Cloud environments can grow quickly — one moment you’re setting up a couple of virtual machines, the next you have dozens of resources scattered across multiple subscriptions.
Without proper organization, it becomes hard to track who owns what, and even worse, you might lose critical resources due to accidental deletion.
In this project, I set out to solve these problems using Azure Tags and Resource Locks.
By the end of this article, you’ll know exactly how to:
Assign tags to Azure resources for better organization and cost tracking
Lock important resources to prevent accidental deletion or changes
Apply these steps to virtual machines, networks, and more
Why Tags and Locks Matter
Imagine your virtual machine that hosts an FTP server is deleted by accident. It could take hours — even days — to restore service.
Or picture trying to figure out which department is responsible for a resource without any clear naming or tagging system.
**Tags **solve this by letting you attach metadata (like department, project, or purpose) to resources.
Locks ensure critical resources can’t be deleted or modified without deliberate action.
Together, they provide governance, organization, and protection for your Azure environment.
Step 1 – Adding Tags to a Virtual Machine
Tags help you quickly identify the purpose and ownership of a resource.
Here’s how I did it:
Log in to the Azure Portal
In the search bar, type "Virtual Machines" and select it under Services.
Select your VM (in my case, guided-project-vm).
From the left-hand menu, click Tags.
Add the following tags:
Name: Department | Value: Customer Service
Name: Purpose | Value: FTP Server
Click Apply.
Now anyone viewing this VM will immediately see which department uses it and what it’s for.
Step 2 – Adding a Resource Lock to the Virtual Machine
A Delete Lock ensures the VM cannot be deleted accidentally.
To set it up:
With your VM still selected, go to **Locks **under the Settings section.
Click + Add.
Enter the lock name: VM-delete-lock.
Set Lock type to Delete.
(Optional) Add a note explaining why the lock exists.
Click OK.
From now on, any attempt to delete this VM will be blocked unless the lock is first removed.
Step 3 – Tagging a Virtual Network
Tags aren’t just for VMs — they work for all Azure resources, including networks.
Here’s what I did:
Go back to the Azure Portal home page.
In the search bar, type** "Virtual Networks"** and select it under Services.
**Select **your VNet (in my case, guided-project-vnet).
Go to **Tags **in the menu.
Add the following:
Name: Department | Value: IT
Click Apply.
Now both my VM and VNet are organized and traceable by department.
Key Takeaways
Tags help with organization, cost allocation, and quick identification of resources.
Locks protect against accidental deletions and changes.
Both features are quick to set up and can save you time, money, and headaches later.
Best Practices
Use a consistent tagging strategy across all resources (Department, Environment, Purpose).
Review tags periodically to ensure accuracy.
Apply locks only to truly critical resources to avoid blocking legitimate changes.
Final Thoughts
This small but powerful setup improves governance and prevents mistakes in Azure.
If you’ve ever lost a resource due to an accidental deletion or struggled to find ownership info, I highly recommend applying tags and locks right away.
How do you keep your Azure environment organized and secure?
Share your approach in the comments.
#azure #cloud #devops #cloudsecurity #tutorial
Top comments (0)