question

PhilippGerber-6516 avatar image
0 Votes"
PhilippGerber-6516 asked PhilippGerber-6516 commented

Azure Policy - Find Ressources without Tags

Hello Community,


it is possible to define a Policy to find Ressources without Tags?

I would like to define this Policy to list all of Items at the "Compliance" Point at the Policy Tab.


I have looked at the Definitions but i cant find this scenario.


Did someone build an Policy about this scenario?
Or can someone help me to build this Policy?


Thanks a lot.


Regards,
Phil

azure-policy
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Do you want to find all resources that have 0 tags, or resources that don't have a specific tag?

0 Votes 0 ·

I want to find all Resources with 0 Tags.

And this with an azure Policy.

0 Votes 0 ·

1 Answer

SwathiDhanwada-MSFT avatar image
0 Votes"
SwathiDhanwada-MSFT answered PhilippGerber-6516 commented

@PhilippGerber-6516 Welcome to Microsoft Q & A Community Forum. Here is a sample policy to list all the resources that have no tags.

 {
   "properties": {
     "displayName": "Checking existence of tags",
     "policyType": "Custom",
     "mode": "All",
     "parameters": {},
     "policyRule": {
       "if": {
         "field": "tags",
         "exists": "false"
       },
       "then": {
         "effect": "audit"
       }
     }
   }
 }

Please 'Accept as answer' or Upvote if the given solution is helpful, so that it can help others in the community looking for help on similar topics.

· 9
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SwathiDhanwada-MSFT

Thanks for this Answer.
It works very nice .

it's easier than you think.

Edit:

How can i use this for ResourceGroups? To Find all Resourcegroups without an Tag?

Regards,
Phil

0 Votes 0 ·

@PhilippGerber-6516 You can use below policy.

  {
    "properties": {
      "displayName": "Checking existence of tags",
      "policyType": "Custom",
      "mode": "All",
      "parameters": {},
      "policyRule": {
        "if": {
          "allOf": [
           {
             "field": "type",
             "equals": "Microsoft.Resources/subscriptions/resourceGroups"
           },
           {
             "field": "tags",
             "exists": "false"
           }
         ]
        },
        "then": {
          "effect": "audit"
        }
      }
    }
  }


1 Vote 1 ·

I asked too quickly.
But then my code is correct with the ResourceGroup.

Many thanks.

0 Votes 0 ·
Show more comments

Sorry, but now another question has arisen:

What does the Json code have to be like for example if I require a tag when creating a resource group.

However, I would not like to specify a specific day, but creating a resource group is only possible if a tag is specified.

Thanks.

0 Votes 0 ·

Okay.

Here is my Solution:

 {
     "mode": "All",
     "policyRule": {
       "if": {
         "allOf": [
           {
             "field": "type",
             "equals": "Microsoft.Resources/subscriptions/resourceGroups"
           },
           {
             "value": "[less(length(field('tags')), 1)]",
             "equals": "true"
           }
         ]
       },
       "then": {
         "effect": "deny"
       }
     },
     "parameters": {}
   }

This code can also be used for my first request.

There must be at least one tag.

1 Vote 1 ·

@PhilippGerber-6516 May I know if you have further questions which I can help with ?

0 Votes 0 ·
Show more comments