Microsoft Azure Observability

Kentik ingests three core telemetry types from Azure: VNet flow logs (Microsoft’s recommended flow log format) and Azure Firewall logs, Azure metadata via API (subscriptions, resource groups, VNets, subnets, Network Security Groups, route tables, ExpressRoute circuits, Virtual WAN, and other infrastructure context), and metrics from Azure Monitor for performance monitoring of Azure network services. Together, these provide complete visibility into traffic patterns, topology, and performance across Azure environments. For Azure Kubernetes Service (AKS), Kentik also supports the eBPF-based Kentik Kappa agent for pod-level Kubernetes traffic visibility. Kentik also supports legacy NSG flow logs for organizations that haven’t migrated to VNet flow logs yet, though Microsoft recommends enabling only one type at a time to avoid duplicate recording.

Kentik is delivered as SaaS, so there’s no on-premises infrastructure to deploy. Azure setup involves three steps: enable VNet (or NSG) flow logs and Azure Firewall logs to a designated Azure storage account, authorize the Kentik NSG Flow Exporter enterprise application via a Service Principal in your Azure subscription, and configure a “cloud export” in the Kentik portal with your subscription ID, resource group, and storage account details. Setup can be done manually through the Azure portal or automated with a Kentik-generated PowerShell script. A Kentik Terraform module is also available for infrastructure-as-code deployment. Kentik is also available on the Azure Marketplace for procurement and billing through your existing Azure agreement.

Kentik provides unified visibility across Azure’s hybrid connectivity services by combining VNet flow logs, Azure Firewall logs, and Azure Monitor metrics from ExpressRoute circuits and Virtual WAN hubs. For ExpressRoute, Kentik shows utilization, performance, and traffic distribution across each circuit, making it possible to monitor connectivity between on-premises data centers and Azure regions. For Virtual WAN, traffic between VNets, branches, and remote users can be traced end-to-end alongside on-premises NetFlow data — giving teams the visibility to troubleshoot hybrid connectivity issues without switching between Azure-native and on-premises tools.

Inter-region and inter-AZ monitoring requires correlating VNet flow logs with Azure metadata (which regions and zones each resource belongs to) and synthetic tests between locations. Kentik supports this by automatically tagging flow records with region and zone information from Azure APIs, surfacing inter-region and inter-AZ traffic patterns in the Kentik Map, and running synthetic tests from agents deployed in different Azure regions to measure latency, loss, and reachability between them. This makes it possible to detect performance regressions on specific paths, identify suboptimal routing decisions, and attribute the cost of cross-region or cross-AZ data transfer to specific applications or business units.

Azure data transfer charges accumulate from inter-VNet traffic, cross-region replication, cross-zone communication, ExpressRoute egress, and traffic to the public internet — and most teams have limited visibility into which applications and workloads are driving the cost. Kentik analyzes VNet and Azure Firewall flow logs to surface the highest-cost flows, attribute traffic to specific VNets, services, or business units, and identify suboptimal routing decisions (for example, traffic crossing regions unnecessarily, or traveling over the public internet when a private path is available). Teams use this data to optimize architecture, negotiate Azure pricing with evidence, and reduce monthly data transfer spend.

For AKS, Kentik provides pod-level network visibility through the Kentik Kappa agent, an eBPF-based agent that captures container traffic without sidecar deployment overhead. Kappa surfaces pod-to-pod and pod-to-service traffic, including key performance indicators like retransmit rate and out-of-order packet rate, and correlates that traffic with the underlying VNet and Azure infrastructure context. This makes it possible to investigate microservice performance issues at both the Kubernetes layer and the Azure network layer in a single platform — useful when AKS performance problems turn out to have causes in VNet routing, NSG rules, or Azure network paths.

Effective correlation requires both data sources to live in environments that share time-aligned context — typically by integrating an APM platform (Datadog, New Relic, Dynatrace) that captures application metrics with a network intelligence platform that captures cloud network telemetry, BGP routing, and synthetic measurements. Kentik supports this by ingesting Azure flow logs, Azure metadata, and synthetic test data, then exposing the results through APIs and integrations that connect with major APM platforms — letting application teams trace performance issues from service symptoms back to Azure network root causes.

Azure Monitor and Azure native monitoring (Network Watcher, Connection Monitor, NSG flow logs in Log Analytics, Network Performance Monitor) are essential for Azure-specific operational visibility, but they’re scoped to Azure itself. Kentik complements Azure native tooling by providing cross-environment analytics — correlating Azure traffic with on-premises NetFlow, multi-cloud telemetry from AWS and GCP, BGP routing, and internet path data — and by adding capabilities Azure native tools don’t provide, including ingest-time enrichment with BGP and AS path metadata, flow-level forensics across hybrid environments, cloud egress cost analytics, Cloud Pathfinder for connectivity troubleshooting across VNets and subscriptions, and AI-driven investigation through Kentik AI Advisor. Most teams use both: Azure native tools for Azure-specific operations and Kentik for the cross-environment network intelligence that Azure native tools weren’t designed to deliver.