Skip to main content

General Concept

Structure

In order to be able to standardise the environments, naming is incredibly important.

The following contents must be included in the name of an entity:

  • Object entity (Microsoft Entra ID Group, Intune Configuration Profile, Microsoft Entra ID Administrative Unit, AD Group, etc.)
  • Affected Technology (Azure Virtual Desktop, Cloud PC, Modern Workplace, etc.)
  • Scope (ELB, PRD, DEV, ALL, etc.)
  • Object type (USER, DEVICE, PERMISSION, ALL, etc.)
  • Description of Environment in Pascal Case-Convention (I am doing something -> IAmDoingSomething)
  • Production status (PROD, NONPROD, TODELETE, etc.)
  • (Location)

Hyphen can be used to separate the entities.

Basic concept

<Entity>-<Affected Technology>-<KGTag>-<Object>-<Description>-<Status>

Tag Name

BeschreibungDescription

BeispieleExamplee

Entity

What is the object?

ST, RB, CAP, CAR

Affected Technology

Which technology is affected?

MW, CVD, AVD, CPC, WIN, INT, MEID, MFT, RB, SPO, EXO, TVW, ALL

KGTag

Which scopes are affected?

BKW, CCE, LTB, IFB, ALL

Object

Which objects are affected?

USER, DEVICE, GROUP, ROLE, PERMISSION, INTUNE, ALL

Description

What is the purpose?

Short description in Pascal Case

Status

How is this object used?

PROD, NONPROD, DELETED

For example:

MEID-WIN-ALL-USER-IamDoingSomething-PROD

Specific to technology

Exchange Online


Microsoft Entra ID

Microsoft Entra ID Groups

MEID-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: MEID-MW-ALL-USER-IAmDoingSomething-NONPROD

AllUsers Gruppe

MEID-<Technology>-<KGTag>-<Object>-AllCompanyUsers-<Status>
Example: MEID-ALL-BKW-USER-KGAllUsers-PROD

AllAdmins Gruppe

MEID-<Technology>-<KGTag>-<Object>-AllAdminAccounts-<Status>
Example: MEID-WIN-BKW-USER-KGAllAdmins-PROD

Conditional Access

CA-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: CA-WIN-ALL-USER-IamDoingSomething-PROD

Custom Ayure Rollen

CAR-MEID-ALL-ROLE-<Description>-<Status>
Example: CAR-MEID-ALL-ROLE-KGReader-PROD

Administrative Units

ADU-<Technology>-<KGTag>-GROUPS-<Description>-<Status>
Example: ADU-MW-CCE-GROUPS-Role01-PROD

Intune

Deployment Profile

DEP-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: DEP-MW-BKW-DEVICE-KGProfile-PROD

Devicenames

<Technology>-<KGTag>-<6 zufällige Zahlen>
Zum Example:
MW-PRD-719475
CPC-HIN-719475
CVD-ARN-719475

GroupTag

GRT-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: GRT-MW-BKW-DEVICE-KGDevice-PROD

Enrollment Service Profiles

ESP-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: ESP-MW-BKW-DEVICE-KGEnrollment-PROD

Filter

FI-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: FI-CPC-BIT-DEVICE-CompanyDevices-PROD

Configuration Profiles

CFP-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: CFP-WIN-ALL-DEVICE-SecurityBaselines-PROD

Compliance Policies

CPP-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: CPP-MW-LTB-USER-BitlockerActivation-NONPROD

Device Script

DSC-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: DSC-MW-ALL-DEVICE-InstallFollowMePrint-PROD

Remediation Scripts

RSC-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: RSC-MW-BBS-PS1-EnableSecureBoot-NONPROD

PowerShell Scripts

PSS-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: PSS-MW-BBS-PS1-ConnectPrinter-PROD

Update Policies

UP-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: UPP-WIN-ALL-DEVICE-Ring1CIT -PROD

Scope Tag

SCT-<Technology>-<KGTag>-INTUNE-<Description>-<Status>
Example: SCT-INT-BKW-INTUNE-KGObjects-PROD

Custom Intune Rollen

IRO-<Technology>-<KGTag>-ROLE-<Description>-<Status>
Example: IRO-CVD-BIT-USER-LimitedIntuneReader-PROD

Intune Role Assignment

IRA-INT-<KGTag>-ROLE-<RollenName>-<STATUS>
Example: IRA-INT-CCE-ROLE-KGReader-PROD

Account Protection Policies

ACP-<Technology>-<KGTag>-<Object>-<SN>-<Status>

Example: ACP-WIN-BBS-DEVICE-5CG9272S38-PROD

Intune Apps

IAP-<Technology>-<KGTag>-<Object>-<App Name>-<Status>
Example: IAP-ALL-BKW-APP-Microsoft.PowerToys-PROD

TeamViewer

TeamViewer Policy

TVP-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: TVP-ALL-ALL-DEVICE-AllCompanyDevices-PROD

TeamViewer Group

TVG-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: TVG-ALL-BKW-DEVICE-AllCompanyDevices-PROD

Cloud PC

Provisioning Policies

PRP-CPC-<KGTag>-USER-<Description>-<Status>
Example: PRP-CPC-BBS-USER-CloudPCAdvanced-PROD

Azure Network Connections Policies

ANC-CPC-<KGTag>-DEVICE-<Description>-<Status>
Example: ANC-CPC-BBS-DEVICE-CloudPCStandardAdmin-PROD

User Settings

US-CPC-<KGTag>-USER-<Description>-<Status>
Example: USS-CPC-BKW-USER-RestorePointFrequency-PROD

Azure Virtual Desktop

MEID App Groups

MEID-AVD-<KGTag>-USER-<Description>-<Status>
Example: MEID-AVD-BKW-USER-APP.Microsoft.Office-PROD

Application Groups

APG-AVD-<KGTag>-APP-<Description>-<Status>-<Location>
Example: APG-AVD-BKW-APP-Messerli.BauAD-PROD-WE

Host Pools

HPO-AVD-<KGTag>-APG-<Description>-<Status>-<Location>

Example: HP-AVD-IFB-APG-AppPool-PROD-WE

Ressourcengroupen

rg-<KGTag>-<Description>-<Status>-<Location>

Workspaces

WSP-AVD-<KGTag>-APG-<Description>-<Status>-<Location>

Example: WS-AVD-ELB-APG-<Description>-PROD-WE

Scaling Plan

SCP-AVD-<KGTag>-HPO-<Description>-<Status>-<Location>

SCP-AVD-BBS-HPO-<Description>-PROD-WE

Citrix Virtual Desktop

GPOs

GPO-CVD-<KGTag>-DEVICE-<Description>-<Status>

Example: GPO-CVD-BKW-DEVICE-IntuneJoin-PROD

AD APP Groups

ADG-CVD-<KGTag>-<Object>-<Description>-<Status>

Example: ADG-CVD-ALL-USER-APP.Microsoft.PowerToys-PROD

Machine Catalog

MAC-CVD-<KGTag>-DEVICE-<Description>-<Status>

Example: MC-CVD-BKW-DEVICE-Sidoun-PROD

App Registrations

AAP-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: AAP-RB-BBS-PERMISSION-CleanUpMEIDDevices-PROD

Custom Enterprise Applications

EAP-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: EAP-SPO-CUR-PERMISSION-SiteXYZ-PROD

Managed Identity

MAI-<Technology>-<KGTag>-<Object>-<Description>-<Status>
Example: MAI-FUNC-BKW-PERMISSION-CreateProfile-PROD

Active Directory

AD Groups

ADG-<Technology>-<KGTag>-<Object>-<Description>-<Status>

Group Policy Management


Azure Function Apps

Functions

FUNC-<Technology>-<KGTag>-<Object>-<Description>-<Status>-<Location>
Example: FUNC-WIN-ALL-PS1-GetStorageTableContent-PROD-WE

Functions Keys

FKEY-<Technology>-<KGTag>-<Object>-<Description>-<Status>-<Location>
Example: FKEY-RS-ALL-KEY-SetLanguageByUPN-PROD-WE

Azure Automation Accounts

Runbooks

RB-<Technology>-<KGTag>-<Object>-<Description>-<Status>-<Location>
RB-EXO-PRD-PS1-CreateDomainByCompany-PROD-WE

Secrets

CERT-<Technology>-<KGTag>-<Object>-<Description>-<Status>-<Location>
CERT-RB-PRD-CERT-CleanUpMEIDDevices-PROD-WE

Variables

VAR-<Technology>-<KGTag>-<Object>-<Description>-<Status>-<Location>
VAR-RB-PRD-CLIENTID-CleanUpMEIDDevices-PROD-WE

Schedules

SCED-<Technology>-<KGTag>-<Object>-<Description>-<Status>-<Location>
SCED-RB-PRD-DAILY-CheckLicenseCount-PROD-WE

Azure Storage

Azure Storage Table

STT-<Technology>-<KGTag>-<Object>-<Description>-<Status>-<Location>
Example: STT-ALL-ALL- -WPCMasterTable-PROD-WE

Identity Access Management