Create an Azure Policy to Enforce Resource Tags

In my other blog post, I discussed how to add tags to existing Azure resources using Powershell. You can add a tag to a resource after it has been provisioned. Nevertheless, it’s considered a best practice to set resource tags during resource creation.

You can achieve this by creating policies in Azure and applying them to the root management group that contains your subscription. Azure Policy helps maintain organizational standards by assessing resources and comparing them to policy definitions.

Below is a step-by-step process on how to create an Azure Policy for enforcing resource tags.

Create an Azure Policy

  • Login on the Azure portal.
  • Search for Policy on the Azure Portal and Click on it to proceed.
Create an Azure Policy
Create an Azure Policy
  • Click on Definitions to create a Policy Definition.
create Azure Policy to enforce resource tags
Create an Azure Policy
  • Search for Tag in the search box to find all Azure Policies with Tag Keyword and Click on “Require a tag on resources“.
create Azure Policy to enforce resource tags
Create an Azure Policy
  • Click on Duplicate definition to clone this policy definition and give it another name. Please note the Available Effects is Deny (this will deny the creation of the resource until it complies with this Azure Policy)
create Azure Policy to enforce resource tags
Create an Azure Policy
  • Provide a Name of the Policy and Select the Definition location to “root management group“. You can also apply it to the subscription level.
create Azure Policy to enforce resource tags
Create an Azure Policy
  • Return to the Policy Page -> Definitions and Search for the cloned policy.
create Azure Policy to enforce resource tags
Create an Azure Policy
  • Select ‘Assign‘ to specify the tag names that you want administrators/users to add during the creation of any resource under the root management group
create Azure Policy to enforce resource tags
Create an Azure Policy
  • Change the Assignment name or you can keep it the same. You can enable or disable the Policy enforcement. Click Next to Proceed.
create Azure Policy to enforce resource tags
Create an Azure Policy
  • On the Parameters page, input the tag name (e.g., ‘Application‘). This tag must be included with the resource; otherwise, the validation will fail, and the resource creation will not proceed.
create Azure Policy to enforce resource tags
Create an Azure Policy
  • Click Next
create Azure Policy to enforce resource tags
Create an Azure Policy
  • Click Create to Create the Assignment.
create Azure Policy to enforce resource tags
Create an Azure Policy
  • You can check the assignment by clicking on the Assignments tab in the Policy Definition.
create Azure Policy to enforce resource tags
Create an Azure Policy
  • You can repeat the process to add additional Tags which you want to make sure are included when a resource is created in that subscription.
create Azure Policy to enforce resource tags
Create an Azure Policy

Leave a Comment