Azure Tagging Strategy — Part 1: Assess

Introduction

I was recently tasked with assisting to design and implement a Tagging Policy to be used in our Azure environment. There is no existing policy and the stakeholders of each subscription have been allowed to follow their own individual rules on what resources get tagged (if they get tagged at all).

My thought process is to approach this in 4 steps:

Assess, Assign, Implement and Monitor

In the first step of implementing an Azure Tagging Strategy, I want to get an understanding of how tags are currently being used in the environment to help identify any inconsistencies or gaps in the tagging process. This helps to define the purpose and scope of the tagging strategy and develop a plan for moving forward.

Methodology:

I am going to have to use a PowerShell Script to retrieve the information I am looking for as the Tags blade of the Azure Portal has no way of (1) exporting the information to a csv and (2) including the Subscription name and ID in context of the tag in the export.

Process

I created a PowerShell script that does the following:

1. Connects to an Azure account
2. Gets all the subscriptions in the Azure account
3. Loops through each subscription and processes its resources
4. For each Subscription, gets all resources in that subscription
5. Loops through each resource and checks if it has any tags
6. If the resource has tags, loops through each tag and add it in a variable to be exported to a csv
7. The script will determine if the tag name and value has already been outputted for the current subscription, this ensures I only get a unique list of tags per subscription
8. Exports a list of Tag Names, Tag Values, Subscription name and ID to a csv file

The script can found here.

When I executed this PowerShell script in my environment, I noticed some of the rows on the csv file had extra columns:

This is because a tag value with a comma was being used:

So I added a section to check if the Tag Value contained a comma and if so, exported it in quotes.

Conclusion:

With this information, I can now work together with my team and the business to determine what is needed to move forward. Specifically we are going to decide what tags are mandatory and on what resources.

I will update the section below with links to each step of the process as they are published if you are interesting in following along:

1. Assess
2. Assign
3. Implement
4. Monitor