Skip to main content
Azure Application Insights logo
Analytics High complexity

Azure Application Insights

by Azure Application Insights

Sets cookies
Yes
Sends PII
No
Cross-site tracking
No
Cookies
ai_userai_session

Overview

Azure Application Insights is a performance monitoring and diagnostics service within Microsoft Azure Monitor that provides real user monitoring (RUM), application performance management (APM), and error tracking for web applications. Its JavaScript SDK collects browser-side telemetry including page load times, dependency call performance, unhandled exceptions, and user session data. Application Insights is widely deployed by enterprise organisations that use the Microsoft Azure cloud platform, particularly in financial services, healthcare, and public sector contexts. While primarily a development and operations tool, its client-side SDK collects data from end-user browsers that may constitute personal data under GDPR, placing it in scope for governance review.

Detection Capabilities

Signature count
3
Detection methods
network

Performance Impact

Performance Impact

Requests per page
3

Common Mistakes

  • 1 Treating Application Insights purely as an infrastructure monitoring tool exempt from consent requirements, when the client-side JavaScript SDK collects user-facing telemetry including IP addresses, session identifiers, and page URLs
  • 2 Not configuring the SDK to disable or anonymise user IP collection, which is enabled by default and transmits full IP addresses to Azure
  • 3 Failing to configure the data retention period in the Azure portal - the default 90-day retention may exceed or fall short of organisational requirements
  • 4 Using the Application Insights SDK's automatic dependency tracking without reviewing what data is captured, including URLs of external service calls that may contain sensitive parameters
  • 5 Not selecting the appropriate Azure data centre region for telemetry storage, potentially sending EU user data to US data centres when EU regions are available

Compliance Considerations

The Application Insights JavaScript SDK collects client-side telemetry including page URLs, session identifiers, browser information, and IP addresses, which constitute personal data under GDPR. Microsoft offers Azure data centre regions across the EU, UK, and globally, allowing organisations to store telemetry data in their preferred jurisdiction. The SDK can be configured to disable IP collection or use IP anonymisation. Microsoft is self-certified under the EU-US Data Privacy Framework and provides comprehensive data processing terms through the Microsoft Products and Services DPA. Organisations should configure the appropriate Azure region, enable IP anonymisation, set data retention periods aligned with their policy, and assess whether the client-side telemetry collection requires consent or can be justified under legitimate interest for service performance monitoring.

Related Services

Amplitude

Analytics

Med Amplitude

Product analytics and customer data platform. Tracks user behaviour events, builds behavioural cohorts, and provides funnel, retention, and journey analysis. Used by product teams for feature adoption analysis, experimentation, and data governance.

1 detection signature

Cloudflare Analytics

Analytics

Med Cloudflare Analytics

Privacy-focused web analytics from Cloudflare that measures page views and visitors without using client-side cookies or collecting personal data. Built into the Cloudflare network infrastructure, providing basic traffic metrics.

2 detection signatures

Contentsquare

Analytics

High Contentsquare

Contentsquare is a digital experience analytics platform that captures detailed user interaction data including clicks, scrolls, hovers, and session replays to provide insights into how visitors navigate websites and mobile apps. The platform uses zone-based heatmaps, journey analysis, and frustration scoring to identify UX issues and conversion bottlenecks. Following its acquisition of Hotjar in 2021, Contentsquare operates across both enterprise and SMB segments. Contentsquare's deep interaction capture makes it one of the most data-intensive analytics tags commonly deployed on regulated websites, and its ability to record detailed session behaviour requires careful governance to prevent inadvertent capture of sensitive personal data.

1 detection signature

Cooladata

Analytics

High Cooladata

Cooladata is a behavioural analytics platform (acquired by Medallia in 2019) that provides event-based tracking, data warehousing, and business intelligence capabilities for analysing user journeys across web, mobile, and connected products. It collects detailed event data from client-side JavaScript tags and server-side integrations, storing it in a managed data warehouse for querying and visualisation. Cooladata is primarily deployed by mid-market technology and gaming companies seeking an integrated analytics and data warehouse solution. While less widely known than Google Analytics or Mixpanel, Cooladata's deep event capture and data warehousing approach means it can accumulate substantial volumes of behavioural data that require careful governance oversight.

2 detection signatures

Need help governing Azure Application Insights?

Our governance diagnostic identifies compliance gaps across your entire tag estate.

Start your Governance Diagnostic