Do you want to require a tag on every Azure Resource in your environment using Azure Policy? Example could be cost center, application, environment, etc. This is pretty easy, but is somewhat un-intuitive in the Azure interface.

First, step, use the Azure Policy Interface and select “Definitions”

The next step is to find the default policy for requiring a tag on resources:

You can either “duplicate the definition” if you want to customize it (such as require multiple tags in the same policy rule), or you can keep it simple and assign the existing policy. That’s what we’re going to do. Assign the existing policy, since we are going to apply a tag one at a time.

You’ll need to select a subscription or management group, then name your assignment. In this case I’m naming it “Require a tag on resources – Business Unit”, indicating the Business Unit of the resource.

In order to deploy we also need to specify our tag name, which in this case is “Business-Unit”

Then, when all is completed, select “review and create”

Then, after deployment, you’ll see something like this, though note it takes up to 30 minutes for new policy changes to take affect in the environment, so check back often:

If you want to enhance this, you can make adjustments like the following:

• Require specific tag values
• Require multiple tags in one policy
• Use code to deploy the policies from a GitHub repo

Let’s start with getting this baseline in place and build on it!

Nathan Lasnoski