Tag Compliance
Tag Compliance policies will track the adherence of custom sets of resources to custom tag key criteria.
Policies have a start date, and a set of filters to define the resources scope.
There are three types of policy:
Required tag checks that resources in scope have a specific tag key assigned.
Prohibited tag checks that resources in scope do not have a specific tag key assigned.
Tags correlation checks that resources with one key must also have a second.
The policy example below checks that load balancers in the Azure Dev pool have an owner tag key assigned:
Users will receive Email Notifications of tag policy breaches, and breaches will be called out on the Policy Violations tile of the Executive Dashboard.
The main Tag Compliance screen shows a list of existing policies and their compliance status.
Clicking on a policy opens the policy details screen, where you can inspect the violation history for the policy and switch to the Resources screen, pre-filtered to show the non-compliant resources:
Note that once a policy is configured, you can’t edit the criteria or filters, as this would break the validity of the violation history.