# 资源 'myresource' 被策略禁止。策略：'要求在资源上添加标签'。原因：'该资源没有标签。'

- **ID:** `policy/azure-policy-tagging-enforcement-failure`
- **领域:** policy
- **类别:** config_error
- **错误码:** `Conflict`
- **验证级别:** ai_generated
- **修复率:** 80%

## 根因

Azure 策略计划要求所有资源具有特定标签；缺少标签导致部署被拒绝。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Azure CLI 2.57.0 | active | — | — |
| Azure Policy 1.0.0 | active | — | — |

## 解决方案

1. ```
   Add required tags in the deployment template. For ARM templates, add 'tags': { 'Environment': 'Production' } in the resource definition.
   ```
2. ```
   Use Azure CLI to deploy with tags: 'az deployment group create --resource-group myRG --template-file template.json --parameters tags={Environment:Production}'
   ```
3. ```
   Request policy exemption for the resource group from Azure Policy team via: 'az policy exemption create --name myExemption --policy-assignment <assignment-id> --scope /subscriptions/<sub-id>/resourceGroups/<rg>'
   ```

## 无效尝试

- **Redeploy the resource without any changes, hoping the policy is temporary.** — Azure Policy is persistent and evaluated on every deployment; the same error will occur. (100% 失败率)
- **Remove the resource group and recreate it.** — The policy is applied at subscription or management group level, not resource group. Deleting the group doesn't remove the policy requirement. (99% 失败率)
- **Add tags after deployment via Azure Portal.** — The policy blocks the deployment itself; the resource is never created to add tags later. (90% 失败率)