Last updated on July 3, 2023
Azure Policy Cheat Sheet
- Ensure resources are compliant with a set of rules.
- Manage your policies in a centralized location where you can track their compliance status and verify the non-compliant resources.
- Select between built-in policies and custom policies.
- Implement proper guardrails and assess compliance across the organization
- Policy vs. RBAC
- A policy maintains compliance with the resource state, while RBAC focuses on controlling user actions at different scopes.
- Even if the user has access to perform an action, if the result is a non-compliant resource, the policy will still block the create or update option.
- JSON format is used to create a policy.
- You can manage the evaluation and outcome with resource provider, and the results are reported to Azure Policy.
- Policy order of evaluation: Disabled, Append/Modify, Deny and Audit
- Azure Policy effects:
- Append – add additional fields to the requested resource.
- Audit – a warning event for a non-compliant resource.
- AuditIfNotExists – audit the resources when the condition is met.
- Deny – prevents the request before being sent to the Resource Provider.
- DeployIfNotExists – if the condition is met, it allows you to execute a template deployment.
- Disabled – allows you to disable a single assignment, rather than disabling all assignments under that policy.
- Modify – manage tags of resources.
- Determine the assigned resources with policy assignments.
Azure Policy vs Azure Role-Based Access Control (RBAC):
https://tutorialsdojo.com/azure-policy-vs-azure-role-based-access-control-rbac/
Validate Your Knowledge
Question 1
Question Type: Single choice
Your company created a new Azure policy. You need to interpret the permissions that are allowed or denied by the policy shown below:
What is the effect of this policy?
- A user is restricted from creating any Azure Virtual Networks in
TD Subscription
. - A user is allowed to create Azure Virtual Networks in
TD-RG
only. - A user is restricted from creating Azure Virtual Networks in
TD-RG
. - A user is allowed to create Azure Virtual Networks in any resource group within
TD Subscription
.
For more Azure practice exam questions with detailed explanations, check out the Tutorials Dojo Portal:
Azure Policy Cheat References:
https://azure.microsoft.com/en-us/services/azure-policy/
https://docs.microsoft.com/en-us/azure/governance/policy/overview
AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!
Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!
View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses