Azure Connection Monitor Limitations and Alternatives

Azure Connection Monitor is useful for testing connectivity between Azure resources and external endpoints. But it has limitations that become painful at scale.

The 100 Endpoint Limit

Connection Monitor has a hard limit of 100 test endpoints per Network Watcher instance. When you have:

50 VMs to monitor
30 external dependencies
20 internal services

You've hit the limit.

Other Limitations

Limitation	Impact
100 endpoints per monitor	Can't monitor large environments
No container support	Can't monitor from AKS pods
Requires Network Watcher extension	Agent installation on every VM
Cost at scale	Charges per test, adds up quickly
1-minute minimum interval	Not suitable for real-time alerting

Alternative 1: Azure Monitor Network Insights

For Azure-to-Azure connectivity, Network Insights provides:

Topology visualization
Flow analytics (requires NSG flow logs)
Connection troubleshooter
No endpoint limits

// Query NSG flow logs for connectivity issues
AzureNetworkAnalytics_CL
| where TimeGenerated > ago(1h)
| where FlowStatus_s == "D"  // Denied flows
| summarize Count = count() by SourceIP_s, DestIP_s, DestPort_d
| order by Count desc

Alternative 2: Prometheus + Blackbox Exporter

For large-scale endpoint monitoring:

# prometheus.yml
scrape_configs:
  - job_name: 'blackbox'
    metrics_path: /probe
    params:
      module: [http_2xx]
    static_configs:
      - targets:
          - https://api.example.com/health
          - https://partner.example.com/status
          # ... hundreds of endpoints
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: blackbox-exporter:9115

Deploy in AKS for container-native monitoring:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: blackbox-exporter
spec:
  replicas: 1
  selector:
    matchLabels:
      app: blackbox-exporter
  template:
    metadata:
      labels:
        app: blackbox-exporter
    spec:
      containers:
        - name: blackbox-exporter
          image: prom/blackbox-exporter:latest
          ports:
            - containerPort: 9115

Alternative 3: Custom Azure Function

Build your own endpoint monitor:

# function_app.py
import azure.functions as func
import aiohttp
import asyncio
import json
from datetime import datetime

app = func.FunctionApp()

ENDPOINTS = [
    {"name": "API Gateway", "url": "https://api.example.com/health"},
    {"name": "Partner API", "url": "https://partner.example.com/status"},
    # ... unlimited endpoints
]

@app.timer_trigger(schedule="*/5 * * * *", arg_name="timer")
async def monitor_endpoints(timer: func.TimerRequest):
    async with aiohttp.ClientSession() as session:
        tasks = [check_endpoint(session, ep) for ep in ENDPOINTS]
        results = await asyncio.gather(*tasks)

    # Send to Log Analytics
    for result in results:
        # Log custom metrics
        pass

async def check_endpoint(session, endpoint):
    try:
        start = datetime.now()
        async with session.get(endpoint["url"], timeout=10) as response:
            latency = (datetime.now() - start).total_seconds() * 1000
            return {
                "name": endpoint["name"],
                "url": endpoint["url"],
                "status": response.status,
                "latency_ms": latency,
                "success": 200 <= response.status < 300
            }
    except Exception as e:
        return {
            "name": endpoint["name"],
            "url": endpoint["url"],
            "status": 0,
            "error": str(e),
            "success": False
        }

Alternative 4: Third-Party Solutions

Consider dedicated monitoring tools:

Datadog Synthetic Monitoring - Global test locations
New Relic Synthetics - Good for web apps
Pingdom - Simple, reliable
UptimeRobot - Free tier available

Hybrid Approach

Use Connection Monitor for critical paths, alternatives for scale:

Connection Monitor (100 limit)
├── Critical infrastructure
│   ├── Domain controllers
│   ├── Core databases
│   └── Authentication services
│
Blackbox Exporter (unlimited)
├── Application health endpoints
├── Partner integrations
└── External dependencies
│
Custom Function (unlimited)
├── Complex test scenarios
└── Custom alerting logic

Monitoring from Containers

Connection Monitor doesn't support containers. Use synthetic checks instead:

# Kubernetes CronJob for connectivity tests
apiVersion: batch/v1
kind: CronJob
metadata:
  name: connectivity-check
spec:
  schedule: "*/5 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
            - name: checker
              image: curlimages/curl
              command:
                - /bin/sh
                - -c
                - |
                  curl -s -o /dev/null -w "%{http_code}" https://api.example.com
          restartPolicy: OnFailure

Cost Comparison

Solution	Setup Effort	Monthly Cost (100 endpoints)
Connection Monitor	Low	~£100-200
Prometheus/Blackbox	Medium	~£50 (compute)
Custom Function	High	~£20-30
Datadog	Low	£500+
UptimeRobot	Low	Free-£50

Need help with network monitoring at scale? Get in touch - we help organisations implement effective monitoring solutions.