1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Analyzing Resource Utilization on Azure

Resource Tagging

Start course

This course looks into how to capture log data and metrics from Azure services and feed this information into different locations for processing. We take a look at diagnostic logging, which can help to troubleshoot services and create queries and alerts based on that data. We also look into Azure Adviser, cost consumption reporting, and how we can baseline resources. This is an introduction to these advanced areas of Azure services.

Learning Objectives

  • Understand how to use and configure diagnostic logging for Azure services
  • Gain an understanding of Azure Monitor and how to create and manage alerts
  • Review cost consumption reporting and how to create scheduled reports
  • Investigate different methods for baselining resources

Intended Audience

  • People who want to become Azure cloud architects
  • People preparing for Microsoft’s AZ-303 exam


  • General knowledge of Azure services

For more MS Azure-related training content, visit our Microsoft Azure Training Library.


It is worth noting that you can enforce tagging through Azure policies, meaning no matter how a user or administrator tries to deploy a resource, if they don't have appropriate tags defined, the deployment will fail. Alternatively, you can use auditing, which will allow the deployment to continue but will issue a warning. These resources will be marked as non-compliant in the Azure policy service. Let's take a look at creating a policy to audit and enforce tags. We're going to leverage some Azure policy samples for resource groups located here at this GitHub project. We will use PowerShell to deploy these definitions. Note that you will require subscription owner rights to execute the following commands. Here we have the “deploy audit resource tag policy” PowerShell command. We are using the New-AzureRmPolicyDefinition commandlet and referencing the GitHub project (https://docs.microsoft.com/en-nz/azure/governance/policy/concepts/definition-structure). 

We've also filled out the description and the different parameters required to execute this command. This command here will show us how to deploy the “enforce resource tag” policy PowerShell command. In the Azure portal, under policy services and definitions, if we search for the keyword “Tag”, we’ll get these results. We can see the four built-in policies and the two custom policies we just created from the JSON template using PowerShell. If you select the assignment from the left side of the navigation bar, you'll be able to create an assignment using this policy. Here is a screen showing the fields required to create an audit policy for the resource tag Owner. We are going to create an assignment of an audit policy for the resource tag Owner. We can see here the policy definition is what we created through PowerShell and an assignment name and description with the final text box being tag name having the resource tag you want to audit. Once the policy has been evaluated, we can see the compliant and non-compliant numbers of resources. You can also assign enforce policies to ensure that during deployment tags are assigned. If they are not, the deployment will fail. If you would like to learn more about creating policy definitions, here is a reference link (https://docs.microsoft.com/en-nz/azure/governance/policy/concepts/definition-structure).

About the Author

Matthew Quickenden is a motivated Infrastructure Consultant with over 20 years of industry experience supporting Microsoft systems and other Microsoft products and solutions. He works as a technical delivery lead managing resources, understanding and translating customer requirements and expectations into architecture, and building technical solutions. In recent years, Matthew has been focused on helping businesses consume and utilize cloud technologies with a focus on leveraging automation to rapidly deploy and manage cloud resources at scale.