|As we discussed management of azure resource tags using GUI and PowerShell in this post , we have updated the resource tags on existing resources. However, its a best practice to update the resource tags at the time of resource creation. You can create policies in azure and apply it to the root management group which contains the subscription. Azure Policy enforces organization standards by evaluating resources and comparing to the policy definitions. Please find below screenshots which shows step by step how to create Azure Policy to enforce resource tags.|
- Search for Policy on Azure Portal and Click on it to proceed
- Click on Definitions to create Policy Definition
- Search for Tag in the search box to find all Azure Policies with Tag Keyword and Click on “Require a tag on resources”
- Click on Duplicate definition to clone this policy definition and give it another name. Please note the Available Effects is Deny (this will deny the creation of the resource until it complies with this Azure Policy)
- Change the name of the Policy as per requirement and Select the Definition location to “root management group”. You can also apply it as subscription level.
- Go back to Policy Page -> Definitions and Search for cloned policy as shown in screenshot.
- Click on Assign to provide the tag names which you want administrators / users to add while creation of any resource under the root management group.
- Change the Assignment name or you can keep it the same. You can enable or disable the Policy enforcement. Click Next to Proceed.
On the Parameters page, provide the tag name (e.g. Application). This tag needs to be added to resource, otherwise the validation will fail and resource cannot be created.
- Click Next
- Click Create to Create the Assignment
- You can check the assignment by clicking on Assignments tab in the Policy Definition
- Create more Assignments as per the requirement. For example, I want the resources to have Environment and Department Tags as well apart from Application.