CloudMonix offers ability to setup monitoring of Azure resources thru either ARM or Classic API.  Knowing when to use either option is important.  


Some history first

Azure Classic Management API was the original way to connect to Azure in order to find out information about Azure resources.  The authentication mechanism for this API requires a security certificate that provides the caller with full control of Azure subscription (no granularity in access at all).  Due to numerous complaints from customers, Microsoft has introduced the v2/Azure Resource Manager (ARM) API that allows administrators to limit footprint of the authorization of the API caller.


How authorization works

Classic API: users upload their Management certificate file to CloudMonix, either in the form of a publish settings file, or by directly generating a .PFX and uploading its public key to classic Azure management portal and its private key to CloudMonix

ARM API: users use their administrative credentials to authorize CloudMonix (during the Setup Wizard stage) to create a new user in their Azure AD's.  This user, named CloudMonix, is provisioned with Contributor privileges.  These privileges can be scaled down, per organization's compliance requirements (with an understanding that loss of monitoring data will occur for resources that are not visible to CloudMonix user)


When to use ARM vs Classic

The choice between the API approach in CloudMonix primarely depends on the resources that requirement monitoring.  Some resources are supported thru Classic API and some thru ARM API.


Resources that are available for monitoring thru Classic API

Classic Azure Virtual Machines (Windows or Linux), Classic Network VPN Gateways (S2S only), Classic Azure Storage, Cloud Services, Web Apps, Azure Scheduler, Azure Automation Runbooks, Azure Service Bus, SQL Azure


Resources that are available for monitoring thru ARM API

v2 Azure Virtual Machines (Windows or Linux), v2 Azure Storage, Web Apps (no auto-scaling), Redis Cache, DocumentDb, Backup Vaults, SQL Azure, and Stream Analytic jobs


Special note

Azure Service Bus: majority of monitoring for this resource happens by directly connecting to topics and queues and bypasses Management API completely, however for statistical metrics, Classic API with certificate is required

SQL Azure: majority of monitoring for this resource happens by directly connection to SQL Azure databases and bypasses Management API completely