Connection strings in Application Insights

Connection strings specify which Application Insights resource your instrumented application should send telemetry data to. A connection string is composed of multiple settings, each represented as a key-value pair and separated by semicolons. This consolidated configuration method simplifies the setup process by eliminating the need for multiple proxy settings.

Connection string capabilities

• Reliability: Connection strings make telemetry ingestion more reliable by removing dependencies on global ingestion endpoints.
• Security: Connection strings allow authenticated telemetry ingestion by using Microsoft Entra authentication for Application Insights.
• Customized endpoints (sovereign or hybrid cloud environments): Endpoint settings allow sending data to a specific Azure Government region. (See examples.)
• Privacy (regional endpoints): Connection strings ease privacy concerns by sending data to regional endpoints, ensuring data doesn't leave a geographic region.

Find your connection string

You can find your connection string in the Overview section of your Application Insights resource.

Schema

The following sections explain the schema elements.

Max length

The connection supports up to 4,096 characters.

Key-value pairs

A connection string consists of a list of settings represented as key-value pairs separated by a semicolon: key1=value1;key2=value2;key3=value3

Syntax

• InstrumentationKey (for example, 00000000-0000-0000-0000-000000000000). InstrumentationKey is a required field.

• Authorization (for example, ikey). This setting is optional because today the SDK only supports ikey authorization.

• EndpointSuffix (for example, applicationinsights.azure.cn). Setting the endpoint suffix tells the SDK which Azure cloud to connect to. The SDK assembles the rest of the endpoint for individual services.

• Explicit endpoints. You can explicitly override any service in the connection string:

  • IngestionEndpoint (for example, https://dc.applicationinsights.azure.com)
  • LiveEndpoint (for example, https://live.applicationinsights.azure.com)
  • ProfilerEndpoint (for example, https://profiler.monitor.azure.com)
  • SnapshotEndpoint (for example, https://snapshot.monitor.azure.com)

Endpoint schema

<prefix>.<suffix>

• Prefix: Defines a service.
• Suffix: Defines the common domain name.

Valid suffixes

• applicationinsights.azure.cn
• applicationinsights.us

For more information, see Regions that require endpoint modification.

Valid prefixes

• Telemetry Ingestion: dc
• Live Metrics: live
• Profiler for .NET: profiler
• Snapshot: snapshot

Connection string examples

Here are some examples of connection strings.

Connection string with an endpoint suffix

InstrumentationKey=00000000-0000-0000-0000-000000000000;EndpointSuffix=ai.contoso.com;

In this example, the connection string specifies the endpoint suffix and the SDK constructs service endpoints:

• Authorization scheme defaults to "ikey"
• Instrumentation key: 00000000-0000-0000-0000-000000000000
• The regional service Uniform Resource Identifiers (URIs) are based on the provided endpoint suffix:
  • Ingestion: https://dc.ai.contoso.com
  • Live Metrics: https://live.ai.contoso.com
  • Profiler for .NET: https://profiler.ai.contoso.com
  • Debugger: https://snapshot.ai.contoso.com

Connection string with explicit endpoint overrides

InstrumentationKey=00000000-0000-0000-0000-000000000000;IngestionEndpoint=https://custom.com:111/;LiveEndpoint=https://custom.com:222/;ProfilerEndpoint=https://custom.com:333/;SnapshotEndpoint=https://custom.com:444/;

In this example, the connection string specifies explicit overrides for every service. The SDK uses the exact endpoints provided without modification:

• Authorization scheme defaults to "ikey"
• Instrumentation key: 00000000-0000-0000-0000-000000000000
• The regional service URIs are based on the explicit override values:
  • Ingestion: https://custom.com:111/
  • Live Metrics: https://custom.com:222/
  • Profiler for .NET: https://custom.com:333/
  • Debugger: https://custom.com:444/

Connection string with an explicit region

InstrumentationKey=00000000-0000-0000-0000-000000000000;IngestionEndpoint=https://southcentralus.in.applicationinsights.azure.com/

In this example, the connection string specifies the South Central US region:

• Authorization scheme defaults to "ikey"
• Instrumentation key: 00000000-0000-0000-0000-000000000000
• The regional service URIs are based on the explicit override values:
  • Ingestion: https://southcentralus.in.applicationinsights.azure.com/

To list available regions, run the following command in the Azure CLI:

az account list-locations -o table

Set a connection string

To learn about setting a connection string, see OpenTelemetry Configuration and Microsoft Entra authentication for Application Insights.

Authenticated browser telemetry using connection strings

When organizations disable local authentication on Application Insights to enforce Microsoft Entra ID, the JavaScript SDK can't authenticate directly for browser-based telemetry, and telemetry might stop flowing.

A practical pattern is to route browser telemetry through Azure API Management (APIM), which:

• Authenticates to Application Insights by using a managed identity.
• Forwards requests to the regional ingestion endpoint on your behalf.

With this setup, your connection string continues to identify the destination Application Insights resource, but the IngestionEndpoint points to your APIM proxy URL.

For end-to-end guidance, including CORS and APIM policies, see: Using Azure API Management as a proxy for Application Insights Telemetry.

Next steps

To review frequently asked questions (FAQ), see:

• Connection strings in Application Insights FAQ

Get started at runtime with:

• Azure Virtual Machine (VM) and Azure Virtual Machine Scale Sets IIS-hosted apps
• Internet Information Server (IIS) server
• Web Apps feature of Azure App Service

Get started at development time with:

• .NET
• Java
• Node.js