Back to blog
Azure
July 3, 20266 min read

An Azure tagging strategy that survives contact with real teams

Every failed cost allocation project has the same post-mortem: the tag policy was designed in a document, applied to a third of resources, and quietly abandoned. Allocation does not need a perfect taxonomy. It needs a small tag set that people actually apply, measured coverage, and a rule for whatever remains untagged.

Start with three tags, not thirteen

The minimum viable allocation set is small: who owns it, what it belongs to, and what environment it is. Something like team, project or product, and environment covers the questions finance actually asks. Every additional mandatory tag lowers compliance on all of them.

Agree allowed values, not just keys. A team tag with four spellings of the same department name allocates spend to four teams that do not exist.

  • team (or cost-centre): who answers for this spend.
  • project / product: what business thing it supports.
  • environment: prod, staging, dev — because the cleanup conversation differs for each.

Enforce at creation, not by audit

Retrospective tagging campaigns work once and decay immediately. The durable version is enforcement where resources are born: Azure Policy to require tags on resource groups, tag inheritance from resource group to resources, and defaults baked into your IaC modules so engineers rarely type tags by hand.

Resource-group-level tagging is the pragmatic compromise. Individual resource tagging is precise but fragile; most allocation questions are answered fine at the resource group level.

Measure coverage like an SLO

Tag coverage is a number: the percentage of spend, not resources, carrying your mandatory tags. Weight it by cost, because ten untagged test VMs matter less than one untagged production database.

Publish it monthly and set a modest target. Moving from 40% to 80% of spend allocated changes the finance conversation entirely; chasing the last 10% is rarely worth the effort.

Have a rule for the untagged remainder

There will always be untagged spend: shared networking, legacy resources, platform services that do not accept tags. Decide explicitly how it is treated, whether that is a shared platform bucket, pro-rata distribution, or assignment to the subscription owner.

The worst option is silence, because untagged spend that lands nowhere becomes spend nobody defends or cleans up. An allocation rule that catches the remainder keeps the total honest and makes the gap visible enough that someone eventually closes it.

More notes

Keep reading

Talk to us
Azure

Azure Cost Management vs third-party tools: what native covers, and where it stops

Microsoft's native cost tooling is genuinely good. Here is an honest map of what it does well, where teams hit its limits, and how to decide if you need more.

Read article
FinOps

Azure cost anomaly alerts your team will actually action

Most cost alerts are ignored because they fire late, go to the wrong people, or cry wolf. A practical setup for anomaly alerts that earn attention.

Read article