Generate an ICG-standard Resource Group name, mandatory tag values, Azure Bash command, and email submission to DL_SG_IT_Team@incorp.asia.
Request Form
Mandatory Tags
Fields such as Environment, Region, Department, Criticality, Data Classification, and Cost Center must use the provided dropdown values to match the Azure Policy ICG-PROD-Require-Mandatory-RG-Tags.
Generated Azure Bash Command
Fill in the form and click "Generate Azure Bash Command".
ICG Azure Governance
Resource Deployment
Select subscription, workload tier, and required Azure resources. The portal generates dependency-ordered Azure CLI commands with mandatory tags and an architecture diagram.
1
Subscription & Environment
2
Workload Tier
Selecting a tier auto-checks the suggested resource cards below. You can adjust manually.
VNet Integration detected — Consumption Plan does not support VNet Integration. Hosting Type has been automatically switched to Elastic Premium (EP1). An EP1 plan will be created before the Function App.
Storage Account
Lowercase, 3–24 chars, alphanumeric only
Container Registry
Alphanumeric only, 5–50 chars
Container App Environment
Container App
Key Vault
3–24 chars, alphanumeric + hyphen
SQL Managed Instance
Provisioning takes 4–6 hours. Subnet must be delegated to Microsoft.Sql/managedInstances. Passwords must be set in Key Vault — not hardcoded.
Cannot be 'admin', 'administrator', 'sa', 'root', or 'postgres'
Security: Admin password will be retrieved from Key Vault at deploy time. Pre-create the secret pg-admin-password in your Key Vault before running the generated command. Public access is disabled by default — Private Endpoint is created if Network is enabled.
Azure OpenAI
Requires subscription-level approval. Apply at aka.ms/oai/access before deploying models.
Document Intelligence
Virtual Machine
Max 6 chars — drives name: ICG-{ENV}-{REGION}-{PURPOSE}-01
ICG naming: ICG-{ENV}-{REGION}-{PURPOSE}-{NN}
Auto-populated from VNet when Network is enabled · Default: SNET-ICG-UAT-VM-01
Admin password must be set in Key Vault — not hardcoded. Run: az keyvault secret set --vault-name <KV> --name vm-admin-password --value "<STRONG-PASS>"
5
Mandatory Tags
All tags below are enforced by Azure Policy on PROD subscriptions. Missing any tag will block Resource Group creation.
Auto-filled from Project Name
Mirrors Application — override only if different
6
Network Configuration
Select a subscription above to auto-populate the VNet and subnets for that environment.
If provided, generates: Reader on Resource Group + Contributor on each created resource
Architecture Diagram
Select resources above to preview architecture
Deployment Flow
Flow will appear after generation
Azure CLI Commands
Fill in the form and click "Generate Deployment Commands".
ICG Azure Governance
App Registration Request
Configure an Azure AD App Registration with API permissions, client secret, and optional Exchange / SharePoint access policies. Generates a PowerShell provisioning script for IT review.
