vanRoojen LLC

Products • Azure Tag Governance

Canonical Azure tags, cleaned locally.

TagTamer is a no-sign-in Azure tag governance workbench for teams that need consistent tag keys and values without granting a hosted app tenant access.

Build a canonical model, import existing Resource Graph inventory, normalize legacy keys and values, dry-run the resource changes, and export Azure Policy packages with rollback snapshots.

Open TagTamer Agent usage guide

Model preview

Normalize the wild tag estate before policy locks it in.

Environment Prod • Dev • Test
BackupRequired true / false
Owner UPN or group mailbox
Aliases Yes, Y, enabled → true

What it does

A practical workbench for tag cleanup before enforcement.

TagTamer helps operators move from inconsistent, organically grown tags to a canonical model that reporting, automation, FinOps, and Azure Policy can rely on.

01 — Model

Define canonical tags

Start from enterprise templates or observed inventory, then set allowed values, aliases, required defaults, tiers, and policy behavior.

02 — Normalize

Clean existing inventory

Import JSON or CSV inventory, filter observed key/value pairs, bulk-map old syntax, and merge legacy keys into the model.

03 — Package

Export policy artifacts

Generate dry-run plans, rollback snapshots, Azure Policy definitions, initiatives, mapping CSVs, and user-run CLI scripts.

No hosted sign-in

Tenant inventory stays in the operator's hands.

TagTamer is a static browser app. It does not OAuth into Azure, does not run a server-side deployment worker, and does not store imported Azure inventory on a vanRoojen backend.

Operators copy generated Azure CLI commands, run them in their own shell, import the resulting local files, and run exported scripts in the Azure context they control.

Designed for cautious governance.

Dry-run first
Resource-level plans show writes, deletes, warnings, and required tag gaps before package export.
Rollback snapshot
Pre-change tags are exported so a restore plan can be generated later.
Commercial and Gov
Generated commands support Azure Commercial and Azure Government cloud selection.

Multi-estate operations

Use one analytics UI without mixing estates.

The same TagTamer UI can serve different products, tenants, customers, subscriptions, or sovereign-cloud boundaries. The key is keeping each estate's inventory, settings, mappings, rollback snapshots, and packages separate.

  • Use estate-specific files such as tagtamer.rmm-prod.inventory.json.
  • Reopen the matching saved settings before importing a new inventory.
  • Do not deploy a package from one estate into another without re-exporting it.
  • Aggregate summaries later only when the estate id is preserved.

Agent-friendly handoffs.

Estate id
Every inventory, plan, rollback, and policy package should name the estate it belongs to.
Shared model, local aliases
A common governance model can be reused while aliases and defaults remain estate-specific.
Documented prompt
The public AI-agent guide gives project agents a safe starting prompt and checklist.

Launch

Open the standalone TagTamer workbench.

Use TagTamer from its own product host, then export estate-specific settings and packages for future updates.

Product host
tagtamer.vanroojen.com
Open TagTamer