Learn how to use Azure policy to enforce rules and effects for your Azure resources, such as preventing virtual machines from being created in certain resource groups.
Table of Contents
Question
Tradewind Traders has migrated its data and resources to Azure cloud services. They currently have multiple subscriptions and virtual networks in place. As part of their ongoing cloud implementation management wants to have the ability to prevent virtual machines from being created in certain resource groups. Which of the following can be used to prevent VM’s being created in specific resource groups?
A. Azure policy
B. Lock
C. Azure role
D. Tag
Answer
A. Azure policy
Explanation
The correct answer is A. Azure policy.
An Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. In this question, we would create an Azure policy assigned to the resource group that denies the creation of virtual machines in the resource group.
Azure policy is a service that allows you to create and assign policies that enforce rules and effects for your Azure resources. You can use Azure policy to prevent virtual machines from being created in certain resource groups by applying a policy definition that denies the creation of virtual machines at the resource group scope. For example, you can use the built-in policy definition named “Not allowed resource types” and specify “Microsoft.Compute/virtualMachines” as the value for the notAllowedResourceTypes parameter. This policy will block any attempt to create a virtual machine in the resource group where the policy is assigned. You can also create your own custom policy definitions to meet your specific requirements.
Locks, roles, and tags are not the correct choices because they do not provide the same functionality as Azure policy. Locks are used to prevent accidental or malicious deletion or modification of resources, but they do not prevent the creation of new resources. Roles are used to grant permissions to users, groups, service principals, and managed identities to perform actions on Azure resources, but they do not enforce rules or effects on the resources. Tags are used to organize and categorize your Azure resources based on metadata, but they do not prevent or allow any operations on the resources.
Microsoft Azure AI Fundamentals AI-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure AI Fundamentals AI-900 exam and earn Microsoft Azure AI Fundamentals AI-900 certification.