As part of Azure Resource Manager’s governance team, I led the Tags Modernization initiative—an effort to rearchitect Azure’s tagging system into a reliable, governable, and scalable platform primitive. While the initiative was ultimately paused before public launch, it delivered critical research, architectural design, and foundational groundwork that continue to shape future Azure features.

The Challenge

Azure tags had become essential for cost reporting, compliance, and automation—but the implementation lagged behind enterprise needs:

• Inconsistent behavior across Resource Providers

• No inheritance from management scopes like MGs

• Limited enforcement through Policy and RBAC

• Ambiguity between system and customer-generated metadata

These issues created friction for customers and blocked key initiatives in governance, automation, and billing alignment.

My Role

As the lead PM, I was responsible for:

• Vision & Strategy: Redefining tagging as a core governance and automation surface

• Architecture & Design: Authoring proposals for tag inheritance, centralized storage, and access control

• Cross-Team Alignment: Driving consensus across ARM, Policy, Billing, Identity, Cost Management, and dozens of RPs

• Program Leadership: Managing scope, delivery phases, and stakeholder readiness

• Strategic Decision-Making: Ultimately pausing the effort after determining it would delay other higher-priority dependencies

The Solution

I led the design of a future-state tagging model that addressed key gaps:

1. Tag Namespaces & Naming Conventions

Proposed structured tag definitions to separate Azure system metadata from customer-owned tags and prevent name collisions.

2. Central Tag Storage

Architected a new service layer to manage tag persistence natively in ARM, rather than relying on each RP—unlocking consistency, performance, and cross-resource propagation.

3. Tag Inheritance

Designed a propagation model to allow tags defined at the Management Group, Subscription, or Resource Group level to cascade to all children—dramatically reducing manual overhead.

4. Tag-Level RBAC

Introduced concepts for fine-grained permissioning, allowing read-only tags, tag creation locks, and delegated management—making tagging secure and auditable.

5. System vs Customer Metadata

Defined a boundary between internal Azure-generated tags (for cost, region, diagnostics) and externally visible tags for customers—critical for avoiding conflicts and enabling automation.

Execution Highlights

• Deep Research: Conducted technical and customer analysis across 30+ Azure teams

• Architecture Leadership: Authored core design docs and secured engineering alignment on direction

• Customer Feedback Loop: Validated needs through interviews with enterprise customers, billing teams, and compliance specialists

• Strategic Pause: Made the difficult but necessary decision to pause implementation due to downstream dependencies and priority realignment—ensuring resources could be reallocated without wasted effort

Results

• Platform Impact: Designs influenced subsequent work on tag inheritance, policy-based tag enforcement, and resource metadata structure

• Internal Adoption: Partner teams reused design patterns in related features, including Service Groups and new Policy APIs

• Reusable Assets: Created scalable tag storage and access patterns now referenced in platform architecture discussions

• Vision Established: Positioned Azure to support AI/ML tagging, dynamic metadata classification, and real-time policy evaluation in the future

Reflection

Tags Modernization was one of the most technically complex and strategically important projects I led—even though it never publicly launched. As PM, I delivered a long-term vision, gathered broad alignment, and ultimately made the call to pause when priorities shifted. I view this not as a failed project, but a successful investment in future architecture. The designs, research, and governance patterns created in this effort continue to unlock new scenarios across Azure.