Tags - An easy way to gain insight into your cloud resources
Published Sep 10 2019 04:41 AM 7,580 Views

Keeping your resources organized, whether in the cloud or on-premises, is a critical part of managing your environment. It allows for you to have control and visibility into your when multiple teams are working and doing their thing to get their jobs done. Without any type of organization, it makes enforcing standards, polices and maintaining control over the environment very difficult. There are different ways to help with organization in Azure, such as Management groups, Resource groups, Roles, Naming conventions and Tags. This blog post will focus on using tags to help you stay organized and gain visibility into your Azure environment. Once tagged you can easily query and analyze your resources and usage data to gain insights that can enable better cost management and allocation throughout your Azure environment.


What are Tags?


Tags are user-defined key/value pairs which can be placed directly on a resource or resource group. They can be added to resources and/or resource groups through the portal, PowerShell, Azure cli and ARM templates. Please note not all resources in Azure currently support tags so check this list , see Tag support for Azure resources, to determine if you can apply a tag on a particular resource type.


  • Azure currently supports up to 50 tags per resource and resource group and each tag name is limited to 512 characters and each tag value is limited to 256.
  • Azure Storage accounts, the tag name is limited to 128 characters, and the tag value is limited to 256 characters.
  • Each resource or resource group can have a maximum of 50 tag name/value pairs. Currently, storage accounts only support 15 tags, but that limit will be raised to 50 in a future release. If you need to apply more tags than the maximum allowed number, use a JSON string for the tag value. The JSON string can contain many values that are applied to a single tag name. A resource group can contain many resources that each have 50 tag name/value pairs.
  • Tags applied to the resource group are not inherited by the resources in that resource group.
  • Tags can't be applied to classic resources such as Cloud Services.
  • Tag names can't contain these characters: <, >, %, &, \, ?, /
  • Generalized VMs don't support tags.


How could I use tags in my Azure environment?

There are several ways you could implement a tagging system into your environment. The first use case that comes to mind is always billing resources but tagging is great from an operational procedures. Below are some examples:


  • Tags can used to group resources together for billing. You can tag resources such as VMs, runtime environment or even the whole resource group by cost center. Then the data can viewed/downloaded from Azure Account center.
  • Tagging resources can also help in monitoring to track down impacted resources. Monitoring systems could include tag data with alerts, giving you the ability to know exactly who is impacted.
  • Resources can be tagged by Creation type, such as migrated systems or systems native to azure. This method can help with categorizing which systems was "lift and Shift" vs being created in Azure natively.
  • Tags can be used identify Production, development and QA systems


How to apply tags

Tags can be applied to a resource through several ways.

Applying tags manually can cause some disorganization as well when you have multiple teams working all at once so using policy to enforce tags will help ensure consistency. There are several built in Azure Policies to enforce tags:


Azure policy to enforce and apply tag


Apply tag and its default value

Appends a specified tag name and value, if that tag is not provided. You specify the tag name and value to apply.

Billing Tags Policy Initiative

Requires specified tag values for cost center and product name. Uses built-in policies to apply and enforce required tags. You specify the required values for the tags.

Enforce tag and its value

Requires a specified tag name and value. You specify the tag name and value to enforce.

Enforce tag and its value on resource groups

Requires a tag and value on a resource group. You specify the required tag name and value.



How to query your tags

Now that you've applied you've tags you can look up and query your resources. You can filter you resources via tags through the "All Resources" view in the Azure Portal or through Azure Resource Graph.


An example:

Using Azure Resource Graph Explorer , if I want to know which VMs in my environment that have been migrated into Azure I would query for VMs that use the CreationType tag. When the query is completed you can pin your results to the dashboard. The following query is looking for VMs that are tagged migrated and grouped by Linux and Windows server.


Kusto query






where type == "microsoft.compute/virtualmachines" 
| extend OSType = iff(type == "microsoft.compute/virtualmachines", tostring(properties.storageProfile.osDisk.osType),tostring(properties.storageProfile.operatingSystemDisk.operatingSystem)) 
|where tags.Creationtype=~'migrated'
| summarize VMCount=count() by OSType
| order by VMCount desc
|extend ['Count (Virtual Machines)']=VMCount
| project OSType, ['Count (Virtual Machines)']






 Running the query in Azure Resource Graph Explorer:


Using the chart view of the query you can also pin to your dashboard.




As you can see from the sample above using tags helps you stay organized and gives you visibility into your Azure environment for better control and management. 

1 Comment
Version history
Last update:
‎Sep 12 2019 07:21 AM
Updated by: