I have been using Azure policy for the pass few months to help audit check if all my resources have the relevant tags that we need applied on. Unfortunately not all resources can be tagged in Azure and you may need to make a few changes so that your compliance report does not report the wrong information for you, especially if your management team have access to view the compliance.
Here are few pointers to help make your compliance report more accurate:
- If your Azure policy is just checking on tags then you should set the mode for the policy to be "indexed". As "indexed" mode will only evaluate resources that support tags and location which will prevent your compliance report to not be shown as non compliance.
- Use this site reference to help see if a particular resource can be tagged and reported in costing. This will help you to understand that not everything can have a tag to help you with cost reporting. https://docs.microsoft.com/en-us/azure/azure-resource-manager/tag-support
Further information around Azure policy and its mode type can be found here
