given service is doing. We just need to select one of the processes. In our example WindowsAzureTelemetry process, we will see a bold line and we can see in a glance all the IPs that were used for the connections, and at the same time we have the Summary being expanded automatically and we have a summary of how many connections and details of the service. If we want to be more specific, we can click on Properties and we can see even the name of the executable file that is responsible for the service!

Getting the server performance badge in Service Map

By default, the agent does not retrieve performance from the servers, thus we can’t see any performance in Service Map. In order to enable this option, check the Advanced Settings of your Workspace. In the new page, click on Data, select Windows Performance Counters, and click on Add the selected performance counters, add or remove the performance counters available and click on Save.

That will refresh the agent to start collecting those metrics and they will be available after a while in the Service Map. Wait a few minutes, click on a Windows Server, and check the Performance option. The result will be a graph of the data on that blade.

Pretty neat, right?

Featured image: Shutterstock

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange, CISSP and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).

Published by
Anderson Patricio

Recent Posts

Office 365 is now Microsoft 365: Everything you need to know

Microsoft has rebranded various products in its Office 365 lineup as Microsoft 365. Here is…

2 hours ago

Ansible Automation Engine: Complete getting started guide

In this second article in our series, we will work on the Ansible Automation Engine…

19 hours ago

Microsoft Build 2020: All major announcements for developers

Microsoft Build 2020 included several announcements aimed at developers and the IT community. Here are…

23 hours ago

Dell unveils new PCs optimized for remote work

With remote work here to stay, companies are looking to supply employees with devices to…

1 day ago

Using Azure Active Directory Identity Protection to boost your security

Using Azure Active Directory Identity Protection will boost your security. This step-by-step guide shows you…

2 days ago

Review: Kemp Virtual LoadMaster load balancer

With many businesses requiring employees to work remotely, Kemp’s Virtual LoadMaster can help relieve many…

2 days ago