Skip to Content

AI-900: How to use Azure policy to limit resource creation by location

Learn how to use Azure policy to enforce resource consistency and compliance by creating a policy definition that specifies the allowed locations for your resources and assigning it to the appropriate scope.

Table of Contents

Question

Tradewind Traders has migrated its data and resources to Azure cloud services. They currently have multiple subscriptions and virtual networks across multiple regions. As part of their ongoing cloud implementation management is implementing a policy that limits the creation of additional Azure resources by administrators to a region based on their office location and country. Which of the following can be used to implement this policy?

A. Read-only lock
B. Reservation
C. Azure policy
D. Management Group

Answer

C. Azure policy

Explanation

Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.

The correct answer is C. Azure policy.

Azure policy is a service in Azure that allows you to create, assign and manage policies that enforce rules and effects for your resources. You can use Azure policy to implement governance for resource consistency, regulatory compliance, security, cost and management.

In this scenario, Tradewind Traders wants to limit the creation of additional Azure resources by administrators to a region based on their office location and country. This is an example of resource consistency, as they want to ensure that their resources are deployed in a standardized and organized way. Azure policy can help them achieve this by creating a policy definition that specifies the allowed locations for their resources, and assigning it to the appropriate scope of resources, such as subscriptions or resource groups. The policy definition can also use parameters to customize the values for the allowed locations, such as “US East” or “UK South”. The policy effect can be set to “deny” to prevent the creation of resources that do not comply with the policy, or “audit” to log the violations for later review.

The other options are not correct because they do not help to implement the desired policy. A read-only lock is a mechanism that prevents any changes to a resource or resource group, such as deleting or modifying the resource. A reservation is a way to pre-pay for one or three years of a virtual machine, SQL database compute capacity, Azure Cosmos DB throughput, or other Azure resources to get a discounted rate. A management group is a container that helps you organize your subscriptions and apply governance controls, such as policies and role-based access control, at a large scale.

Microsoft Azure AI Fundamentals AI-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure AI Fundamentals AI-900 exam and earn Microsoft Azure AI Fundamentals AI-900 certification.

Microsoft Azure AI Fundamentals AI-900 certification exam practice question and answer (Q&A) dump