|
| 1 | +--- |
| 2 | +title: Considerations for naming Azure resources | Microsoft Docs |
| 3 | +description: This article contains guidance on how customers should consider naming their Azure resources to prevent attribution to business/mission sensitive workloads. |
| 4 | +services: Azure-government |
| 5 | +cloud: gov |
| 6 | +author: bernie-msft |
| 7 | +manager: zakramer |
| 8 | + |
| 9 | +ms.devlang: na |
| 10 | +ms.topic: article |
| 11 | +ms.tgt_pltfrm: na |
| 12 | +ms.service: azure-government |
| 13 | +ms.workload: Azure-government |
| 14 | +ms.date: 4/6/2020 |
| 15 | +ms.author: beellis |
| 16 | + |
| 17 | +--- |
| 18 | +# Considerations for naming Azure resources |
| 19 | +Customers should not include sensitive or restricted information in Azure Resource Names because they may be stored or accessed outside the compliance boundary to facilitate support and troubleshooting. |
| 20 | +Azure Resource Names include information provided by you, or on your behalf, that is used to identify or configure Online Service resources, such as software, systems, or containers, but does **not** include customer-created content or metadata inside the resource (for example, database column/table names). Azure Resource Names include the names a customer assigns to Azure Resource Manager level objects and resources deployed in Azure. Examples include the names of resources such as: |
| 21 | +* VNets (Virtual Networks) |
| 22 | +* Virtual Hard Disks (VHDs) |
| 23 | +* Database Servers & Databases |
| 24 | +* Virtual Network Interface |
| 25 | +* Network Security Groups |
| 26 | +* Key Vaults |
| 27 | + |
| 28 | +>[!NOTE] |
| 29 | +>The above examples are but a subset of the types of resources customers can name. This list is not meant to be fully exhaustive and the types of resources could change in the future as new cloud services are added. |
| 30 | +> |
| 31 | +
|
| 32 | +## Naming convention |
| 33 | +The names of Azure resources are part of a larger resource ID as follows: |
| 34 | + |
| 35 | +`/subscriptions/<subscriptionID>/resourceGroups/<ResourceGroupName>/providers/<ResourceProvider>/<ResourceType>/<ResourceName>` |
| 36 | + |
| 37 | +An example of a virtual machine resource ID is: |
| 38 | + |
| 39 | +`/subscriptions/<subscriptionID>/resourceGroups/<ResourceGroupName>/providers/Microsoft.Compute/virtualMachines/<virtualMachineName>` |
| 40 | + |
| 41 | + |
| 42 | +## Naming considerations |
| 43 | +For all names that meet the criteria above, from the name of the larger resource group to the name of the end resources within it, customers should avoid names that are sensitive to business/mission functions. Customers should also avoid names that indicate customer regulatory requirements (e.g., [ITAR](https://docs.microsoft.com/microsoft-365/compliance/offering-itar?view=o365-worldwide), [CJIS](https://docs.microsoft.com/microsoft-365/compliance/offering-cjis?view=o365-worldwide), etc.), as applicable. |
| 44 | + |
| 45 | +>[!NOTE] |
| 46 | +>Also consider naming of resource tags when reviewing the [Resource naming and tagging decision guide](https://docs.microsoft.com/azure/cloud-adoption-framework/decision-guides/resource-tagging/?toc=/azure/>azure-resource-manager/management/toc.json). |
| 47 | +> |
| 48 | +
|
| 49 | +Customers should understand and take into account the resource naming convention to help ensure operational security, as Microsoft personnel could use the full resource ID in the following example scenarios: |
| 50 | + |
| 51 | +* Microsoft support personnel may use the full resource ID of resources during support events to ensure we're identifying the right resource within a customer's subscription to provide support for. |
| 52 | +* Microsoft product engineering personnel could use full resource IDs during routine monitoring of telemetry data to identify deviance from baseline/average system performance. |
| 53 | +* Proactive communication to customers about impacted resources during internally discovered incidents. |
| 54 | + |
0 commit comments