Every FinOps assessment we do starts with the same question: "Can you tell me which team owns this resource and what it's for?"
In environments without tagging, the answer is usually "no." And that makes everything harder - cost allocation, cleanup, compliance, incident response.
Why Tags Matter
Tags let you:
- Allocate costs to business units, projects, or customers
- Identify owners when something breaks or needs updating
- Automate (shut down dev VMs, apply policies based on environment)
- Report meaningful information to finance and leadership
- Clean up by finding resources that have outlived their purpose
Without tags, you're flying blind.
Essential Tags
Start with these five. They cover 80% of use cases:
| Tag | Purpose | Example Values |
|---|---|---|
Environment | Production vs non-prod | prod, dev, test, staging |
Owner | Who to contact | [email protected] |
CostCentre | Charge back costs | CC-1234, IT-Infrastructure |
Project | What initiative | ProjectPhoenix, WebsiteRedesign |
CreatedDate | When provisioned | 2025-04-15 |
Add more as needed, but don't go overboard. Too many mandatory tags creates friction and people will put garbage data in.
Enforcing Tags with Azure Policy
Tags are useless if they're optional. Use Azure Policy to enforce them:
{
"properties": {
"displayName": "Require Environment and Owner tags",
"policyType": "Custom",
"mode": "Indexed",
"parameters": {},
"policyRule": {
"if": {
"anyOf": [
{
"field": "tags['Environment']",
"exists": "false"
},
{
"field": "tags['Owner']",
"exists": "false"
}
]
},
"then": {
"effect": "deny"
}
}
}
}
Assign this policy at the management group or subscription level. Resources without required tags can't be created.
Audit Mode First
Don't go straight to Deny. Start with Audit:
- Deploy the policy in Audit mode
- Run for 30 days
- Review non-compliant resources
- Work with teams to fix existing resources
- Switch to Deny
This gives teams time to adapt without blocking their work.
Tagging Existing Resources
For resources that already exist without tags:
Azure Portal:
- Go to the resource
- Click Tags in the left menu
- Add your tags
- Save
Bulk Update with CLI:
# Tag all VMs in a resource group
az vm list --resource-group myRG --query "[].id" -o tsv | while read id; do
az tag update --resource-id "$id" --operation merge --tags Environment=dev [email protected]
done
Azure Resource Graph + PowerShell:
For very large environments, use Resource Graph to identify untagged resources, then loop through them with PowerShell.
Tag Inheritance
Tags don't automatically inherit from resource groups to resources. This catches people out.
Options:
- Use Azure Policy to copy tags from resource group to resources
- Use a naming convention alongside tags
- Accept that you need to tag at resource level
The policy approach works well:
{
"if": {
"allOf": [
{
"field": "tags['Environment']",
"exists": "false"
},
{
"value": "[resourceGroup().tags['Environment']]",
"notEquals": ""
}
]
},
"then": {
"effect": "modify",
"details": {
"roleDefinitionIds": ["/providers/..."],
"operations": [
{
"operation": "add",
"field": "tags['Environment']",
"value": "[resourceGroup().tags['Environment']]"
}
]
}
}
}
Cost Allocation with Tags
Once tagged, you can filter cost reports by tag in Cost Management:
- Go to Cost Management → Cost analysis
- Click "Add filter"
- Select your tag (e.g., CostCentre)
- Choose the value
You can also set up cost allocation rules that automatically allocate untagged costs based on rules you define.
Common Mistakes
Inconsistent values: "Production", "Prod", "prod", "PROD" are all different. Standardise and document your allowed values.
Free-text owner fields: "John", "John Smith", "[email protected]" - use email addresses consistently.
Not tagging shared resources: That hub virtual network is used by everyone. Tag it for the team that manages it, not the teams that use it.
Forgetting to update: Project finished? Team changed? Tags become stale. Review quarterly.
Struggling with cost allocation in Azure? Our free savings snapshot includes a tagging maturity assessment and recommendations.