Back to projects

Azure Resource Tagging Automation & Governance

Built an automated Azure tagging solution to standardise required tags, improve cost reporting, and remove the need for manual clean-up across subscriptions.

Impact

Standardised Azure resource tagging across multiple subscriptions.
Improved cost reporting quality and ownership visibility.

Tagging across subscriptions wasn't consistent, which made cost reporting and ownership tracking messy and unreliable.

  • Tags were missing, inconsistent, or applied differently across projects.
  • Cost reporting (Power BI) was unreliable because metadata wasn't consistent.
  • Manual tagging didn't scale and was easy to get wrong.
  • Define and enforce a consistent set of required business and technical tags.
  • Automate tag application/updates so teams don't have to manage it manually.
  • Improve cost visibility and ownership tracking.
  • Include a safe validation mode before applying changes.
  • Central configuration file defining required tags.
  • PowerShell automation to evaluate and apply tags consistently.
  • Azure DevOps pipeline execution using service connections.
  • Resource group discovery based on agreed naming conventions.
  • Dry-run mode to preview tag changes before applying them.
  • Overwrites non-compliant tags where required (based on the config rules).
  • Rolled out in stages (starting with development subscriptions).
Automation over manual remediation
Needs careful testing, but gives consistent results and scales across subscriptions.
Config-driven approach for tag rules
Stricter rules, but far better consistency for reporting and ownership tracking.
  • Runs via Azure DevOps service connections with scoped permissions.
  • No credentials embedded in scripts.
  • Dry-run used to validate impact before enforcement.
  • The script can be run multiple times without causing issues or duplicate changes.
  • Predictable behaviour across subscriptions and projects.
  • Standardised tagging across multiple Azure subscriptions.
  • Improved cost tracking and reporting accuracy in Power BI.
  • Removed the need for engineers to manually manage and fix resource tags.
  • Use Azure Policy to stop non-compliant resources being created.
  • Extend tagging to include any extra security or ownership details we actually need.
  • Add scheduled reports to track tagging and compliance over time.