Very interesting articles as to why and how Microsoft moved their monitoring and alerting from SCOM and into Azure Monitor and Log Analytics.
The takeaways include:
Cloud first, no infrastructure to support.
SCOM alerts built up over time to create excessive alerting.
Able to consolidate 100 alerts into 15 (after a refresh of SCOM alerts pre migration).
Microsoft use Azure Monitor over 16,000 VMs and 750 Azure subscriptions.
Alerts are now democratised with apps teams seeing and handling applications monitoring and alerting.
Agility greatly improved.
Free Office 365 telemetry ingestion for Azure Sentinel.
You need to think about:
Costs generated by log storage in Azure.
Staff re-training to utilise Azure Monitor via documentation and training sessions.
Azure Monitor gives incredibly broad support to on-premise and cloud environments and adds integrations such as Azure automation and Application Insights.