From the Azure portal, you are configuring an Azure policy.
You plan to assign policies that use the DeployIfNotExist, AuditIfNotExist, Append, and Deny effects.
Which effect requires a managed identity for the assignment?
Click on the arrows to vote for the correct answer
A. B. C. D.C
When Azure Policy runs the template in the deployIfNotExists policy definition, it does so using a managed identity.
https://docs.microsoft.com/bs-latn-ba/azure/governance/policy/how-to/remediate-resourcesThe answer is option D: Deny.
Azure Policy is a service in Azure that enables you to create, assign, and manage policies that enforce different rules and effects over your Azure resources. The policies can be defined to enforce compliance, security, or governance, among others. Policies have different effects that can be applied to resources. These effects determine how Azure Policy enforces the policy.
The four effects mentioned in the question are:
Out of these effects, only the Deny effect requires a managed identity for the assignment. A managed identity is an Azure Active Directory (Azure AD) object that provides secure credentials for services to authenticate themselves with Azure AD. In the context of Azure Policy, a managed identity can be used to assign a policy to a resource group or subscription. When a policy with a Deny effect is assigned to a resource group or subscription, it prevents the deployment or modification of resources that violate the policy. The managed identity is used to perform this enforcement action.
In summary, if you plan to assign policies that use the Deny effect, you will need to use a managed identity for the assignment. The other effects mentioned in the question (DeployIfNotExist, AuditIfNotExist, and Append) do not require a managed identity for the assignment.