← Back to Projects
Azure Resource Tagging Automation & Governance

Azure Resource Tagging Automation & Governance

Built an automated Azure tagging solution to standardise required tags, improve cost reporting, and remove the need for manual clean-up across subscriptions.

DevOps Engineer2025 · ~1-2 monthsInternalAzurePowerShellDevOpsGovernanceAutomation

Tagging across subscriptions wasn't consistent, which made cost reporting and ownership tracking messy and unreliable.

  • Tags were missing, inconsistent, or applied differently across projects.
  • Cost reporting (Power BI) was unreliable because metadata wasn't consistent.
  • Manual tagging didn't scale and was easy to get wrong.
  • Define and enforce a consistent set of required business and technical tags.
  • Automate tag application/updates so teams don't have to manage it manually.
  • Improve cost visibility and ownership tracking.
  • Include a safe validation mode before applying changes.
  • Standardised Azure resource tagging across multiple subscriptions.
  • Improved cost reporting quality and ownership visibility.
Azure Resource Tagging Automation & Governance architecture diagram
  • Central configuration file defining required tags.
  • PowerShell automation to evaluate and apply tags consistently.
  • Azure DevOps pipeline execution using service connections.
  • Resource group discovery based on agreed naming conventions.
Azure Resource Tagging Automation & Governance pipeline flow
  • Dry-run mode to preview tag changes before applying them.
  • Overwrites non-compliant tags where required (based on the config rules).
  • Rolled out in stages (starting with development subscriptions).
Automation over manual remediation
Needs careful testing, but gives consistent results and scales across subscriptions.
Config-driven approach for tag rules
Stricter rules, but far better consistency for reporting and ownership tracking.
  • Runs via Azure DevOps service connections with scoped permissions.
  • No credentials embedded in scripts.
  • Dry-run used to validate impact before enforcement.
  • The script can be run multiple times without causing issues or duplicate changes.
  • Predictable behaviour across subscriptions and projects.
  • Standardised tagging across multiple Azure subscriptions.
  • Improved cost tracking and reporting accuracy in Power BI.
  • Removed the need for engineers to manually manage and fix resource tags.
  • Use Azure Policy to stop non-compliant resources being created.
  • Extend tagging to include any extra security or ownership details we actually need.
  • Add scheduled reports to track tagging and compliance over time.