Who, What, Where" – Mastering Azure Policy & Tags
AZ-104 Series: Post 2
The "Who, What, Where" – Mastering Azure Policy & Tags
In our last post, we built the "Cloud House" using the Azure Hierarchy. But a house is just a building until you set the rules. Without rules, someone might leave the lights on all night (wasting money) or invite strangers inside (security risk).
Today, we’re looking at the two most powerful tools in an Administrator's belt: Azure Policy and Resource Tags.
1. Azure Policy (The Guardrails)
Think of Azure Policy as the "No" button that works even when you aren't looking. It enforces rules across your entire environment automatically.
Common AZ-104 Policies:
- Allowed Locations: "You can only build servers in India or the US." (Prevents data from leaving your country).
- Allowed Virtual Machine SKUs: "You cannot build a server that costs $500/hour." (Prevents accidental bankruptcy!).
2. Resource Tags (The Post-It Notes)
Tags are simple Name-Value pairs. They don't do anything to the resource, but they tell you what it is for. Without tags, your Azure bill is just a list of random numbers.
A Professional Tagging Strategy:
- Environment : Production (So you don't delete it by mistake!)
- Owner : Marketing (So you know who to call when a server breaks.)
- CostCenter : 101 (So the Finance team knows who to bill.)
How they work together
A true "Cloud-Clipper" uses Policy to enforce Tags. You can set a policy that says: "Nobody can create a resource unless they add an 'Owner' tag." This ensures your cloud stays organized from Day 1.
💡 Why this matters for the Exam:
AZ-104 will often ask: "How do you ensure all resources in Subscription A are restricted to the East US region?" The answer is always Azure Policy. Learn it, love it!
Next Topic: RBAC – Who gets the keys to the castle? 🏰