Microsoft Azure Support diagnostic information and memory dump collection

Understand what will be shared with Microsoft Support when you grant access to share diagnostic information or agree to allow collection of a complete memory dump.

Diagnostic information collection

When you create a support request, the "Share diagnostic information" option gives your consent to allow a Microsoft Support engineer to remotely collect data from the Azure subscription(s) associated with your request in order to troubleshoot your issue. You can revoke this consent at any time by contacting your support engineer.

What type of information is collected with your consent?

Examples of diagnostic data collected are common log files, system-generated event logs, registry keys, debug logs, server/database information, console screenshots*, and basic network and storage disk information.

For App Service related issues, HTTP logs, detailed errors, KUDU trace, transform logs, FREB logs, winsock logs, event logs, DAAS logs, and Webjob logs are collected to help with troubleshooting.

For Azure AD Connect related issues, information about Active Directory objects, such as User and device properties and your synchronization configuration and related log files, such as Sign-In, Audit, or synchronization logs are collected to help with troubleshooting.

Detailed file list

A detailed list of files that are collected can be found on the following articles:

Article ID Service or Environment
Windows Server logs Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
PaaS logs Microsoft Azure PaaS VM Logs
IaaS logs Microsoft Azure IaaS VM logs
Service Fabric logs Microsoft Azure Service Fabric Logs
StorSimple logs StorSimple support packages and device logs
SQL Server Windows VM logs Azure SQL Server in VM logs
Azure Active Directory Logs Azure Active Directory Logs

*If you are using a graphical desktop sharing application that utilizes the VGA console of the Virtual Machine a screenshot may capture information being displayed on the console session.

Memory dump collection

When you create a support case for certain Virtual Machine problem types you will be asked whether you agree to support accessing your virtual machine's memory to diagnose the problem. A complete memory dump is the largest kernel-mode dump file. This file includes all of the physical memory that is used by Windows. A complete memory dump does not, by default, include physical memory that is used by the platform firmware.

The dump is copied from the compute node (Azure host) where it is created to another server for debugging within the same datacenter. Customer data is protected since the data does not leave Azure's secure boundary. Learn more about how customer data is stored in Azure.

The dump file is created by generating a Hyper-V save state of the virtual machine (VM). This process will pause the VM for up to 10 minutes, after which time the VM is resumed. The VM is not restarted as part of this process.

How is your data handled?

All data gathered for support purposes are managed according to the commitments outlined in the Microsoft Trust Center.

Any data previously collected with your consent will not be affected by the revocation of your permission.

For air-gapped environments, Microsoft will keep diagnostic data collected to troubleshoot your issue within the boundary.