In my other blog post, I discussed how to add tags to existing Azure resources using Powershell. You can add a tag to a resource after it has been provisioned. Nevertheless, it’s considered a best practice to set resource tags during resource creation.
You can achieve this by creating policies in Azure and applying them to the root management group that contains your subscription. Azure Policy helps maintain organizational standards by assessing resources and comparing them to policy definitions.
Below is a step-by-step process on how to create an Azure Policy for enforcing resource tags.
Create an Azure Policy
- Login on the Azure portal.
- Search for Policy on the Azure Portal and Click on it to proceed.
- Click on Definitions to create a Policy Definition.
- Search for Tag in the search box to find all Azure Policies with Tag Keyword and Click on “Require a tag on resources“.
- Click on Duplicate definition to clone this policy definition and give it another name. Please note the Available Effects is Deny (this will deny the creation of the resource until it complies with this Azure Policy)
- Provide a Name of the Policy and Select the Definition location to “root management group“. You can also apply it to the subscription level.
- Return to the Policy Page -> Definitions and Search for the cloned policy.
- Select ‘Assign‘ to specify the tag names that you want administrators/users to add during the creation of any resource under the root management group
- Change the Assignment name or you can keep it the same. You can enable or disable the Policy enforcement. Click Next to Proceed.
- On the Parameters page, input the tag name (e.g., ‘Application‘). This tag must be included with the resource; otherwise, the validation will fail, and the resource creation will not proceed.
- Click Next
- Click Create to Create the Assignment.
- You can check the assignment by clicking on the Assignments tab in the Policy Definition.
- You can repeat the process to add additional Tags which you want to make sure are included when a resource is created in that subscription.