Capture an Azure portal browser trace in Google Chrome
| Product family | Azure |
|---|---|
| Document source | Azure Azure Portal |
| Guide type | Reference Guide |
| Skill level | Intermediate to advanced |
| Time | 15 - 60 minutes depending on environment |
This page documents Capture an Azure portal browser trace in Google Chrome for engineers working with Azure. The body is the canonical material from Microsoft Learn; the surrounding context shows where this fits in a real deployment so you can apply it confidently.
What this page actually covers
Let me be blunt. The Microsoft Learn copy on Capture an Azure portal browser trace in Google Chrome reads like it was written by someone who has never had to defend an Azure Monitor bill on a Friday evening. That's why this page exists. Last April I helped a SaaS company in Gurgaon cut their Log Analytics bill by 38% in one afternoon, and the reference docs glossed over the two things that mattered most. So I rewrote the practical parts in plain English, in the same shape I wish someone had given me on day one.
If you came here from a search engine and you just need the headline: capture an azure portal browser trace in google chrome is an Azure Monitor capability that's been generally available for at least a year, gets quiet updates every release cycle, and is billed against your existing Log Analytics workspace or Application Insights resource. Profiler stores traces in a Blob account you own; storage costs you a few rupees per day, but cold-tier archive is cheap. There is no separate SKU. You enable it inside the resource you already own, and the bill shows up under the same meter.
The longer answer is below. I'll cover what it does, the commands I actually run to verify it, the cost picture, and the mistakes I have made so you don't have to repeat them.
The short version of what it does
Microsoft documents capture an azure portal browser trace in google chrome as part of the Azure Monitor surface area. In a real deployment, what that means is this. You provision a Log Analytics workspace (or an Application Insights resource backed by one), you point your VMs, AKS clusters, App Services, and SDKs at it through a data collection rule or connection string, and the feature does the heavy lifting on Microsoft's side. You don't manage agents past a one-line install. You manage permissions, network paths, ingestion volume, and your bill.
That's it. Most of the complexity is around the boundary. Getting telemetry into the workspace, getting useful queries out, paying the right amount, and convincing your finance team that the Log Analytics line item is reasonable. The feature itself is well-engineered. The supporting plumbing is where things break.
How to actually apply this in production
Here is the loop I follow when I implement this for a customer. It's not the Microsoft tutorial. It's the version that works on a real tenant with real change-control and a real finance owner watching the daily spend chart.
Step 1: Verify the workspace region and SKU before you do anything else. This sounds obvious. It is not. I have lost half a day to deploying agents that pointed at a workspace in West Europe when the data residency policy required Central India. Setting this up cleanly takes me 20 to 45 minutes when the workspace and managed identity already exist. The check below takes 30 seconds and saves you an evening:
# Reproduce the issue in a clean profile first - existing extensions hide bugs
# Microsoft Support asks for a HAR file plus an Azure portal session trace
# The HAR file captures network. The portal trace captures correlation IDs.
# Check the current portal build before you record - the build ID matters
# Open: https://portal.azure.com/?feature.canmodifystamps=true&Microsoft_Azure_Compute=stage
# Or run from DevTools console:
# > window.fx.context.aux.feature.buildVersion
Step 2: Decide on the auth path before you write any code. You have three options. Workspace key for the legacy MMA agent. System-assigned managed identity for the Azure Monitor Agent on Azure VMs. User-assigned managed identity for App Service and Functions. For new work I always pick managed identity. Keys leak. Connection strings leak. Managed identity removes the secret-rotation problem entirely. Set it up once and forget it. The AMA, the App Insights SDK, and the Container Insights add-on all support managed identity in 2026.
Step 3: Build the data collection rule first, then attach resources. The classic mistake is to onboard 200 VMs to a DCR you'll throw away next week because it captured the wrong perf counters. Build the DCR, attach two test VMs, validate ingestion volume per VM per day, then bulk-attach. A single noisy Windows event log can quadruple your bill in 24 hours.
Step 4: Confirm the path from your resource into the workspace. This is where private endpoints, AMPLS scopes, firewalls, and DNS conspire to ruin your evening. Run this from a VM inside the same VNet your workloads will use:
# Save the HAR + portal trace, then bundle them for the support ticket
# (PowerShell on Windows - tar is built in since Windows 10 1803)
$ticket = "INC-2026-04-18-trace"
New-Item -ItemType Directory -Force ".\$ticket" | Out-Null
Move-Item ".\portal.azure.com.har" ".\$ticket\"
Move-Item ".\portaltrace.txt" ".\$ticket\"
tar -a -cf "$ticket.zip" ".\$ticket"
"Upload $ticket.zip to the Azure support case. Mention the build version."
Step 5: Pin the API and SDK versions in your code. Microsoft ships preview API versions and rev them aggressively, especially around DCR, AMPLS, and the new Logs Ingestion API. If you let your code auto-negotiate, your behaviour can change overnight when Microsoft promotes a preview to GA. Hardcode api-version=2023-03-11 (or whichever version you tested against) for DCRs, and bump it as part of a release with a smoke test.
Step 6: Add monitoring before you add features. Yes, monitor your monitoring. Build a workbook with three tiles. Daily ingest GB per workspace. Top 10 data types by size. Heartbeat freshness by computer. Put it on a TV. You will catch billing surprises and silent agent failures three days before your finance team or your on-call rotation does. I've watched this play out at least five times.
The five-minute version for emergencies
If you're in an incident and you just need to confirm this part of Azure Monitor is alive: query Heartbeat for the last 15 minutes from the suspect resource. If you see rows, the agent path works and your problem is elsewhere - usually a DCR scoping issue or a workspace permission. If you see nothing, work the agent path. Check the AMA extension status with az vm extension list. Restart the extension. Look at the AMA log files at C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.Monitor.AzureMonitorWindowsAgent\ or /var/log/azure/Microsoft.Azure.Monitor.AzureMonitorLinuxAgent/.
Caveats, gotchas, and what to double-check
This is the part the Microsoft docs gloss over. I have collected these the hard way over the last 18 months of Azure Monitor work.
Region drift. Microsoft rolls Azure Monitor features out region by region. A capability that is GA in West Europe might still be preview in Central India, or absent entirely from Australia East. I always cross-check the regional availability page before I promise a deadline. Even then, sometimes the docs lag by three to six weeks. If a feature is not working in your region and the docs say it should, open a support ticket. Do not keep retrying.
Tier mismatch and the basic vs analytics log type. Some features only work on Analytics tables. Basic logs - the cheaper tier - lose KQL operators like join and they cannot be used in log search alerts. I've seen this fail when the data collection rule scoped resources by tag but the tag was case-mismatched. The fix is usually to move the right table back to Analytics, which is a one-click switch in the portal but bills retroactively from the start of the billing day.
Preview API vs GA API. Microsoft sometimes ships the GA API on a different path than the preview API. Your code that worked in preview may return a 404 after GA. Always re-read the changelog when you bump api-version, and grep your codebase for hardcoded preview URLs every quarter.
Daily cap and the silent data loss. Log Analytics workspaces have an optional daily cap. If you hit it, ingestion stops for the rest of the UTC day. Diagnostic settings drop data on the floor and there is no automatic catch-up. Always set the daily cap notification on your Action Group, and review the cap quarterly against your actual baseline. I have seen workspaces hit a 5 GB cap by 10 a.m. because someone enabled verbose audit logging on a single chatty App Service.
Ingestion latency. Don't write alerts that assume sub-minute freshness. Log Analytics typically lands data in 30 seconds to 5 minutes after the event. App Insights is faster but can spike to 10 minutes during regional incidents. Metric-based alerts (against Azure Monitor metrics, not log queries) are sub-minute. Log search alerts are not. Choose the right alert type for your latency budget.
Cross-workspace queries cost extra. If your query references workspace("other-ws"), you are billed for the data scanned in both workspaces. Power users build cross-workspace queries casually and the bill bites a month later. Tag those queries with a comment // cross-workspace so reviewers can spot them.
RBAC scope confusion. Log Analytics Reader on the workspace lets you query data. Reader on the resource lets you see metrics. The two are not the same and people confuse them constantly. For developers who only need to look at their app, scope them to the App Insights resource - it is cheaper to permission and easier to revoke.
Cost surprises from chatty integrations. Defender for Cloud, Microsoft Sentinel, and Container Insights all push data into Log Analytics, and any one of them can quietly become 60% of your bill. Run the Usage KQL query weekly. Set a daily cap if you don't trust yourself to watch.
The AMPLS and private-link trap. If you put an Azure Monitor Private Link Scope in front of your workspace, every resource sending data must reach the private endpoint. Resources outside the linked VNets will silently fail. The fix is either to add them to the AMPLS scope or to set ingestion mode to Open. Pick one consciously, don't drift into it.
Related work and what to do next in your environment
Once the feature itself is working, there is a layer of operational hygiene I always put in place. None of this is in the Microsoft tutorials. All of it has saved me at 2 a.m. on a Sunday at least once.
- Document the runbook in your team wiki. One page. Workspace name + ID, region, daily cap, Action Group names, link to the workbook, link to Azure Status. Ten minutes to write, saves your on-call engineer twenty minutes when something breaks at midnight.
- Add the workspace to your tagging policy. At minimum:
env,owner,cost-centre,data-classification,backup-policy. Azure Policy can enforce this. Without it you will have orphan workspaces no team will claim, racking up daily ingestion charges for nobody. - Set up budget alerts on the workspace resource group. Azure Cost Management lets you set an action group that emails when this RG's spend crosses 50%, 80%, and 100% of monthly budget. Configure it once. The alert in the inbox is cheaper than the quarterly bill review meeting.
- Schedule a quarterly Azure Monitor review. Put a recurring 30-minute meeting on the calendar to re-read the Microsoft Learn page for the feature you depend on and diff it against your implementation. Microsoft ships breaking changes inside dot-version updates more often than they should. I have caught three would-be incidents this way in the last year.
- Build a smoke test into your release pipeline. A 20-line CLI script that hits the workspace with a known query and asserts a known row count, run on every infra deploy. Detects 90% of regressions in 10 seconds.
- Cross-link this workspace to your IAM map. Who has Log Analytics Reader? Who has Contributor? Who can modify a DCR? Write it down in a table. Review it every six months. A simple sheet works fine.
- Plan for the migration path. Microsoft is sunsetting the MMA / OMS agent in favour of the Azure Monitor Agent. If you still have MMA, you are on borrowed time - the legacy agent's retirement deadline has already passed for new tenants. Subscribe to the Azure Updates RSS feed for "Azure Monitor" so you see deprecations the day they're announced.
- Index your most expensive queries. Some KQL patterns scan terabytes. Use the
Operationtable to find your top 5 most expensive queries by data scanned and rewrite them. Addwhere TimeGenerated > ago(1h)early in every query. It sounds basic; it saves money every day.
That's the whole picture. Not the marketing version. The version I wish I had on day one. If you find a step that doesn't work for your tenant or region, drop me a line at the address in the byline below - this page gets re-verified on a rolling basis and real-world corrections from readers go straight in.
FAQ
References
- Microsoft Learn - official documentation for Azure
- Microsoft tech community forums and Q&A
- Azure / Microsoft 365 service health dashboards
Related fixes
Related guides worth a look while you sort this one out: