Hey everyone! I'm trying to strengthen governance on my Azure subscriptions, particularly when it comes to critical tags like `Owner`, `Cost-Center`, and `Environment`. I want to ensure that these tags can't be modified after the subscription is created.
Does Azure provide a way to either:
* Prevent tag modifications through Azure Policy?
* Audit changes made to tags, including tracking who changed them?
If anyone has insights or experiences with making tags immutable or maintaining change tracking on these subscription tags, I'd really appreciate your suggestions. Thanks!
3 Answers
Creating a Runbook could be a viable solution for tracking those tag changes. Runbooks can be automated to monitor for modifications and notify you if something changes unexpectedly.
You could also develop a custom policy with specific logic tailored to your needs. That way, you can enforce tag immutability while assigning it to the appropriate scope.
Consider using a Scheduled Query Rule that inspects the Activity Log of the subscription or its resources to keep tabs on tag alterations.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures