Skip to content

Microsoft Azure


Microsoft Azure functionality is currently in technical preview and is subject to change.

Activate Microsoft Azure

The Microsoft Azure feature is turned off by default. To turn it on:

  1. Go to Configuration SettingsAdvanced Settings.

  2. Click the toggle in the Technical preview features section of the page.

Required settings

It is possible to use PMM for monitoring Azure database instances like other remote instances. In this case, the PMM Client is not installed on the host where the database server is deployed. By using the PMM web interface, you connect to the Azure DB instance. Discovery is not yet implemented in PMM but it is possible to add known instances by providing the connection parameters.

First of all, ensure that there is the minimal latency between PMM Server and the Azure instance.

Second, add a firewall rule to enable access from PMM Client like this:


Setting up a MySQL instance

Query Analytics requires you to configure Performance Schema as the query source, because the slow query log is stored on the Azure side, and QAN agent is not able to read it. Enable the performance_schema option under Parameter Groups in Azure MySQL databases.

When adding a monitoring instance for Azure, specify a unique name to distinguish it from the local MySQL instance. If you do not specify a name, it will use the client’s host name.

Create the pmm user with the following privileges on the Azure MySQL database instance that you want to monitor:


Adding an Azure Instance

Follow the instructions for remotes instances explained here, Azure MySQL databases are similar to AWS RDS databases.



and be sure to set Performance Schema as the query collection method for Query Analytics.



MariaDB up to version 10.2 works out of the box but starting with MariaDB 10.3 instrumentation is disabled by default and cannot be enabled since there is no SUPER role in Azure-MariaDB. So, it is not possible to run the required queries to enable instrumentation. Monitoring will work but Query Analytics won’t receive any query data.


For PostgreSQL follow the same methods used for MySQL and MariaDB and enable track_io_timing in the instance configuration to enable Query Analytics.


For Query Analytics, set the server parameter:

pg_stat_statements.track = all

To discover databases on Azure

You need to get the Client ID, Client Secret, Tenant ID and Subscription ID.

Get the subscription ID

  1. Search Subscriptions, click on your subscription name !
  2. Copy the subscription ID !

Create a new application to get the tenant ID, client ID and the client secret.

  1. Search for Azure Active Directory !
  2. Register a new application:


! ! 3. At this point you can copy the client and tenant IDs. ! 4. Create an application secret. ! ! ! 5. Copy the value of the application secret. Once you leave this page you won’t be able to see the secret again and you will have to generate a new one. ! 6. Give API access permissions to your application.

6.1. Search for **Subscriptions** like in step 1.

6.2. Select your application and grant **Monitor Reader** permissions. This might require you to have admin permissions in your Azure account.

! ! ! !

When you fill in all fields press the Discover button and you will see a list of available databases for monitoring.


You can monitor 6 types of databases:

  • Microsoft.DBforMySQL/servers
  • Microsoft.DBforMySQL/flexibleServers
  • Microsoft.DBforMariaDB/servers
  • Microsoft.DBforPostgreSQL/servers
  • Microsoft.DBforPostgreSQL/flexibleServers
  • Microsoft.DBforPostgreSQL/serversv2

You can find more details on how to create DB on Azure at:


You must set pg_stat_statements.track = all in your PostgreSQL Server settings to use PMM Query Analytics. (Read more.)


In the list of databases on the Discovery page click Start Monitoring to add the selected Azure Database to PMM.

Fill in all required fields and click Add service.


PMM can use 3 exporters to collect metrics:

  • Azure Metrics Exporter – collect “system” metrics related to DB.

    • node_cpu_average
    • azure_resource_info
    • node_filesystem_size_bytes
    • azure_memory_percent_average
    • azure_storage_percent_average
    • azure_storage_used_bytes_average
    • node_network_receive_bytes_total
    • node_network_transmit_bytes_total
  • mysql_exporter or postgres_exporter – to collect database related metrics.

  • PMM Agent to collect queries related metrics using pg_stat_statements for PostgreSQL or Performance Schema for MySQL (MariaDB)

Adding an Azure Instance on pmm-client side

TLS/SSL is enforced on the server by default. So please download the certificate needed to communicate over SSL with your Azure Database. It can be done on Networking tab for your Azure Database instance.


Also enforced TLS/SSL connection option can be disabled on server side.

Command for adding an azure database service for monitoring without TLS/SSL.

pmm-admin add mysql --username=azureuser --password=secure --service-name=azure1 --query-source=perfschema

Downloaded certificate is named DigiCertGlobalRootCA.crt.pem.

An example of the command for adding an Azure database service for monitoring with TLS/SSL would be:

pmm-admin add mysql --username=azureuser --password=secure --service-name=azure1 --query-source=perfschema --tls --tls-ca=DigiCertGlobalRootCA.crt.pem --tls-cert=client-cert.pem --tls-key=client-key.pem --tls-skip-verify

Get expert help

If you need assistance, visit the community forum for comprehensive and free database knowledge, or contact our Percona Database Experts for professional support and services.