Skip to main content

Microsoft Azure Portal - Recent Resources

· One min read

The Microsoft Azure Portal displays a list of Recent resources (whether they are subscriptions or Resources) you have accessed, usually when you first log in to the portal itself.

This capability makes it quick to access resources you use the most often, but sometimes you may want to view the resources in a list for easy access or clear the recent resources (ie if you are going to do a presentation) - this is how you can do it.

The Azure portal has a service called: Recent, to access it.

  1. Log in to the Microsoft Azure Portal
  2. In the search bar type in: Recent
  3. Azure Portal - Recent
  4. Select Recent
  5. You will be taken to the Recent Resources view, where you can select Clear to clear your Recent Resources, or you can view all your recent resources for easy access.
  6. Azure Portal - Clear Recent

You don’t have authorization to perform action 'Microsoft.Resources/deployments/validate/action'

· 2 min read

You may be attempting to deploy an Azure Landing Zone, such as the Enterprise Scale Landing Zone and receive the following error:

You don’t have authorization to perform action 'Microsoft.Resources/deployments/validate/action'.

This is because by default, even if you have Owner right on an Azure subscription, and are a Global Administer, you are unable to assign rights at the root '/' tenant level, to be able to create new Management Groups and move subscriptions between them.

However, users who have the Global Microsoft Entra ID role can elevate rights to do this. There are a few steps to enabling this, including using Azure PowerShell to assign rights.

With an account with Global Administrator rights, do the following:

  1. Sign in to the Azure Portal

  2. Open Microsoft Entra ID

  3. Click Properties

  4. Toggle the 'Access management for Azure resources' to 'Yes'

  5. Click Save

  6. Open PowerShell

  7. Run:

    Connect-AzAccount
  8. Login with your account, and make sure you are in the correct directory (if you aren't you can use Connect-Az Account - tenantid 'tenantidhere').

  9. Type:

    Get-AzADUser
  10. Copy the ID of the user you are logged in as, and run the following (replace the ObjectId to match the ID of your user):

    $user =  Get-AzADUser -ObjectId f53eaa59-0fc0-4103-b9cb-1650e3069da8
  11. Once the user ID has been stored in a variable, its finally time to assign the rights, run the following:

    New-AzRoleAssignment -Scope '/' -RoleDefinitionName 'Owner' -ObjectId $user.Id
  12. Give Microsoft Entra ID 10-15 minutes to replicate the Azure AD changes, log out and back in and you should now be able to deploy the Landing Zone.

Note: Remember to go back and change the toggle to 'Allow management of Azure resources' to 'No', or all Global Administrators of Microsoft Entra ID will be able to manage all Azure resources.

Once the Landing Zone is deployed, you should also remove your role assignment at the root level by running:

Remove-AzRoleAssignment -Scope '/' -RoleDefinitionName 'Owner' -ObjectId $user.Id

Turn on a Azure Virtual Machine using Azure Automation

· 11 min read

Turning off a Virtual Machine in Microsoft Azure on a schedule can quickly be done using the built-in Shutdown controls in the Virtual Machine blade (part of Azure Lab Services, but not a requirement), but what about starting it?

You have a few options, Logic Apps, PowerShell, Functions and Runbooks; most of the time, these will run on a standard 7 AM to 5 PM Monday to Friday schedule (meaning the Virtual Machine is off during off-peak hours and weekends, reducing compute cost).

This works fine for most scenarios, but what happens if a Bank or Public Holiday falls during the week? With the normal schedule, your Virtual Machine starts.

Because all your users are on Holiday, it wastes money while you and your users drink snicker cocktails at the beach?

This is where using a third party timezone API like 'AbstractApi' comes in handy; incorporating a lookup to check if it's a Public Holiday before starting that Virtual Machine can help reduce unnecessary costs.

Virtual Machines in Microsoft Azure have different states and, depending on what state the Virtual Machine is in, will determine whether you get billed or not (for the Compute, storage and network adapters are still billed).

Power stateDescriptionBilling
StartingVirtual Machine is powering up.Billed
RunningVirtual Machine is fully up. This is the standard working state.Billed
StoppingThis is a transitional state between running and stopped.Billed
StoppedThe Virtual Machine is allocated on a host but not running. Also called PoweredOff state or Stopped (Allocated). This can be result of invoking the PowerOff API operation or invoking shutdown from within the guest OS. The Stopped state may also be observed briefly during VM creation or while starting a VM from Deallocated state.Billed
DeallocatingThis is the transitional state between running and deallocated.Not billed
DeallocatedThe Virtual Machine has released the lease on the underlying hardware and is completely powered off. This state is also referred to as Stopped (Deallocated).Not billed

I have written a base runbook that does precisely that, every time the runbook runs, it checks if it is a public Holiday. If it is - then the Virtual Machine isn't started; if it isn't, then the virtual machine is started.

Overview

Today, we are going to set up an Azure Automation runbook, triggered by a scheduled will go through the following steps:

  1. On a schedule (7 AM, it will trigger an Azure Automation runbook)
  2. The Azure Automation runbook will do a lookup to an external API, in this case, AbstractApi.
  3. The runbook will check the date and detect if it falls on a Public Holiday; if it is a Public Holiday, it will exit the Azure Automation runbook; if it is a standard workday, it will start the Virtual Machine.

To do this, we need a few resources.

And, of course, 'Contributor' rights to the Microsoft Azure subscription to create the resources and the schedule, along with setting up the System Managed identity to grant the Azure Automation account access to start the Virtual Machine.

We will set up this from scratch using the Azure Portal and use an already created PowerShell Azure Automation runbook.

Deploy Start VM Solution

Setup Azure Automation Account

Create Azure Automation Account

First, we need an Azure Automation resource.

  1. Log into the Microsoft Azure Portal.
  2. Click + Create a resource.
  3. Type in automation
  4. Select Create under Automation, and select Automation.
  5. Create Azure Automation Account
  6. Select your subscription
  7. Select your Resource Group or Create one if you don't already have one (I recommend placing your automation resources in an Azure Management or Automation resource group, this will also contain your Runbooks)
  8. Select your region
  9. Create Azure Automation Account
  10. Select Next
  11. Make sure: System assigned is selected for Managed identities (this will be required for giving your automation account permissions to deallocate your Virtual Machine, but it can be enabled later if you already have an Azure Automation account).
  12. Click Next
  13. Leave Network connectivity as default (Public access)
  14. Click Next
  15. Enter in appropriate tags
  16. Create Azure Automation Account
  17. Click Review + Create
  18. After validation has passed, select Create
Configure System Identity

Now that we have our Azure Automation account, its time to set up the System Managed Identity and grant it the following roles:

  • Virtual Machine Contributor (to deallocate the Virtual Machine)

You can set up a custom role to be least privileged and use that instead. But in this article, we will stick to the built-in roles.

  1. Log into the Microsoft Azure Portal.
  2. Navigate to your Azure Automation account
  3. Click on: Identity
  4. Make sure that the System assigned toggle is: On and click Azure role assignments.
  5. Azure Automation Account managed identity
  6. Click + Add role assignments
  7. Select the Subscription (make sure this subscription matches the same subscription your Virtual Machines are in)
  8. Select Role: Virtual Machine Contributor
  9. Click Save
  10. Click Refresh (it may take a few seconds to update the Portal, so if it is blank - give it 10 seconds and try again).
  11. You have now set up the System Managed identity and granted it the roles necessary to execute the automation.
Setup Abstract API Key

Now we need to create an API key, which will be used in the runbook to start the Virtual Machine, the API key will allow connections to the Abstract API to retrieve public Holliday information.

  1. Create an Abstract API account
  2. Log in to the newly created account
  3. On the left-hand navigation bar, click on Holidays
  4. Click on 'Try it out
  5. Copy the API key
  6. Abstract API - API Key
  7. Copy the API key, as we will need it for the next steps.
Import Runbook

Now that the modules have been imported into your Azure Automation account, it is time to import the Azure Automation runbook.

  1. Log into the Microsoft Azure Portal.
  2. Navigate to your Azure Automation account
  3. Click on Runbooks
  4. Click + Create a runbook
  5. Specify a name (i.e. Start-AzureVirtualMachine)
  6. Select Runbook type of PowerShell
    1. A select Runtime version of: 5.1 (7.1 works as well).
  7. Type in a Description that explains the runbook (this isn't mandatory, but like Tags is recommended, this is an opportunity to indicate to others what it is for and who set it up)
  8. Click Create
  9. Now you will be greeted with a blank edit pane; paste in the Runbook from below:
Start-AzureVirtualMachine.ps1
#requires -Version 3.0 -Modules Az.Accounts, Az.Resources
<#
.SYNOPSIS
PowerShell Azure Automation Runbook for Starting/Stopping Virtual Machines.
.AUTHOR
Luke Murray (https://github.com/lukemurraynz/)
.VERSION
1.0 - 28/04/22 - script versioned to '1.0'.
.DESCRIPTION
1. The script first checks if today is a holiday by making a call to the Abstract API.
The Abstract API returns a JSON object containing the holiday name and (optional) description.
The script checks if the name property is null. If it is not null, the script displays a message indicating that today is a holiday.
If the name property is null, the script displays a message indicating that today is not a holiday.
2. The script then checks if the virtual machine is running or not. If it is running, the script will stop the virtual machine.
If it is not running, the script will start the virtual machine, depending on the Shutdown tag value
#>

Param(
[Parameter(Mandatory = $true)]
[String]
$TagName,
[Parameter(Mandatory = $true)]

[String]
$TagValue,
[Parameter(Mandatory = $true)]
[Boolean]
$Shutdown
)

$CountryCode = 'NZ'

$tDate =(Get-Date).ToUniversalTime()
$tz = [System.TimeZoneInfo]::FindSystemTimeZoneById("New Zealand Standard Time")
$Date = [System.TimeZoneInfo]::ConvertTimeFromUtc($tDate, $tz)


$API = Get-AutomationVariable -Name AbstractApiKey
$Holiday = Invoke-WebRequest -Uri ('https://holidays.abstractapi.com/v1/?api_key={0}&country={1}&year={2}&month={3}&day={4}' -f $API, $CountryCode, $Date.Year, $Date.Month, $Date.Day)

$Holidays = $Holiday.Content
$Holidays = $Holidays | ConvertFrom-Json

IF ($null -ne $Holidays.name)
{
Write-Output -InputObject ("Today is a holiday. The Holiday today is: {0}. The Azure Virtual Machine won't be started." -f $Holidays.name)
}
ELSE
{
Write-Output -Message 'No holiday today. The Virtual Machine will be started.'

# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process
# Connect to Azure with system-assigned managed identity (Azure Automation account, which has been given VM Start permissions)
$AzureContext = (Connect-AzAccount -Identity).context
Write-Output -InputObject $AzureContext
# set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext
Write-Output -InputObject $AzureContext

$vms = Get-AzResource -TagName $TagName -TagValue $TagValue | Where-Object -FilterScript {
$_.ResourceType -like 'Microsoft.Compute/virtualMachines'
}

Foreach ($vm in $vms)
{
if ($Shutdown -eq $true)
{
Write-Output -InputObject "Stopping $($vm.Name)"
Stop-AzVM -Name $vm.Name -ResourceGroupName $vm.ResourceGroupName -Force
}
else
{
Write-Output -InputObject "Starting $($vm.Name)"
Start-AzVM -Name $vm.Name -ResourceGroupName $vm.ResourceGroupName
}
}
}
  1. Change the country code to align with your own country. You can use the IP geolocation API in Abstract API to do a live test, which will give you your country code. Feel free to amend the Write-Output messages to make sense for your environment.
  2. Click Save
  3. Azure Runbook - PowerShell
  4. Click Publish (so the runbook is actually in production and can be used)
  5. You can select View or Edit at any stage, but you have now imported the Azure Automation runbook!
Setup Variables

Now that the Azure runbook has been imported, we need to set up the variables, which include the API key.

  1. Log into the Microsoft Azure Portal.
  2. Navigate to your Azure Automation account
  3. Click Variables
  4. Click + Add a variable
  5. Create a Variable named: AbstractApiKey (this needs to match the variable name as part of the 'Get-AutomationVariable' cmdlet).
  6. Enter in a description
  7. Select String
  8. Enter in the API key you retrieved earlier from Abstract API.
  9. Azure Automation - Variables
  10. Click Save
Setup Schedule

Now that the variables have been set up, we need to set up the schedule. This is the schedule that will be used to start the Virtual Machine. In the example below we are going to use a Standard Monday -> Friday work week, but adjust the time and date for when you need to start the virtual machine up.

  1. Log into the Microsoft Azure Portal.
  2. Navigate to your Azure Automation account
  3. Click Schedule
  4. Click + Add a schedule
  5. Type in a name for the schedule (ie Azure Virtual Machine - Start).
  6. Type in a Description
  7. Select the Start Date to match when you want to start the Schedule (ie first Monday of the week).
  8. Select your Timezone, so that the script runs on the right time/date which makes your timezone.
  9. For Recurrance, specify: Recurring
  10. Set it to Recur every: 1 Day
  11. Check Monday, Tuesday, Wednesday, Thursday, and Friday
  12. Leave Saturday and Sunday unchecked.
  13. Click Create
  14. Now that the Schedule has been created, we need to bind it to a Runbook
  15. On the Automation account blade, click on Runbooks
  16. Click on your 'Start Azure Virtual Machine' runbook
  17. Select Schedules
  18. Click Add a Schedule
  19. Press: Link a schedule to your runbook
  20. Select your newly created Schedule
  21. For the Tag Name, select Shutdown
  22. For the Tag Value name, Select Yes
  23. For Shutdown, select false
  24. Click Ok
  25. Your schedule has now been configured and the runbook will run the next time it matches your scheduled date and time.
Configure Tags

The runbook is written, so it doesn't need to be adjusted for future machines and making changes on the fly, this relies on each Virtual Machine that you want started to be started using the Runbook to be tagged.

  1. Log into the Microsoft Azure Portal.
  2. Navigate to your Azure Virtual Machine
  3. Click Tags
  4. Add the following tag:
Tag KeyTag Value
ShutdownYes

Congratulations, the next time your schedule triggers, every runbook with the Shutdown tag will be started, according to your schedule, and workday. If it's a Public Holiday or a Weekend, the Virtual Machine will remain off - saving cost.

Microsoft Azure Naming Conventions

· 8 min read

Accurately representing and naming your resources is essential for security purposes.

In a security incident, it is critical to identify affected systems quickly, what functions those systems support, and the potential business impact.

A useful naming convention composes resource names from important information about each resource. A well-chosen name helps you quickly identify the resource's type, its associated workload, its deployment environment, and the Azure region hosting it.

Some resource names, such as PaaS services with public endpoints or virtual machine DNS labels, have global scopes, so they must be unique across the Azure platform.

There's no one size fits all to Azure naming conventions, it needs to suit your organisation, however, it is worth noting that there are limitations to naming rules to Azure resources.

The use of these limitations and scopes have been used to determine the following naming conventions across associated resources.

CasingName Format
Lowercase{organizationName}-{component}-{resourceTypeshortCode}-{regionShortCode}-{environmentlongcode}

Naming Convention Examples

EnvironmentApplication NameAzure RegionAzure ServiceExample Name
Productionapplication1Australia EastApp Servicecompany-application1-asvc-au-e-prod
Productionapplication1Australia EastApp Service Environmentcompany-application1-ase-au-e-prod
Productionapplication1Australia EastApp Service Plancompany-application1-asp-au-e-prod
Productionapplication1Australia EastApplication Gatewaycompany-application1-agw-au-e-prod
Productionapplication1Australia EastAutomation Accountcompany-application1-aum-au-e-prod
Productionapplication1Australia EastAvailability Setcompany-application1-avs-au-e-prod
Productionapplication1Australia EastAzure Arc enabled Kubernetes clustercompany-application1-arck-au-e-prod
Productionapplication1Australia EastAzure Arc enabled servercompany-application1-arcs-au-e-prod
Productionapplication1Australia EastAzure Cosmos DB databasecompany-application1-cosmos-au-e-prod
Productionapplication1Australia EastAzure Data Factorycompany-application1-adf-au-e-prod
Productionapplication1Australia EastAzure Searchcompany-application1-srch-au-e-prod
Productionapplication1Australia EastAzure SQL Databasecompany-application1-sqldb-au-e-prod
Productionapplication1Australia EastAzure SQL Elastic Poolcompany-application1-sqlep-au-e-prod
Productionapplication1Australia EastAzure SQL Servercompany-application1-sql-au-e-prod
Productionapplication1Australia EastContainer registrycompany-application1-cr-au-e-prod
Productionapplication1Australia EastCosmos DBcompany-application1-cdb-au-e-prod
Productionapplication1Australia EastFunction Appcompany-application1-func-au-e-prod
Productionapplication1Australia EastGateway connectioncompany-application1-cn-au-e-prod
Testapplication1Australia EastIoT Centralcompany-application1-iotc-au-e-test
Testapplication1Australia EastKey Vaultcompany-application1-kv-au-e-test
Testapplication1Australia EastLoad Balancercompany-application1-lb-au-e-test
Testapplication1Australia EastLocal Network Gatewaycompany-application1-lgw-au-e-test
Testapplication1Australia EastLog Analytics workspacecompany-application1-la-au-e-test
Productionapplication1Australia EastMySQL databasecompany-application1-mysql-au-e-prod
Productionapplication1Australia EastNetwork Interfacecompany-application1-nic-au-e-prod
Productionapplication1Australia EastNetwork Security Groupcompany-application1-nsg-au-e-prod
Productionapplication1Australia EastNetwork Security Group Rulecompany-application1-nsg-au-e-prod
Productionapplication1Australia EastPublic IP Addresscompany-application1-pip-au-e-prod
ProductionAustralia EastRecovery Services vaultcompany-rsv-au-e-prod
Productionapplication1Australia EastRecovery Services Vault - Backup policiescompany-application1-rsvp-au-e-prod
Productionapplication1Australia EastResource Groupcompany-application1-rg-au-e-prod
Productionapplication1Australia EastRoute tablecompany-application1-route-au-e-prod
Productionapplication1Australia EastRunbookscompany-application1-run-au-e-prod
Productionapplication1Australia EastService Bus - Namespacecompany-application1-sbns-au-e-prod
Productionapplication1Australia EastSQL Data Warehousecompany-application1-sqldw-au-e-prod
Productionapplication1Australia EastSQL Managed Instancecompany-application1-sqlmi-au-e-prod
ProductionApp1Australia EastStorage Accountcompany-pp1-stg-au-e-prod
Productionapplication1Australia EastSubnetcompany-application1-snet-au-e-prod
Productionapplication1Australia EastSubscriptioncompany-application1-sub-prod
Productionapplication1Australia EastTraffic Manager Profilecompany-application1-tmp-au-e-prod
Productionapplication1Australia EastUser defined route (UDR)company-application1-udr-au-e-prod
Productionapplication1Australia EastVirtual machine scale setcompany-application1-vmss-au-e-prod
Productionapplication1Australia EastVirtual Networkcompany-application1-vn-au-e-prod
Productionapplication1Australia EastVirtual Network Gatewaycompany-application1-vngw-au-e-prod

Azure Naming - Global

Resource Group

EnvironmentApplication NameAzure RegionAzure ServiceExample Name
Productionapplication1Australia EastResource Groupcompany-application1-rg-au-e-prod

Resource Type Codes

Resource TypeShort CodeScopeCharacter Limit
App ServiceasvcGlobal40
App Service EnvironmentaseResource Group38
App Service PlanaspResource Group40
Application GatewayagwResource Group80
Automation AccountaumResource Group50
Availability SetavsResource Group80
Azure Arc enabled Kubernetes clusterarckResource Group63
Azure Arc enabled serverarcsResource Group15
Azure Cosmos DB databasecosmosGlobal63
Azure Data FactoryadfGlobal63
Azure SearchsrchGlobal60
Azure SQL DatabasesqldbServer128
Azure SQL Elastic PoolsqlepServer128
Azure SQL ServersqlGlobal63
Container registrycrGlobal50
Cosmos DBcdbGlobal50
Function AppfuncGlobal40
Gateway connectioncnResource Group80
IoT CentraliotcGlobal63
Key VaultkvGlobal24
Load BalancerlbResource Group80
Local Network GatewaylgwResource Group80
Log Analytics workspacelaGlobal24
MySQL databasemysqlGlobal63
Network InterfacenicResource Group80
Network Security GroupnsgResource Group80
Network Security Group RulensgResource Group80
Public IP AddresspipResource Group80
Recovery Services vaultrsvResource Group50
Recovery Services Vault - Backup policiesrsvpvault50
Resource GrouprgGlobal64
Route tablerouteResource Group80
RunbooksrunAutomation Account63
Service Bus - NamespacesbnsGlobal50
SQL Data WarehousesqldwGlobal63
SQL Managed InstancesqlmiGlobal63
Storage AccountstgGlobal24
SubnetsnetVirtual Network80
SubscriptionsubAccount64
Traffic Manager ProfiletmpResource Group63
User defined route (UDR)udrResource Group80
Virtual MachinevmResource Group15
Virtual machine scale setvmssResource Group15
Virtual NetworkvnResource Group63
Virtual Network GatewayvngwResource Group80

Environment Names

Environment NameLong Code
Developmentdev
Testtest
Stagingstg
Productionprod

Azure Regions

Azure RegionGeo Short CodeDatacentre Short CodeShort Code
East USuseus-e
East US 2use2us-e2
Central USuscus-c
North Central USuscnus-cn
West Central USuscwus-cw
West USuswus-w
West US 2usw2us-w2
Australia Eastaueau-e
Australia Southeastauseau-se
Australia Centralaucau-c
New Zealand Northnznnz-n

Microsoft Azure Tagging Conventions

· 5 min read

Organizing cloud-based resources is a crucial task for IT unless you only have simple deployments. Use naming and tagging standards to organize your resources for these reasons:

  • Resource management: Your IT teams will need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.
  • Cost management and optimization: Making business groups aware of cloud resource consumption requires IT to understand each team's resources and workloads.
  • Operations management: Visibility for the operations management team regarding business commitments and SLAs is an essential aspect of ongoing operations.
  • Security: Classification of data and security impact is a vital data point for the team when breaches or other security issues arise.
  • Governance and regulatory compliance: Maintaining consistency across resources helps identify deviation from agreed-upon policies.
  • Automation: In addition to making resources easier for IT to manage, a proper organizational scheme allows you to take advantage of automation as part of resource creation, operational monitoring, and the result of DevOps processes.

Workload optimization: Tagging can help identify patterns and resolve broad issues. A tag can also help determine the assets required to support a single workload. Tagging all assets associated with each workload enables a more profound analysis of your mission-critical workloads to make sound architectural decisions.

Tagging Types

The common tagging patterns listed below provide examples of how tagging can be used to organize cloud assets. These patterns are not meant to be exclusive and can be used in parallel, providing multiple ways of organizing assets based on your company's needs.

Tag typeExamplesDescription
Functionalapp = catalogsearch1 tier = web webserver = apache env = prod env = staging env = devCategorize resources in relation to their purpose within a workload, what environment they have been deployed to, or other functionality and operational details.
Classificationconfidentiality = private SLA = 24hoursClassifies a resource by how it is used and what policies apply to it.
Accountingdepartment = finance program = business-initiative region = northamericaAllows a resource to be associated with specific groups within an organization for billing purposes.
Partnershipowner = jsmith contactalias = catsearchowners stakeholders = user1; user2; user3Provides information about what people (outside of IT) are related or otherwise affected by the resource.
Purposebusinessprocess = support businessimpact = moderate revenueimpact = highAligns resources to business functions to better support investment decisions.

Tagging Baselines

Tag at the Resource Group level and then have an Azure policy implemented that tags the resources in that Resource Group with the appropriate tags.

Tag NameValueTag TypeDescriptionExample
EnvironmentProduction Development SandboxFunctionalTags the resources with the Environment Tag. This can be used to determine if a resource is Production, Development or Sandbox.Environment: Production
Creator{CreatorName}PartnershipTags the resource with the name of who created the resource. This can be used to determine who created the resource to be able to get more information.Creator: Luke Murray
CreatedDate{CreatedDate}PurposeTags the resource with the Date/Time when the resource was created. This can be used to determine how old a resource is, which can be used to look at new functionality on created resources or check if resources are still required.CreatedDate: 10:00 PM 03/06/2022 NZT
CriticalityP1 P2 P3PurposeTags the resources with the criticality of the resources, i.e., if critical, then it is P1. This can be used to determine whether resources need to be highly available, whether changes can be made during or out of business hours.Criticality:P1
SupportedBy{TeamName}PartnershipTags the resources with the team/person or company who supports the resources, whether it is internally supported by the company or outsourced.SupportedBy:Company
RequesterName{Requestor}-{CompanyName)PartnershipTags the resources with the user that requested the creation of the resources.RequesterName:Project Manager
BillTo{BillTo}AccountingTags the resources with the cost centre or project codes who will pay for the resources.BillTo:AppTransformationProject1
AutoShutDownYesFunctionalThis is an Automation functional tag, i.e., tag the resource (Virtual Machine) with a tagging code which will automatically Shut down and Start-up the Virtual Machine at specified times.AutoShutDown:Yes
ApplicationName{ProjectName}PartnershipTags the resource with the name of the project or what the resources in the resource group are for.ApplicationName:AzureVirtualDesktopSH
Business Unit{BusinessUnit}PartnershipTags the resource with the name of the Business Unit or Company that owns the resources.BusinessUnit:Finance
SnapshotTrueFunctionalThis is an Automation functional tag, i.e., tag the resource (Disk) with a tagging code which can create daily snapshots of disks.Snapshot:True