How to create Azure Policy to enforce resource tags

As we discussed management of azure resource tags using GUI and PowerShell in this post , we have updated the resource tags on existing resources. However, its a best practice to update the resource tags at the time of resource creation. You can create policies in azure and apply it to the root management group which contains the subscription. Azure Policy enforces organization standards by evaluating resources and comparing to the policy definitions. Please find below screenshots which shows step by step how to create Azure Policy to enforce resource tags.
  • Search for Policy on Azure Portal and Click on it to proceed
create Azure Policy to enforce resource tags
  • Click on Definitions to create Policy Definition
create Azure Policy to enforce resource tags
  • Search for Tag in the search box to find all Azure Policies with Tag Keyword and Click on “Require a tag on resources”
create Azure Policy to enforce resource tags
  • Click on Duplicate definition to clone this policy definition and give it another name. Please note the Available Effects is Deny (this will deny the creation of the resource until it complies with this Azure Policy)
create Azure Policy to enforce resource tags
  • Change the name of the Policy as per requirement and Select the Definition location to “root management group”. You can also apply it as subscription level.
create Azure Policy to enforce resource tags
  • Go back to Policy Page -> Definitions and Search for cloned policy as shown in screenshot.
create Azure Policy to enforce resource tags
  • Click on Assign to provide the tag names which you want administrators / users to add while creation of any resource under the root management group.
create Azure Policy to enforce resource tags
  • Change the Assignment name or you can keep it the same. You can enable or disable the Policy enforcement. Click Next to Proceed.
create Azure Policy to enforce resource tags

On the Parameters page, provide the tag name (e.g. Application). This tag needs to be added to resource, otherwise the validation will fail and resource cannot be created.

create Azure Policy to enforce resource tags
  • Click Next
create Azure Policy to enforce resource tags
  • Click Create to Create the Assignment
create Azure Policy to enforce resource tags
  • You can check the assignment by clicking on Assignments tab in the Policy Definition
create Azure Policy to enforce resource tags
  • Create more Assignments as per the requirement. For example, I want the resources to have Environment and Department Tags as well apart from Application.
create Azure Policy to enforce resource tags