Azure Policy to force newly created resources to have a tag RRS feed

  • Question

  • Hello All,

    I need some help creating a JSON template for an Azure policy to do the following:

    1. Force multiple tags on newly created resources.

    2. Set static tag names, but have the tag values available for manual entry.

    One of the built-in templates does something close, but not quite. Any help is appreciated. 

    Friday, May 29, 2020 4:53 PM

All replies

  • I think you are looking for this - https://docs.microsoft.com/en-us/azure/governance/policy/samples/pattern-tags#sample-1-parameterize-tagsbut with the tagName parameter being a fixed value.

    For more than one tag, you can add more parameters for the value, add it to the if clause, and then add additional operations. then.details.operations is an array, so it can do a number of operations, not just one.

    Hope that helps!

    If this answer was helpful, click “Mark as Answer” and Up-Vote. Feel free to reach out to us if you've any further questions in this matter.

    Friday, May 29, 2020 7:28 PM
  • That link shows how to do it for RGs, but I see that resources are similar. I tried it out but is still not showing a default tag name when creating the resource. Is that even possible to do or does one have to enter the tag name manually and it should match the policy definition?
    Monday, June 1, 2020 9:34 PM
  • There used to be a Built-In policy definition called "Require specified tag" and it no longer is there in the Portal and I cant find the JSON code for it anywhere. This would work perfect for what I need.
    Tuesday, June 2, 2020 2:47 PM
  • The original "Require specified tag" built-in was removed because it used the append effect.  Now that modify effect is the preferred way to add tags, the sample you are looking for may be this one: https://github.com/Azure/azure-policy/blob/master/samples/Tags/add-replace-tag/azurepolicy.json

    Note that the definition doesn't have a type component in the policyRule.if, so as written would apply the tag and value to all resources that support tags (since mode is "Indexed").  It's more or less the same definition previously provided in this thread, but without the type check for a Resource Group. Hope that is what you were looking for!

    David Coulter

    Tuesday, June 2, 2020 5:36 PM