You are designing a large Azure environment that will contain many subscriptions.
You plan to use Azure Policy as part of a governance solution.
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.ABD
Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources.
https://docs.microsoft.com/en-us/azure/governance/policy/overviewAzure Policy is a service in Azure that allows you to create, assign, and manage policies for enforcing compliance across your resources in Azure. Policies can be used to enforce regulations, standards, and organizational requirements. Azure Policy can be assigned at different scopes, which define the level of management for the policy definition.
The three scopes where you can assign Azure Policy definitions are:
A. Management groups: A management group is a collection of subscriptions that can be managed as a single entity. Policies assigned at the management group level apply to all the subscriptions and resource groups within that management group. This allows you to enforce policies across multiple subscriptions and resource groups.
B. Subscriptions: A subscription is a container that holds resources such as virtual machines, databases, and storage accounts. Policies assigned at the subscription level apply to all the resource groups and resources within that subscription. This allows you to enforce policies at a specific subscription level.
D. Resource groups: A resource group is a container that holds resources that share the same lifecycle, permissions, and policies. Policies assigned at the resource group level apply to all the resources within that resource group. This allows you to enforce policies at a granular level for specific sets of resources.
Therefore, the correct answers are A, B, and D.
Option C, Azure Active Directory (Azure AD) tenants, and option E, Azure Active Directory (Azure AD) administrative units, are not valid scopes for Azure Policy.
Option F, compute resources, is also not a valid scope for Azure Policy. Compute resources are types of Azure resources such as virtual machines, virtual machine scale sets, and Azure Kubernetes Service (AKS) clusters that can be managed with Azure Policy, but they are not scopes for assigning policies.