Python: Add Entra ID Credentials Support for Azure Monitor Telemetry (#778)

* Adds Azure Monitor Entra ID authentication support

Enables token-based authentication for Application Insights by adding an optional credential parameter to telemetry setup functions.

* Fix linting errors

* Documentation: Add Entra ID authentication details to README for Application Insights

* Documentation: Add Entra ID authentication details to README for Application Insights

* Update python/packages/main/agent_framework/telemetry.py

Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>

* Update python/samples/getting_started/telemetry/README.md

Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>

* Update python/packages/main/agent_framework/telemetry.py

Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>

* Rename application_insights_credential to credential

---------

Co-authored-by: Eduard van Valkenburg <eavanvalkenburg@users.noreply.github.com>
This commit is contained in:
amritpal-singh-98
2025-09-16 17:42:04 +01:00
committed by GitHub
Unverified
parent 0dd49e4a67
commit 6b91d41a73
2 changed files with 22 additions and 2 deletions
@@ -22,6 +22,7 @@ from ._pydantic import AFBaseSettings
from .exceptions import AgentInitializationError, ChatClientInitializationError
if TYPE_CHECKING: # pragma: no cover
from azure.core.credentials import TokenCredential
from opentelemetry.metrics import Histogram
from opentelemetry.sdk.resources import Resource
from opentelemetry.util._decorator import _AgnosticContextManager # type: ignore[reportPrivateUsage]
@@ -413,10 +414,13 @@ class OtelSettings(AFBaseSettings):
"""Check if the setup has been executed."""
return self._executed_setup
def setup_telemetry(self) -> None:
def setup_telemetry(self, credential: "TokenCredential | None" = None) -> None:
"""Setup telemetry based on the settings.
If both connection_string and otlp_endpoint both will be used.
Args:
credential: The credential to use for Azure Monitor Entra ID authentication. Default is None.
"""
if not self.ENABLED or self._executed_setup:
return
@@ -438,6 +442,7 @@ class OtelSettings(AFBaseSettings):
configure_azure_monitor(
connection_string=self.application_insights_connection_string,
credential=credential,
logger_name="agent_framework",
resource=resource,
enable_live_metrics=self.application_insights_live_metrics,
@@ -458,6 +463,7 @@ def setup_telemetry(
enable_sensitive_data: bool | None = None,
otlp_endpoint: str | None = None,
application_insights_connection_string: str | None = None,
credential: "TokenCredential | None" = None,
enable_live_metrics: bool | None = None,
) -> None:
"""Setup telemetry with optionally provided settings.
@@ -472,6 +478,8 @@ def setup_telemetry(
enable_sensitive_data: Enable OpenTelemetry sensitive events. Default is False.
otlp_endpoint: The OpenTelemetry Protocol (OTLP) endpoint. Default is None.
application_insights_connection_string: The Azure Monitor connection string. Default is None.
credential: The credential to use for Azure Monitor Entra ID authentication.
Default is None.
enable_live_metrics: Enable Azure Monitor live metrics. Default is False.
"""
@@ -486,7 +494,7 @@ def setup_telemetry(
OTEL_SETTINGS.application_insights_connection_string = application_insights_connection_string
if enable_live_metrics is not None:
OTEL_SETTINGS.application_insights_live_metrics = enable_live_metrics
OTEL_SETTINGS.setup_telemetry()
OTEL_SETTINGS.setup_telemetry(credential=credential)
# region Chat Client Telemetry
@@ -79,6 +79,18 @@ This sample shows how to setup telemetry when using the Agent Framework's workfl
## Application Insights/Azure Monitor
### Authentication
You can connect to your Application Insights instance using a connection string. You can also authenticate using Entra ID by passing a [TokenCredential](https://learn.microsoft.com/en-us/python/api/azure-core/azure.core.credentials.tokencredential?view=azure-python) to the `setup_telemetry()` function used in the samples above.
```python
from azure.identity import DefaultAzureCredential
setup_telemetry(credential=DefaultAzureCredential())
```
It is recommended to use [DefaultAzureCredential](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python) for local development and [ManagedIdentityCredential](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.managedidentitycredential?view=azure-python) for production environments.
### Logs and traces
Go to your Application Insights instance, click on _Transaction search_ on the left menu. Use the operation id output by the program to search for the logs and traces associated with the operation. Click on any of the search result to view the end-to-end transaction details. Read more [here](https://learn.microsoft.com/en-us/azure/azure-monitor/app/transaction-search-and-diagnostics?tabs=transaction-search).