Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Connection strings specify to which Application Insights resource your instrumented application should send telemetry data. A connection string is composed of multiple settings, each represented as a key-value pair and separated by semicolons. This consolidated configuration method simplifies the setup process by eliminating the need for multiple proxy settings.
Important
The connection string contains an ikey and an ApplicationId.
The ikey is a unique identifier used by the ingestion service to associate telemetry to a specific Application Insights resource. Ikey unique identifiers aren't security tokens or security keys, and aren't considered secrets. Connection strings are enhanced by adding the ApplicationId value. This update is a new feature that supports automatic instrumentation for scenarios utilizing the Open Telemetry SDK. If you want to protect your Application Insights resource from misuse, the ingestion endpoint provides authenticated telemetry ingestion options based on Microsoft Entra ID.
Note
On March 31, 2025, support for instrumentation key ingestion will end. Instrumentation key ingestion will continue to work, but we'll no longer provide updates or support for the feature. Transition to connection strings to take advantage of new capabilities.
Connection string capabilities
- Reliability: Connection strings make telemetry ingestion more reliable by removing dependencies on global ingestion endpoints.
- Security: Connection strings allow authenticated telemetry ingestion by using Microsoft Entra authentication for Application Insights.
- Customized endpoints (sovereign or hybrid cloud environments): Endpoint settings allow sending data to a specific Azure Government region. (See examples.)
- Privacy (regional endpoints): Connection strings ease privacy concerns by sending data to regional endpoints, ensuring data doesn't leave a geographic region.
Find your connection string
Your connection string appears in the Overview section of your Application Insights resource.
Schema
Schema elements are explained in the following sections.
Max length
The connection has a maximum supported length of 4,096 characters.
Key-value pairs
A connection string consists of a list of settings represented as key-value pairs separated by a semicolon:
key1=value1;key2=value2;key3=value3
Tip
Configurable key-value pairs are covered in this document. Some key-value pairs aren't configurable and are set automatically, such as ApplicationId. These pairs can be safely ignored if they're observed in your environment.
Syntax
InstrumentationKey(for example, 00000000-0000-0000-0000-000000000000).InstrumentationKeyis a required field.Authorization(for example, ikey). This setting is optional because today we only support ikey authorization.EndpointSuffix(for example, applicationinsights.azure.cn). Setting the endpoint suffix tells the SDK which Azure cloud to connect to. The SDK assembles the rest of the endpoint for individual services.Explicit endpoints. Any service can be explicitly overridden in the connection string:
IngestionEndpoint(for example,https://dc.applicationinsights.azure.com)LiveEndpoint(for example,https://live.applicationinsights.azure.com)ProfilerEndpoint(for example,https://profiler.monitor.azure.com)SnapshotEndpoint(for example,https://snapshot.monitor.azure.com)
Endpoint schema
<prefix>.<suffix>
- Prefix: Defines a service.
- Suffix: Defines the common domain name.
Valid suffixes
- applicationinsights.azure.cn
- applicationinsights.us
For more information, see Regions that require endpoint modification.
Valid prefixes
- Telemetry Ingestion:
dc - Live Metrics:
live - Profiler for .NET:
profiler - Snapshot:
snapshot
Connection string examples
Here are some examples of connection strings.
Connection string with an endpoint suffix
InstrumentationKey=00000000-0000-0000-0000-000000000000;EndpointSuffix=ai.contoso.com;
In this example, the connection string specifies the endpoint suffix and the SDK constructs service endpoints:
- Authorization scheme defaults to "ikey"
- Instrumentation key: 00000000-0000-0000-0000-000000000000
- The regional service Uniform Resource Identifiers (URIs) are based on the provided endpoint suffix:
- Ingestion:
https://dc.ai.contoso.com - Live Metrics:
https://live.ai.contoso.com - Profiler for .NET:
https://profiler.ai.contoso.com - Debugger:
https://snapshot.ai.contoso.com
- Ingestion:
Connection string with explicit endpoint overrides
InstrumentationKey=00000000-0000-0000-0000-000000000000;IngestionEndpoint=https://custom.com:111/;LiveEndpoint=https://custom.com:222/;ProfilerEndpoint=https://custom.com:333/;SnapshotEndpoint=https://custom.com:444/;
In this example, the connection string specifies explicit overrides for every service. The SDK uses the exact endpoints provided without modification:
- Authorization scheme defaults to "ikey"
- Instrumentation key: 00000000-0000-0000-0000-000000000000
- The regional service URIs are based on the explicit override values:
- Ingestion:
https://custom.com:111/ - Live Metrics:
https://custom.com:222/ - Profiler for .NET:
https://custom.com:333/ - Debugger:
https://custom.com:444/
- Ingestion:
Connection string with an explicit region
InstrumentationKey=00000000-0000-0000-0000-000000000000;IngestionEndpoint=https://southcentralus.in.applicationinsights.azure.com/
In this example, the connection string specifies the South Central US region:
- Authorization scheme defaults to "ikey"
- Instrumentation key: 00000000-0000-0000-0000-000000000000
- The regional service URIs are based on the explicit override values:
- Ingestion:
https://southcentralus.in.applicationinsights.azure.com/
- Ingestion:
To list available regions, run the following command in the Azure CLI:
az account list-locations -o table
Set a connection string
All our OpenTelemetry offerings and the following SDK versions onwards support connection strings:
- .NET v2.12.0
- JavaScript v2.3.0
- NodeJS v1.5.0
- Python v1.0.0
- Java v3.1.1
You can set a connection string in code, by using an environment variable, or a configuration file.
Environment variable
Connection string: APPLICATIONINSIGHTS_CONNECTION_STRING
Code samples
| Language | Classic API | OpenTelemetry |
|---|---|---|
| ASP.NET Core | Application Insights SDK | AzMon OTel Distro |
| .NET Framework | Application Insights SDK | AzMon Exporter |
| Java | N/A | Java agent |
| JavaScript | JavaScript (Web) SDK Loader Script | N/A |
| Node.js | Application Insights SDK | AzMon OTel Distro |
| Python | OpenCensus Python SDK | AzMon OTel Distro |
Frequently asked questions
This section provides answers to common questions.
Do new Azure regions require the use of connection strings?
New Azure regions require the use of connection strings instead of instrumentation keys. Connection string identifies the resource that you want to associate with your telemetry data. It also allows you to modify the endpoints your resource uses as a destination for your telemetry. Copy the connection string and add it to your application's code or to an environment variable.
Should I use connection strings or instrumentation keys?
We recommend that you use connection strings instead of instrumentation keys.
When do I need to set the environment variable?
Set the APPLICATIONINSIGHTS_CONNECTION_STRING manually in all scenarios where the system doesn't provide it automatically. These scenarios include, but aren't limited to: local development and .NET Isolated Functions using ASP.NET Core integration. In these cases, the environment variable ensures the OpenTelemetry pipeline can send telemetry to Application Insights. For more information on configuring connection strings with an environment variable, see Configuring OpenTelemetry in Application Insights.
FAQ: How do I instrument a global web application to meet regional data compliance requirements?
To meet regional data compliance requirements, use regional Application Insights endpoints instead of the global endpoint. The global endpoint doesn't guarantee that data stays within a specific region. Regional endpoints help ensure that telemetry from users in regulated areas is sent only to data centers in those regions.
To configure your global web application for regional compliance:
- Create one Application Insights resource per region with strict compliance requirements, such as the European Union or the United States.
- Create another Application Insights resource for users in all other regions.
- Configure your application to send telemetry to the appropriate Application Insights resource based on each user’s region. Determine the region using signals like IP address, account metadata, or location settings.
- Connect all Application Insights resources to a Log Analytics workspace if you need a unified query experience across regions.
For example:
- Send data from Region A users to the Region A Application Insights resource using the Region A connection string.
- Send data from Region B users to the Region B Application Insights resource using the Region B connection string.
- Send all other user data to a general-purpose Application Insights resource using a different connection string.
Important
Using the global endpoint does not ensure regional compliance. To meet data residency requirements, always use region-specific endpoints and route telemetry based on the user’s region.
The following diagram shows an example setup for a global web application:
Next steps
Get started at runtime with:
- Azure Virtual Machine (VM) and Azure Virtual Machine Scale Sets IIS-hosted apps
- Internet Information Server (IIS) server
- Web Apps feature of Azure App Service
Get started at development time with: