We have a customer running the latest version of Veeam Backup for Azure. Their Azure tenant has a top-level Deny policy that requires 11 mandatory tags on every resource at creation time. If a resource is created without all 11 required tags, Azure denies the create operation outright.
The "Custom tags" setting in VBA snapshot rules is currently limited to 5 tags. This means VBA cannot supply all 11 tags that the customers Deny policy mandates. As a result, when VBA attempts to create a snapshot, the Azure Deny policy blocks the create operation because the required tags are missing, and the snapshot (and therefore the backup) fails. We temporary exempt RG from policy, but security guys are not happy :/
Is there any chance to expanding that limitation from 5 to greater number?
I selected that option to copy tags from the source disk to the snapshot, but it doesn't seem to work, or I didn't need to enable "Add custom tags to created snapshots" as well. In any case, we hit a policy block when running the backup/snapshot creation job. I'm not entirely clear on the mechanics behind this in Veeam. When I check the resources created by Veeam in Azure, I see my 5 custom tags and a few Veeam-bound tags: Veeam backup appliance ID, veeam01, and veeam02.