In a previous post, I talked about how my client had started using Azure for various departments and enterprise applications in their organization and how they needed a mechanism to sort out how the IT department would easily organize the Azure Resources by department and/or applications. They needed to do this for a few different reasons – their SDLC process, general organization and charge back to the business processes.
Using the tagging feature attached to Resource Groups allowed them to filter by application/department but in order for some governance around all the new resources that will be created, there needed to be a mechanism to ensure all Azure Portal Admins require specific tags to be added to all Resource Groups.
A very useful feature in the Azure Portal is the ability to assign resource policies to Resource Groups and Subscriptions. One of the pre-canned policies is the “Enforce tag and its value” policy:
Right now, the number of policies are fairly skim, but I’m sure Microsoft will add more as the use cases arise.
By adding this policy, I can now force all Resources to be tagged with a certain department or application each time a resource is added to that group.
For more information and a guide on how to add policies to your resources, refer to this article on using the Azure portal to assign and manage resource policies.