Contact Us
Contact Us
Home Knowledge Base Why You Should Use Azure Resource Tags and Best Practices

Why You Should Use Azure Resource Tags and Best Practices

Elliott Leighton-Woodruff, Principle Architecture at Synextra
Article by:
Elliott Leighton-Woodruff
Principal Architect
image of Azure resource tags

The case for Azure resource tags

How often have your organisation struggled to articulate cost, manage governance or group resources in Azure?

For some organisations tagging is the norm, with every resource tagged to provide anyone additional information about what the resource is, who its for and why its needed. For others they’ve not even started, these businesses will rely on documentation and in team knowledge to identify services and manual work to group things like costs together.

Tagging Azure resources isn’t just a cosmetic feature, if used correctly it can be useful not only for information to the IT Admins but beyond that it can be used to track costs and even effect Azure Policy…

Tagging is hugely important for a well-oiled well architected platform and at scale is sometimes vital to operations. So if tagging is so good, why are so many failing to do it properly?

Real world benefits

Like I’ve mentioned tagging in Azure has power, you might not need it all today but 3-months in you get asked for a report with 15mins notice and boom, easy next please… Here’s some of the ways in which tagging improves cost management, governance & compliance, automation and security and access control:

Cost Management & Visibility

Understanding your cloud spend can be tricky, even with the advent of native solutions like cost analysis, in most businesses exec or budget holders need to understand what each service or department is costing the business rather than just the monthly payment. Sure you could split everything into separate subscriptions but for me I use subscriptions as a demarcation of responsibility and access rather than a cost centre, I don’t want a subscription with just 2 VM’s a vNet and a single function app, do you?

Tagging resources with tags like CostCenter, Project, Service and Owner allow your FinOps or finance teams to understand costs by department, application, or team making it easier to allocation budget and prevent overruns.

🙋 Example: Tagging all resources for with ‘Service’ = ‘My Fancy Service’ lets you quickly realise all cloud expenses relating to a service rather than individual components in Azure Cost Management.

azure naming conventions with a folder behind it
Azure Naming Conventions: Find Cloud Resources in Seconds

“test-vm-final-FINAL-v3” isn’t helping anyone. Azure naming conventions keep things clear, fast, and sane—especially when things break.

Synextra

Governance & Compliance

Organisations need clear ownership and accountability over their cloud resources, no one knows this better than those in heavily regulated industries but don’t let regulation be the requirement, learn from those that put in the hard work with the auditors! A well defined tagging structure will help you:

  • Resource tracking → Know who owns what and why it exists.
  • Lifecycle management → Apply tags like ‘ExpirationDate‘ or ‘CreatedBy‘ to prevent orphaned resources.
  • Compliance audits → Easily filter and report on tagged resources to meet security and governance standards.

🙋 Example: Enforcing Environment = Prod/Test/Dev tags helps prevent accidental deployments of sensitive workloads in non-compliant environments.

Automation & Operations

Manually managing your infrastructure was fine when you had 5 VM’s, some storage accounts and a webapp but now you’ve got 5,000 people in the business to support and hundreds of resources in Azure with a team of 15 and drowning doing it all by hand 🤽

Tags allow teams to automate actions based on conditions ensuring standardisation and repeatability with hands off management.

  • Power management → Power off VM’s at night using logic/function or policy by targeting resources with ‘AutoShutdown’ = ‘True’
  • Apply backup policies → Automate backup policy assignment for mission critical workloads with ‘BackupPolicy’ = ‘Daily’ or ‘Criticality’ = ‘Tier1’

🙋 Example: Logic App workflow can aged resources based on an ExpirationDate tag, ensuring cost control and clean-up of stale workloads.

Security & Access Control

Tags can also play a key role in bolstering security and enforcing policies:

  • Enhanced Security → Highlight services that require enhanced levels of security or even deploy extensions or azure policy to workloads with ‘SecurityLevel’ = ‘High’
  • Secure resources → Dynamically apply RBAC to resources based on tags using ‘DataSensitivity’ = ‘Confidential’ (Think about how you could use Deny RBAC here to be very clever)
  • Classify data → Tag resource with data classification like ‘DataClassification’ = ‘PII’ to help people understand the importance and sensitivity of what they are working on.

🙋 Example: Azure Policy could block public IP addresses for any resource where ‘SecurityLevel’ = ‘High’.

Why do people skip tagging in Azure?

I’ve sold you on tags already, its ok I can tell it can be our secret. But why do people skip tags? If they are so great everyone would be using them.

The common responses I’ve heard are:

  • “We’ll do it later” → Until costs get out of control or resources are hard to find.
  • “It’s too much effort” → With Azure Policy, tagging can be automated.
  • “We don’t have a standard” → Then let’s create one! Define required tags for your org.

Want some quick ideas on creating a standard? Microsoft have provided just the thing.

Azure resource tags best practices

I’m going to keep it really simple, get the buy-in first explain the benefits with your tech lead and get it in. The sooner the better. Here are some best practices to start tagging resources in Azure.

  • Define a tagging strategy → What tags should every resource have? (Owner, CostCenter, Environment, etc.)
  • Get it documented → Get this detailed somewhere, anywhere and get it out to everyone
  • Enforce tagging with Azure Policy → Block untagged resources or have it inherit tags from the resource group, this might make you unpopular at first but they’ll get over it.
  • Use automation → If you’ve got a legacy estate, use tools like PowerShell, Terraform, or Bicep to create and apply tags at scale.
  • Make it easy → You’ve got the strategy, the docs and the automation so you’re already there just don’t make it a complicated process. If it becomes too complicated no one will keep it up.

💡 Final Thoughts: Are You Doing It Right?

Now hopefully I’ve helped explain the importance of tagging Azure resources, hopefully now you will be able to pick out what matters to your business and where you can see the value. Tags are only an added value, you just have to find the right way that they’ll work for you.

Make sure you do this ahead of time, don’t wait until you need to roll something out or get a report done for the next meeting.

Subscribe to our newsletter

Stay ahead of the curve with the latest trends, tips, and insights in cloud computing

Articles you may like
Blog
Synextra
10 Azure Security Best Practices You Need to Know

But first: the shared responsibility model 

Microsoft manages You…

Blog
Synextra
Automated Disaster Recovery: The Ultimate Guide

If your DR plan hinges on crossed fingers, it’s time to rethink it. Automated disaster recovery…

Blog
Synextra
 The Complete Guide to Compliance in Azure 

With compliance in Azure, you get built-in controls and certifications that simplify audits and…

Popular Articles
thank you for contacting us image
Thanks, we'll be in touch.
Go back
By sending this message you agree to our terms and conditions.