Azure Policy blocking resources with out Tag property

Prajith K 106 Reputation points
2022-08-02T14:24:13.38+00:00

Please i need your help on this issue.
Facing challenges in Azure Policy for tagging
I have applied a customised Json script for 'Require Tag and values on resource' policy in Subscription.
I was happy that ,It's denying all resource build and insisting for Tag. But here is the problem, it's also blocking the deployment of resources which do not have Tag property such as alert, resource health etc.

Tried Following Steps

  1. given Indexed mode still didn't help.
    all: evaluate resource groups, subscriptions, and all resource types
    indexed: only evaluate resource types that support tags and location
    Ref : https://learn.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure
  2. Microsoft has given following workaround, but I'm not really OK with that. MS engineer says this is the only option.

Excluding such resource type individually in json script. Which is not really practical. coz there are 100s of resource types. Inside each resource type there are resources there are tag supported and non-supported resources.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
932 questions
{count} votes

Accepted answer
  1. AnuragSingh-MSFT 21,386 Reputation points
    2022-08-11T10:17:01.337+00:00

    @Prajith K , Thank you again for bringing this issue related to "Resource health alert" to our attention. Here are some additional details that should help you:

    1. In Azure portal, for Alert rule being created from “Service Health” --> “Resource Health” --> “+ Add resource health alert”, the tags cannot be added as of now. However, our product group is working on it, and it should be available in the next few weeks.

    2. If you are planning to create "Resource Health Alert Rule" for a particular resource, you may use the Alert option available in that resource properties. For example, for a particular VM, it can be created using the Alerts options as shown below, where tags can be added:

    233373-image.png

    3. If you would like to enable it for a set of resources OR all the resources, you can use the ARM template deployment method, which supports tags. Please see this link for details and this link for a sample template.

    Please let me know if you have any questions. 2: https://learn.microsoft.com/en-us/azure/templates/microsoft.insights/activitylogalerts?pivots=deployment-language-arm-template


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.