Skip to main content

Microsoft Azure Naming Conventions

· 8 min read
Luke Murray
Luke Murray
Author

Accurately representing and naming your resources is essential for security purposes.

In a security incident, it is critical to identify affected systems quickly, what functions those systems support, and the potential business impact.

A useful naming convention composes resource names from important information about each resource. A well-chosen name helps you quickly identify the resource's type, its associated workload, its deployment environment, and the Azure region hosting it.

Some resource names, such as PaaS services with public endpoints or virtual machine DNS labels, have global scopes, so they must be unique across the Azure platform.

There's no one size fits all to Azure naming conventions, it needs to suit your organisation, however, it is worth noting that there are limitations to naming rules to Azure resources.

The use of these limitations and scopes have been used to determine the following naming conventions across associated resources.

CasingName Format
Lowercase{organizationName}-{component}-{resourceTypeshortCode}-{regionShortCode}-{environmentlongcode}

Naming Convention Examples

EnvironmentApplication NameAzure RegionAzure ServiceExample Name
Productionapplication1Australia EastApp Servicecompany-application1-asvc-au-e-prod
Productionapplication1Australia EastApp Service Environmentcompany-application1-ase-au-e-prod
Productionapplication1Australia EastApp Service Plancompany-application1-asp-au-e-prod
Productionapplication1Australia EastApplication Gatewaycompany-application1-agw-au-e-prod
Productionapplication1Australia EastAutomation Accountcompany-application1-aum-au-e-prod
Productionapplication1Australia EastAvailability Setcompany-application1-avs-au-e-prod
Productionapplication1Australia EastAzure Arc enabled Kubernetes clustercompany-application1-arck-au-e-prod
Productionapplication1Australia EastAzure Arc enabled servercompany-application1-arcs-au-e-prod
Productionapplication1Australia EastAzure Cosmos DB databasecompany-application1-cosmos-au-e-prod
Productionapplication1Australia EastAzure Data Factorycompany-application1-adf-au-e-prod
Productionapplication1Australia EastAzure Searchcompany-application1-srch-au-e-prod
Productionapplication1Australia EastAzure SQL Databasecompany-application1-sqldb-au-e-prod
Productionapplication1Australia EastAzure SQL Elastic Poolcompany-application1-sqlep-au-e-prod
Productionapplication1Australia EastAzure SQL Servercompany-application1-sql-au-e-prod
Productionapplication1Australia EastContainer registrycompany-application1-cr-au-e-prod
Productionapplication1Australia EastCosmos DBcompany-application1-cdb-au-e-prod
Productionapplication1Australia EastFunction Appcompany-application1-func-au-e-prod
Productionapplication1Australia EastGateway connectioncompany-application1-cn-au-e-prod
Testapplication1Australia EastIoT Centralcompany-application1-iotc-au-e-test
Testapplication1Australia EastKey Vaultcompany-application1-kv-au-e-test
Testapplication1Australia EastLoad Balancercompany-application1-lb-au-e-test
Testapplication1Australia EastLocal Network Gatewaycompany-application1-lgw-au-e-test
Testapplication1Australia EastLog Analytics workspacecompany-application1-la-au-e-test
Productionapplication1Australia EastMySQL databasecompany-application1-mysql-au-e-prod
Productionapplication1Australia EastNetwork Interfacecompany-application1-nic-au-e-prod
Productionapplication1Australia EastNetwork Security Groupcompany-application1-nsg-au-e-prod
Productionapplication1Australia EastNetwork Security Group Rulecompany-application1-nsg-au-e-prod
Productionapplication1Australia EastPublic IP Addresscompany-application1-pip-au-e-prod
ProductionAustralia EastRecovery Services vaultcompany-rsv-au-e-prod
Productionapplication1Australia EastRecovery Services Vault - Backup policiescompany-application1-rsvp-au-e-prod
Productionapplication1Australia EastResource Groupcompany-application1-rg-au-e-prod
Productionapplication1Australia EastRoute tablecompany-application1-route-au-e-prod
Productionapplication1Australia EastRunbookscompany-application1-run-au-e-prod
Productionapplication1Australia EastService Bus - Namespacecompany-application1-sbns-au-e-prod
Productionapplication1Australia EastSQL Data Warehousecompany-application1-sqldw-au-e-prod
Productionapplication1Australia EastSQL Managed Instancecompany-application1-sqlmi-au-e-prod
ProductionApp1Australia EastStorage Accountcompany-pp1-stg-au-e-prod
Productionapplication1Australia EastSubnetcompany-application1-snet-au-e-prod
Productionapplication1Australia EastSubscriptioncompany-application1-sub-prod
Productionapplication1Australia EastTraffic Manager Profilecompany-application1-tmp-au-e-prod
Productionapplication1Australia EastUser defined route (UDR)company-application1-udr-au-e-prod
Productionapplication1Australia EastVirtual machine scale setcompany-application1-vmss-au-e-prod
Productionapplication1Australia EastVirtual Networkcompany-application1-vn-au-e-prod
Productionapplication1Australia EastVirtual Network Gatewaycompany-application1-vngw-au-e-prod

Azure Naming - Global

Resource Group

EnvironmentApplication NameAzure RegionAzure ServiceExample Name
Productionapplication1Australia EastResource Groupcompany-application1-rg-au-e-prod

Resource Type Codes

Resource TypeShort CodeScopeCharacter Limit
App ServiceasvcGlobal40
App Service EnvironmentaseResource Group38
App Service PlanaspResource Group40
Application GatewayagwResource Group80
Automation AccountaumResource Group50
Availability SetavsResource Group80
Azure Arc enabled Kubernetes clusterarckResource Group63
Azure Arc enabled serverarcsResource Group15
Azure Cosmos DB databasecosmosGlobal63
Azure Data FactoryadfGlobal63
Azure SearchsrchGlobal60
Azure SQL DatabasesqldbServer128
Azure SQL Elastic PoolsqlepServer128
Azure SQL ServersqlGlobal63
Container registrycrGlobal50
Cosmos DBcdbGlobal50
Function AppfuncGlobal40
Gateway connectioncnResource Group80
IoT CentraliotcGlobal63
Key VaultkvGlobal24
Load BalancerlbResource Group80
Local Network GatewaylgwResource Group80
Log Analytics workspacelaGlobal24
MySQL databasemysqlGlobal63
Network InterfacenicResource Group80
Network Security GroupnsgResource Group80
Network Security Group RulensgResource Group80
Public IP AddresspipResource Group80
Recovery Services vaultrsvResource Group50
Recovery Services Vault - Backup policiesrsvpvault50
Resource GrouprgGlobal64
Route tablerouteResource Group80
RunbooksrunAutomation Account63
Service Bus - NamespacesbnsGlobal50
SQL Data WarehousesqldwGlobal63
SQL Managed InstancesqlmiGlobal63
Storage AccountstgGlobal24
SubnetsnetVirtual Network80
SubscriptionsubAccount64
Traffic Manager ProfiletmpResource Group63
User defined route (UDR)udrResource Group80
Virtual MachinevmResource Group15
Virtual machine scale setvmssResource Group15
Virtual NetworkvnResource Group63
Virtual Network GatewayvngwResource Group80

Environment Names

Environment NameLong Code
Developmentdev
Testtest
Stagingstg
Productionprod

Azure Regions

Azure RegionGeo Short CodeDatacentre Short CodeShort Code
East USuseus-e
East US 2use2us-e2
Central USuscus-c
North Central USuscnus-cn
West Central USuscwus-cw
West USuswus-w
West US 2usw2us-w2
Australia Eastaueau-e
Australia Southeastauseau-se
Australia Centralaucau-c
New Zealand Northnznnz-n

Microsoft Azure Tagging Conventions

· 5 min read
Luke Murray
Luke Murray
Author

Organizing cloud-based resources is a crucial task for IT unless you only have simple deployments. Use naming and tagging standards to organize your resources for these reasons:

  • Resource management: Your IT teams will need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.
  • Cost management and optimization: Making business groups aware of cloud resource consumption requires IT to understand each team's resources and workloads.
  • Operations management: Visibility for the operations management team regarding business commitments and SLAs is an essential aspect of ongoing operations.
  • Security: Classification of data and security impact is a vital data point for the team when breaches or other security issues arise.
  • Governance and regulatory compliance: Maintaining consistency across resources helps identify deviation from agreed-upon policies.
  • Automation: In addition to making resources easier for IT to manage, a proper organizational scheme allows you to take advantage of automation as part of resource creation, operational monitoring, and the result of DevOps processes.

Workload optimization: Tagging can help identify patterns and resolve broad issues. A tag can also help determine the assets required to support a single workload. Tagging all assets associated with each workload enables a more profound analysis of your mission-critical workloads to make sound architectural decisions.

Tagging Types

The common tagging patterns listed below provide examples of how tagging can be used to organize cloud assets. These patterns are not meant to be exclusive and can be used in parallel, providing multiple ways of organizing assets based on your company's needs.

Tag typeExamplesDescription
Functionalapp = catalogsearch1 tier = web webserver = apache env = prod env = staging env = devCategorize resources in relation to their purpose within a workload, what environment they have been deployed to, or other functionality and operational details.
Classificationconfidentiality = private SLA = 24hoursClassifies a resource by how it is used and what policies apply to it.
Accountingdepartment = finance program = business-initiative region = northamericaAllows a resource to be associated with specific groups within an organization for billing purposes.
Partnershipowner = jsmith contactalias = catsearchowners stakeholders = user1; user2; user3Provides information about what people (outside of IT) are related or otherwise affected by the resource.
Purposebusinessprocess = support businessimpact = moderate revenueimpact = highAligns resources to business functions to better support investment decisions.

Tagging Baselines

Tag at the Resource Group level and then have an Azure policy implemented that tags the resources in that Resource Group with the appropriate tags.

Tag NameValueTag TypeDescriptionExample
EnvironmentProduction Development SandboxFunctionalTags the resources with the Environment Tag. This can be used to determine if a resource is Production, Development or Sandbox.Environment: Production
Creator{CreatorName}PartnershipTags the resource with the name of who created the resource. This can be used to determine who created the resource to be able to get more information.Creator: Luke Murray
CreatedDate{CreatedDate}PurposeTags the resource with the Date/Time when the resource was created. This can be used to determine how old a resource is, which can be used to look at new functionality on created resources or check if resources are still required.CreatedDate: 10:00 PM 03/06/2022 NZT
CriticalityP1 P2 P3PurposeTags the resources with the criticality of the resources, i.e., if critical, then it is P1. This can be used to determine whether resources need to be highly available, whether changes can be made during or out of business hours.Criticality:P1
SupportedBy{TeamName}PartnershipTags the resources with the team/person or company who supports the resources, whether it is internally supported by the company or outsourced.SupportedBy:Company
RequesterName{Requestor}-{CompanyName)PartnershipTags the resources with the user that requested the creation of the resources.RequesterName:Project Manager
BillTo{BillTo}AccountingTags the resources with the cost centre or project codes who will pay for the resources.BillTo:AppTransformationProject1
AutoShutDownYesFunctionalThis is an Automation functional tag, i.e., tag the resource (Virtual Machine) with a tagging code which will automatically Shut down and Start-up the Virtual Machine at specified times.AutoShutDown:Yes
ApplicationName{ProjectName}PartnershipTags the resource with the name of the project or what the resources in the resource group are for.ApplicationName:AzureVirtualDesktopSH
Business Unit{BusinessUnit}PartnershipTags the resource with the name of the Business Unit or Company that owns the resources.BusinessUnit:Finance
SnapshotTrueFunctionalThis is an Automation functional tag, i.e., tag the resource (Disk) with a tagging code which can create daily snapshots of disks.Snapshot:True

My path to the Microsoft MVP Award

· One min read
Luke Murray
Luke Murray
Author

The path to becoming a Microsoft MVP (Most Valuable Professional) is not as linear as some might think, others have a goal to receive the Microsoft MVP Award, and others have a passion for technology that shows in community activities such as speaking or user groups, helping others on forums, and helping to maintain documentation and helping others be up-to-speed with the ever changing ecosystem that is the Microsoft stack - it is not a one size fits all, just as there are multiple ways of learning, there are multiple ways to the MVP Award.

I join Christian Buckley for episode 167 of his #MVPbuzChat Podcast/Video chat, to tell my story, feel free to check it out (if you can ignore the bad camera angle!) and other MVPs talk about their journey to the Microsoft MVP Award.

Architecture in the Cloud

· 3 min read
Luke Murray
Luke Murray
Author

Solution architecture is concerned with the planning, design, implementation, and ongoing improvement of a technology system.

The architecture of a system must balance and align the business requirements with the technical capabilities that are needed to execute those requirements.

The finished architecture is a balance of risk, cost, and capability throughout the system and its components.

Running a solution in the cloud does not reduce the need for requirements to be clear. In fact, the flexibility and power provided by the cloud mean that it is even more important to have clear requirements from business stakeholders; otherwise, you could end up solving problems that don't exist, missing an important design decision, or going beyond the available budget by adding unnecessary resiliency.

Requirements and Architecture

Non-functional requirements (NFRs)

Below is a short list of NFRs (not exhaustive) that may be provided by the business to help inform the design of a solution.

Reliability requirements
  • Service level agreement (SLA)
  • Uptime objective
  • Recovery time objective (RTO)
  • Recovery point objective (RPO)
  • Recoverability
Security requirements
  • Geographical location
  • Compliance and legislation
  • Identity and access management
  • Privacy
  • Data Integrity
  • Public or private endpoints (or both)
  • OWASP
  • Hybrid connectivity
  • DDOS
Performance requirements
  • Peak throughput, e.g., Requests per minute (RPM), active users
  • Business plan for growth
  • UX metrics (e.g., Page load time)
  • Asynchronous vs Synchronous operations
  • Workload profile (predictable, unpredictable, peak time of day)
  • Scalability
  • Data estate size and growth rate
  • Time-to-live (TTL) of reports and views (real-time vs eventual consistency)
Operational requirements
  • Prod and non-prod environments (Dev/Test, QA, Pre-prod, Prod)
  • Release frequency (hours / days / months)
  • Time to onboard (new customer)
  • Licensing
  • Cost (Management)
  • Manageability
Cost optimization
  • Cost per user
  • Target hosting costs as a percentage of revenue
  • Pricing model
  • Tenancy model
Azure SLAs
  • Familiarize yourself with Azure service-level agreements
  • An Azure Service-level Agreement (SLA) can also be read as a minimum service-level objective (SLO).
  • An SLA is a financial guarantee, not an absolute guarantee
  • Read the SLA details carefully, particularly the definition of "downtime" for each service, which gives important hints about failure modes

For example, in the SLA for Azure SQL Database, "downtime" is defined as:

"The total accumulated Deployment Minutes across all Databases in a given Microsoft Azure subscription during which the Database is unavailable. A minute is considered unavailable for a given Database if all continuous attempts by Customer to establish a connection to the Database within the minute fail."

The Azure SQL Database team expect almost all outages to be transient (brief and non-recurring). Therefore, the retry pattern should be used to continuously retry for up to a minute. This is typical in cloud services; retry has been the default behaviour in ADO.NET since .NET Framework 4.6.1.

External Resources

Finally, resources such as the Azure Architecture Center, Cloud Adoption and Well-Architected Framework can help with thinking around the design and building blocks of your architecture

How to contribute to Microsoft documentation

· 2 min read
Luke Murray
Luke Murray
Author

Did you know you can contribute to Microsoft documentation (ms docs)?

Suppose you see something not quite right, technically or even if the document's readability doesn't look right! Then, in true community style, you can contribute!

Tip: You can edit it straight from the Github webpage directly, or pressing "." in a Github repository will open up Visual Studio Code in Dev spaces with the markdown linter to help check against best practices from your browser.

See the image below for an example:

Update Microsoft documentation

Once the pull request is made, it will be reviewed by designated technical document reviewers/product owners at Microsoft. Then your changes will be merged live if successful (and if not, the reviewers will let you know why and what changes could be made)!

If you don't want to make the edit yourself, you can also raise an issue and give your feedback by linking to the document, and this will then be worked on by someone to review, contact the relevant product owners, and amended.

MS Docs - GitHub Raise an Issue

Try to be as concise as possible, as people reading it may not have the same experience as you!