Skip to Content

Microsoft AZ-120: How to Create an Azure Policy for SAP Production Landscape Deployment?

By: Author Alex Lim

Posted on

Categories Exam

Learn how to create an Azure policy that limits which applications can be installed on VMs and ensures the latest VM extension version is deployed for an SAP production landscape in Azure.

Table of Contents

Question

You are deploying an SAP production landscape in Azure.

You need to create an Azure policy that meets the following requirements:

  • Limits which applications can be installed on virtual machines
  • Ensures that when a virtual machine is deployed, the virtual machine has the latest version of the extension to be installed

How should you complete the policy? To answer, select the appropriate options in the answer area.

“policyRule”: {
“if”: {
“allOf”: [
{
“field”: “type”,
“equals”: “Microsoft.Compute/vurtualMachines/extensions”
},
“field”: “Microsoft.Compute/vurtualMachines/type”,
“notIn”: __________
}
]
},
“then”: {
“effect”: __________

}

A. “Microsoft.Azure.Monitor”
B. “Microsoft.Azure.Monitoring.DependencyAgent”
C. “Microsoft.GuestConfiguration”
D. “Microsoft.HanaOnAzure/sapMonitors”

A. Append
B. Audit
C. DeployIfNotExists
D. Modify

Answer

C. “Microsoft.GuestConfiguration”

C. DeployIfNotExists

Explanation

To create an Azure policy that limits which applications can be installed on virtual machines and ensures the latest VM extension version is deployed when deploying an SAP production landscape in Azure, you should complete the policy as follows:

“policyRule”: {
“if”: {
“allOf”: [
{
“field”: “type”,
“equals”: “Microsoft.Compute/virtualMachines/extensions”
},
{
“field”: “Microsoft.Compute/virtualMachines/extensions/type”,
“notIn”: [“Microsoft.GuestConfiguration”]
}
]
},
“then”: {
“effect”: “DeployIfNotExists”

}
}

  • In the “if” block, the first condition checks if the resource type is a virtual machine extension.
  • The second condition uses the “notIn” operator with the value [“Microsoft.GuestConfiguration”] to limit which applications (extensions) can be installed on the VMs. The Guest Configuration extension allows installing and configuring applications inside Azure VMs.
  • In the “then” block, the “effect” is set to “DeployIfNotExists”. This ensures that if a matching VM is deployed without the specified extension, Azure Policy will automatically deploy the latest version of that extension to the VM.

So in summary, this policy definition will restrict which VM extensions can be installed to only allow the Microsoft.GuestConfiguration extension, and will automatically deploy the latest version of that extension whenever a matching VM is provisioned that doesn’t already have it.

Microsoft AZ-120 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-120 exam and earn Microsoft AZ-120 certification.