Hi there

At this article – Part2 I’ll show you how to create and manage policies to enforce compliance on Azure Resources and Azure Resource Groups guaranteeing to your Azure Deployment some standardization for filtering and costs management as well.

The basics of resource tagging in Azure

Tags allow you to organize resources and resource groups by assigning them a name:value pair such as CostCenter:IT.

That’s really useful when it comes to things like

• Access control and compliance: allows you to keep track of who can access what, where protecting sensitive data.
• Automation: apply bulk actions to related resources automatically, e.g. “shut down all VMs with the tag Environment:Uat overnight” or “in resource-group-uat or  delete resources that have been inactive for 180 days”
• Cost management: most tags assigned to resources are included in your detailed usage data exported as graph or CSV. At the Cost Management Portal / Blade that lets you filter resources according to a common project, customer, department, line of business, etc., facilitating reporting and identifying which department is responsible for which cost.

You can assign policies on the Azure Portal, on PowerShell, on Azure CLI and using templates as you prefer.

• Assign a policy – Portal
• Assign a policy – PowerShell
• Assign a policy – Azure CLI
• Assign a policy – template

Tip! – Have a look at the RBAC and Azure policy section here.

First of all Create an Empty Resource Group on Azure to assign policies to it from the beginning.

Log on Azure Portal https://portal.azure.com
Go to Home and select Resource groups
click on “+” to Add a new Resource group

Follow the wizard to create a new Resource group
Subscription:
Resource group Name: (can’t be blank)
Resource details (region): select the closes region that fit your needs (Canada Central)
select “review+create” box and wait to be completed then you can go to the new resource group created

Now you can start to define your tags and policy standards such as

• the Demo resource group will have the following tags
  • environment: demo
  • owner: Thiago B.
  • costcenter: IT
• the following policies will be applied to your subscription at Demo resource group only
  • Assign a policy to enforce a condition for resources you create in the future (inherited from Demo resource group only)
  • Create and assign an initiative definition to track compliance for multiple resources
  • Resolve a non-compliant or denied resource

Screenshots

Go to Azure Resource Groups

Click “+ Add”

Follow the Wizard “Create a resouce group”, give it a name and select the region (Location) and click on “Review + create”

Check the Validation step and click “Create”

Wait for the task to be completed and click at “Go to resource group”

You’re now at the Demo Resource Group

• check the subscription name and id
• check the tags field
• check the deployments field

Creating the Tags

go to Demo resource group and select the blade TAGS on left

add the TAGs Name and Values accordingly and click SAVE (use tab to navigate between the Tags fields)

– Name: environment, Value: demo
– Name: owner, Value: Thiago B.
– Name: costcenter, Value: IT

check if the Tags were added successfuly

Pending – Policy to enforce those tags to be inherited by all Resources withing this Resource Group

Next Article – Azure Policy – Part3 (tags)

References

thanks,

Thiago Beier