Implement and Set Tagging on Resource Groups
Start course

As an IT professional tasked with managing resources in Azure, it’s important to understand key administrative roles and permissions within a subscription and within a resource group. It’s also important to know how to leverage Role Based Access Control (RBAC) for managing such administrative roles and permissions.

In the first part of this course, you will learn about Azure subscriptions.  You will learn about key roles within a subscription, including contributor, owner, reader, and user access administrator. You’ll also learn how to manage these roles by using RBAC. We’ll also cover subscription policies and the role they play in the management of an Azure subscription.

In the second part of the course, we’ll talk about resource groups in Azure.  We’ll touch on what they do and how they are managed. You will learn how to secure resources within a resource group via resource policies and resource locks.  You’ll also learn about resource tagging and how it can be used to manage and group Azure resources.

Rounding out this course, we’ll cover the process of moving resources from one resource group to another, as well as the deletion of resource groups altogether.

Learning Objectives

Azure Subscriptions

  • Understand the owner role
  • Understand the subscription administrator Role
  • How to manage roles and permissions with RBAC
  • Understand subscription policies

Resource Groups

  • Understanding the purpose of resource groups
  • How to leverage resource group policies
  • How to use resource locks to protect resources
  • How to leverage resource tags  
  • Moving resources between resource groups
  • Removing resource groups

Intended Audience

  • IT professionals interested in becoming Azure cloud architects
  • IT professionals preparing for Microsoft’s Azure certification exams


  • General knowledge of IT infrastructure
  • General knowledge of the Azure environment

Applying tags to Azure resources provides metadata that's used to logically organize those resources into a taxonomy. Each tag consists of a name and a value pair. A common example is the use of a tag named Environment along with the value of Production that's applied to all resources in production.

Applying tags offers the ability to retrieve all resources in a subscription that are assigned a specific tag name and value. Using tags enables the administrator to even retrieve related resources from different resource groups. This is helpful when organizing resources for billing and management.

As helpful as tags, there are some limitations that apply to them. For example, each resource or resource group is limited to a maximum of 15 tag name/value pairs that can be directly applied to the resource group or resource.

Another limitation is tag name length. Tag names are limited to 512 characters. Tag values are limited to 256 characters. For storage accounts, the tag name is limited to 128 characters and the value is limited to 256. Virtual machines are limited to a total of 2048 characters for all tag names and values.

It's important to note that tags that are applied to a resource group are not inherited by the resources within that resource group. Also, tags can't be applied to classic resources such as Cloud Services and they can't contain special characters. The ability to apply tags to resources requires the user to have write access to that resource type.

Use the Contributor role to enable the ability to apply tags to all resource types. If it's necessary to provide the ability to apply tags to only one resource type, use the Contributor role for that particular resource. For example, to apply tags to virtual machines, use the Virtual Machine Contributor role.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.