Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
A well-defined naming and tagging strategy forms the foundation of effective Azure cloud governance and security. These conventions enable you to maintain an inventory of Azure resources, track and allocate costs, and respond to incidents by quickly identifying affected resources. Define your naming and tagging strategy early to ensure consistency and clarity across your environment. This article provides recommendations for creating a naming convention. For tagging guidance, see Define a tagging strategy.
Why use a naming convention?
An Azure naming convention is a standardized format used to assign names to Azure resources. It ensures clarity, consistency, and adherence to Azure's naming rules, such as length requirements, valid characters, and scope uniqueness. A naming convention must be tailored to your specific needs, as no single naming convention meets the requirements of every environment.
Understand resource names in Azure
An Azure resource name is the identifier assigned to a specific instance of an Azure resource, such as a web app, database, or storage account. To establish a consistent naming convention, you need to understand how Azure works. Here's what you need to know:
Understand name permanence. Azure resource names can't be changed after creation. Include only information that remains constant in the name. Use tags to capture other details.
Understand Azure naming rules. There are naming rules for every Azure resource. Not all Azure resource names can follow the same patterns. Make sure you understand the limitations of the resource types you're working with. Azure names must follow three general principles:
- Names need to be unique within the scope of the Azure resource (varies by resource).
- Names need to meet length requirements (varies by resource).
- Names can only contain valid characters (varies by resource).
Understand Azure name scope. Azure resource names must be unique within their defined scope. Each resource type has a specific scope level that determines where the name must be unique. Understanding these scope levels ensures proper naming conventions and avoids conflicts.
Scope Description Example Global Unique across all of Azure. This scope applies to PaaS resources with public IP endpoints, as their names serve as the initial default public DNS name. For example, a web app named app-navigator-prod-001.azurewebsites.netmust be globally unique.Resource group Unique within the resource group. Resources in the same group can't share the same name, but identical names can exist in different resource groups. For example, a virtual network named vnet-prod-westus-001can exist in multiple resource groups, but only once within a single resource group.Resource Unique within the parent resource. Resources nested within another resource must have unique names to avoid conflicts. For example, subnets within a virtual network must have unique names to prevent segment overlap.
Choose naming components
When you construct your naming convention, identify the key pieces of information that you want to capture in a resource name. Different information is relevant for different resource types, and not all established naming components can be used for each resource type. Establish a standard naming convention for your environment that is easy to follow, concise, and useful for recognizing information that's relevant to the deployed resource. The following list provides examples of naming components that are useful when you construct resource names:
| Naming component | Description |
|---|---|
| Organization | Top-level name of the organization, normally utilized as the top management group or, in smaller organizations, part of the naming convention. Example: contoso |
| Business unit or department | Top-level division of your company that owns the subscription or the workload that the resource belongs to. In smaller organizations, this component might represent a single corporate, top-level organizational element. Examples: fin, mktg, product, it, corp |
| Resource type | An abbreviation that represents the type of Azure resource or asset. This component is often a prefix or suffix in the name. For more information, see Recommended abbreviations for Azure resource types. Examples: rg, vm |
| Workload, application, or project | Name of a workload, application, or project that the resource is a part of. Examples: navigator, emissions, sharepoint, hadoop |
| Environment | The stage of the development lifecycle for the workload that the resource supports. Examples: prod, dev, qa, stage, test |
| Region | The region or cloud provider where the resource is deployed. Examples: westus, eastus2, westeu, usva, ustx |
| Instance | The instance count for a specific resource, to differentiate it from other resources that have the same naming convention and naming components. Examples, 01, 001 |
Develop your naming convention
When you construct your naming convention, identify the key pieces of information that you want to reflect in a resource name. Different information is relevant for different resource types.
Standardize component order. In addition to defining the naming components, you must also consider the order in which the naming components are listed.
Choose to use a delimiter or not. To improve readability, use a hyphen
-to separate naming components. However, not every resource in Azure allows you to use a delimiter. If you need absolute consistency across all your Azure resource names, don't use a hyphen. For many customers, the benefits of using a delimiter outweigh some inconsistency in the naming convention.Use abbreviations. Use Azure resource abbreviations to keep resource names within length limits.
Use the Azure Naming Tool: The Azure Naming Tool is a tool that helps you generate names for Azure resources. You configure the tool to use your preferred naming convention, and it generates names for your Azure resources. For more information, see Azure Naming Tool.
Consider naming consistency for VMs. If you're working with VMs in Azure, we recommend keeping names consistent even though VM names in Azure can be longer than the allowed NetBIOS name of the VM. For more information and for other restrictions, see Naming conventions in Active Directory for computers, domains, sites, and OUs - Computer names.
Example Azure resource names
Consider these examples when you define your naming convention. The examples are based on the naming components and considerations that are described in this article.
AI and machine learning
| Asset type | Scope | Format and examples |
|---|---|---|
| Azure AI Search | Global | srch-<workload, application, or project>-<environment> srch-navigator-prod srch-emissions-dev |
| Azure OpenAI Service | Resource group | oai-<workload, application, or project>-<environment> oai-navigator-prod oai-emissions-dev |
| Azure Machine Learning workspace | Resource group | mlw-<workload, application, or project>-<environment> mlw-navigator-prod mlw-emissions-dev |
Analytics and IoT
| Asset type | Scope | Format and examples |
|---|---|---|
| Azure Analysis Services | Global | as<app name><environment> asnavigatorprod asemissionsdev |
| Azure Data Factory | Global | adf-<workload, application, or project>-<environment> adf-navigator-prod adf-emissions-dev |
| Azure Synapse Analytics workspaces | Resource group | synw-<workload, application, or project>-<environment> synw-navigator-prod synw-emissions-dev |
| Data Lake Storage account | Global | dls<workload, application, or project><environment> dlsnavigatorprod dlsemissionsdev |
| IoT hub | Global | iot-<workload, application, or project>-<environment> iot-navigator-prod iot-emissions-dev |
Compute and web
| Asset type | Scope | Format and examples |
|---|---|---|
| Virtual machine | Resource group | vm-<workload, application, or project>-<environment>-<###> vm-sql-test-001 vm-hadoop-prod-001 vm-sharepoint-dev-001 |
| Web app | Global | app-<workload, application, or project>-<environment>-<###>.azurewebsites.net app-navigator-prod-001.azurewebsites.net app-accountlookup-dev-001.azurewebsites.net |
| Function app | Global | func-<workload, application, or project>-<environment>-<###>.azurewebsites.net func-navigator-prod-001.azurewebsites.net func-accountlookup-dev-001.azurewebsites.net |
Databases
| Asset type | Scope | Format and examples |
|---|---|---|
| Azure SQL database | Azure SQL Server | sqldb-<workload, application, or project>-<environment> sqldb-users-prod sqldb-users-dev |
| Azure Cosmos DB database | Global | cosmos-<workload, application, or project>-<environment> cosmos-navigator-prod cosmos-emissions-dev |
| Azure Cache for Redis instance | Global | redis-<workload, application, or project>-<environment> redis-navigator-prod redis-emissions-dev |
Integration
| Asset type | Scope | Format and Examples |
|---|---|---|
| API management service instance | Global | apim-<app or service name> apim-navigator-prod |
| Service Bus namespace | Global | sbns-<workload, application, or project>-<environment>.servicebus.windows.net sbns-navigator-prod.servicebus.windows.net sbns-emissions-dev.servicebus.windows.net |
| Service Bus queue | Service Bus | sbq-<workload, application, or project> sbq-navigator |
| Service Bus topic | Service Bus | sbt-<workload, application, or project> sbt-navigator |
Management and governance
| Asset type | Scope | Format and examples |
|---|---|---|
| Management group | Business unit and/or environment |
mg-<business unit>[-<environment>] mg-mktg mg-hr mg-corp-prod mg-fin-client |
| Subscription | Account / enterprise agreement | <business unit>-<subscription purpose>-<###> mktg-prod-001 corp-shared-001 fin-client-001 |
| Resource group | Subscription | rg-<app or service name>-<subscription purpose>-<###> rg-mktgsharepoint-prod-001 rg-acctlookupsvc-shared-001 rg-ad-dir-services-shared-001 |
Networking
| Asset type | Scope | Format and examples |
|---|---|---|
| Virtual network | Resource group | vnet-<subscription purpose>-<region>-<###> vnet-shared-eastus2-001 vnet-prod-westus-001 vnet-client-eastus2-001 |
| Subnet | Virtual network | snet-<subscription purpose>-<region>-<###> snet-shared-eastus2-001 snet-prod-westus-001 snet-client-eastus2-001 |
| Network interface (NIC) | Resource group | nic-<##>-<vm name>-<subscription purpose>-<###> nic-01-dc1-shared-001 nic-02-vmhadoop1-prod-001 nic-02-vmtest1-client-001 |
| Public IP address | Resource group | pip-<vm name or app name>-<environment>-<region>-<###> pip-dc1-shared-eastus2-001 pip-hadoop-prod-westus-001 |
| Load balancer (external) | Resource group | lbe-<app name or role>-<environment>-<###> lbe-navigator-prod-001 lbe-sharepoint-dev-001 |
| Network security group (NSG) | Subnet or NIC | nsg-<policy name or app name>-<###> nsg-weballow-001 nsg-rdpallow-001 nsg-sqlallow-001 nsg-dnsblocked-001 |
| Local network gateway | Virtual gateway | lgw-<subscription purpose>-<region>-<###> lgw-shared-eastus2-001 lgw-prod-westus-001 lgw-client-eastus2-001 |
| Virtual network gateway | Virtual network | vgw-<subscription purpose>-<region>-<###> vgw-shared-eastus2-001 vgw-prod-westus-001 vgw-client-eastus2-001 |
| VPN connection | Resource group | vcn-<subscription1 purpose>>-<region1>-to-<subscription2 purpose>>-<region2>- vcn-shared-eastus2-to-shared-westus vcn-prod-eastus2-to-prod-westus |
| Route table | Resource group | rt-<route table name> rt-navigator rt-sharepoint |
| DNS label | Global | <DNS A record for VM>.<region>.cloudapp.azure.com dc1.westus.cloudapp.azure.com web1.eastus2.cloudapp.azure.com |
Security
| Asset type | Scope | Format and examples |
|---|---|---|
| Managed identity | Resource group | id-<app or service name>-<environment>-<region name>-<###> id-appcn-keda-prod-eastus2-001 |
Storage
| Asset type | Scope | Format and examples |
|---|---|---|
| Storage account (general use) | Global | st<workload, application, or project><###> stnavigatordata001 stemissionsoutput001 |
| Azure StorSimple | Global | ssimp<workload, application, or project><environment> ssimpnavigatorprod ssimpemissionsdev |
| Azure Container Registry | Global | cr<workload, application, or project><environment><###> crnavigatorprod001 |
Next step
A good next step is to define your tagging strategy.