Add 12 azure tags without values to all resources in all subscriptions

Wade_Adapt 71 Reputation points
2022-11-28T20:13:04.637+00:00

How do I add 12 Azure Tags with NO value for each tag to all resources in all subscriptions all the way down to each resource object level (i.e. VM's, NSG's, etc.) using powershell or policies. I'm not a guru when it comes to automation and I don't want to set policy after policy after policy. One big custom policy would be ideal but I can't figure out the code.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
830 questions
0 comments No comments
{count} votes

Accepted answer
  1. AnuragSingh-MSFT 21,246 Reputation points
    2022-11-30T08:04:49.057+00:00

    Hi @Wade_Adapt ,

    I see that you are looking for a policy to update all the resources in subscriptions with 12 empty tagNames. Azure Policy with 'Modify' effect will be a good solution for this use case. There are 2 inbuilt policies available in Azure Portal which can be edited to meet the requirement here. These policies are Add a tag to resources and Add a tag to resource groups.

    The following are high level steps to edit these inbuilt policies from portal, assign them and create remediation task. For this sample, I have used Add a tag to resource groups inbuilt policy and similar steps can be used to edit the other policy as well.

    1. In Azure Portal --> Azure Policy, select Definitions

    2. Search for "Add a tag to resource groups", select it and click on "Duplicate definition" as shown below:
    265632-image.png

    3. Select "Definition location". If you have an Azure Management Group with multiple subscriptions in it, you can select the location as "Management group". This would help you assign this policy to multiple subscriptions OR apply to all subscriptions in the Management Group. Alternatively, you can choose to save it in a particular subscription instead.
    265579-image.png

    4. Update the Policy Rule. This policy is scoped to apply tagName and value to Resource group. The updated policy is attached with this reply, and the image below highlights the edited sections (In this example, I have added 3 tags with empty value. You can scale it to 12 parameters and with required tagNames):
    265509-image.png

    5. Click on Save --> Click on "Assign"

    6. Select Scope, which could be the Management Group or a subscription that you choose, click Next

    7. Provide tagNames. Note that tagValue is not asked here, as it is required to be empty.

    8. On "Remediation", select "Create a remediation task". This is to add tags on existing resources based on this policy. By default, the policy only adds tags to new/updated Resource groups and shwos the existing ones as non-compliant. Remediation helps to modify existing non-compliant resources based on a policy. You can see this link for details on remediation in Azure Policy. If you do not see the option to select "Create a remediation task", you might have selected the scope of assignment as "Management Group". In this case, you will have to create remediation task later, once the policy is assigned. Please see this link for details.
    265607-image.png

    9. Next --> Next --> Create

    In about 30 minutes, the assignment takes into effect and remediation task, if created, would apply tags to all the Resource Groups.
    The steps above can also be replicated to duplicate and edit Azure Policy Add a tag to resources, to add tags on all resources.

    Please let me know if you have any questions.

    ---
    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.


1 additional answer

Sort by: Most helpful
  1. Wade_Adapt 71 Reputation points
    2022-12-05T20:37:02.193+00:00

    @AnuragSingh-MSFT I get the following error when saving this to Azure Policy:

    Failed to parse policy rule: 'Error reading JObject from JsonReader. Current JsonReader item is not an object: StartArray. Path 'allOf[0]'.

    {
    "mode": "Indexed",
    "policyRule": {
    "if": {
    "allOf": [
    [
    {
    "field": "type",
    "notequals": "Microsoft.Resources/subscriptions/resourceGroups"
    },
    {
    "field": "[concat('tags[', parameters('tagName1'), ']')]",
    "exists": "false"
    },
    {
    "field": "[concat('tags[', parameters('tagName2'), ']')]",
    "exists": "false"
    },
    {
    "field": "[concat('tags[', parameters('tagName3'), ']')]",
    "exists": "false"
    },
    {
    "field": "[concat('tags[', parameters('tagName4'), ']')]",
    "exists": "false"
    },
    {
    "field": "[concat('tags[', parameters('tagName5'), ']')]",
    "exists": "false"
    },
    {
    "field": "[concat('tags[', parameters('tagName6'), ']')]",
    "exists": "false"
    },
    {
    "field": "[concat('tags[', parameters('tagName7'), ']')]",
    "exists": "false"
    },
    {
    "field": "[concat('tags[', parameters('tagName8'), ']')]",
    "exists": "false"
    },
    {
    "field": "[concat('tags[', parameters('tagName9'), ']')]",
    "exists": "false"
    },
    {
    "field": "[concat('tags[', parameters('tagName10'), ']')]",
    "exists": "false"
    },
    {
    "field": "[concat('tags[', parameters('tagName11'), ']')]",
    "exists": "false"
    },
    {
    "field": "[concat('tags[', parameters('tagName12'), ']')]",
    "exists": "false
    }
    ]
    ]
    },
    "then": {
    "effect": "modify",
    "details": {
    "roleDefinitionIds": [
    "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
    ],
    "operations": [
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName1'), ']')]",
    "value": ""
    },
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName2'), ']')]",
    "value": ""
    },
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName3'), ']')]",
    "value": ""
    },
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName4'), ']')]",
    "value": ""
    },
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName5'), ']')]",
    "value": ""
    },
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName6'), ']')]",
    "value": ""
    },
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName7'), ']')]",
    "value": ""
    },
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName8'), ']')]",
    "value": ""
    },
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName9'), ']')]",
    "value": ""
    },
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName10'), ']')]",
    "value": ""
    },
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName11'), ']')]",
    "value": ""
    },
    {
    "operation": "add",
    "field": "[concat('tags[', parameters('tagName12'), ']')]",
    "value": ""
    }
    ]
    }
    }
    },
    "parameters": {
    "tagName1": {
    "type": "String",
    "metadata": {
    "displayName": "tagName1",
    "description": "Name of the tag, such as 'environment'"
    }
    },
    "tagName2": {
    "type": "String",
    "metadata": {
    "displayName": "tagName2",
    "description": "Name of the tag, such as 'environment'"
    }
    },
    "tagName3": {
    "type": "String",
    "metadata": {
    "displayName": "tagName3",
    "description": "Name of the tag, such as 'environment'"
    }
    },
    "tagName4": {
    "type": "String",
    "metadata": {
    "displayName": "tagName4",
    "description": "Name of the tag, such as 'environment'"
    }
    },
    "tagName5": {
    "type": "String",
    "metadata": {
    "displayName": "tagName5",
    "description": "Name of the tag, such as 'environment'"
    }
    },
    "tagName6": {
    "type": "String",
    "metadata": {
    "displayName": "tagName6",
    "description": "Name of the tag, such as 'environment'"
    }
    },
    "tagName7": {
    "type": "String",
    "metadata": {
    "displayName": "tagName7",
    "description": "Name of the tag, such as 'environment'"
    }
    },
    "tagName8": {
    "type": "String",
    "metadata": {
    "displayName": "tagName8",
    "description": "Name of the tag, such as 'environment'"
    }
    },
    "tagName9": {
    "type": "String",
    "metadata": {
    "displayName": "tagName9",
    "description": "Name of the tag, such as 'environment'"
    }
    },
    "tagName10": {
    "type": "String",
    "metadata": {
    "displayName": "tagName10",
    "description": "Name of the tag, such as 'environment'"
    }
    },
    "tagName11": {
    "type": "String",
    "metadata": {
    "displayName": "tagName11",
    "description": "Name of the tag, such as 'environment'"
    }
    },
    "tagName12": {
    "type": "String",
    "metadata": {
    "displayName": "tagName12",
    "description": "Name of the tag, such as 'environment'"
    }
    }
    }
    }