Your company has an Azure subscription that contains resources in several regions.
You need to ensure that administrators can only create resources in those regions.
What should you use?
Click on the arrows to vote for the correct answer
A. B. C. D.B
The correct answer is A, the Azure portal.
Azure Cloud Shell is a web-based, interactive shell environment that allows users to manage and deploy Azure resources from the Azure Portal. The Azure Cloud Shell can be launched from the Azure portal by clicking on the Cloud Shell icon in the top navigation menu.
Azure Command-Line Interface (CLI) and Azure PowerShell are both command-line interfaces that can be used to manage and deploy Azure resources, but they are not the correct options for starting the Azure Cloud Shell.
An Azure Resource Manager (ARM) template is a JSON file that defines the infrastructure and configuration for your Azure solution. ARM templates are used to automate the deployment and management of Azure resources, but they are not used to start the Azure Cloud Shell.
Therefore, the correct option to start the Azure Cloud Shell is A, the Azure portal.
The correct answer is B. an Azure policy.
An Azure policy is a service in Azure that allows you to create, assign, and manage policies that enforce rules and effects over your resources. You can use Azure policies to enforce compliance with your corporate standards and best practices for security, operations, and compliance.
To ensure that administrators can only create resources in specific regions, you can create an Azure policy that restricts resource creation to those specific regions. You can also assign this policy to the relevant scope, such as the subscription or resource group. Once assigned, Azure will evaluate the policy and prevent administrators from creating resources in regions that are not allowed by the policy.
Here are some additional details on the other options:
A. A read-only lock is a feature in Azure that prevents all users, including administrators, from deleting or modifying a resource. This would not help to restrict resource creation to specific regions.
C. A management group is a way to manage access, policy, and compliance across multiple subscriptions. While management groups can help you manage access to resources, they do not provide the ability to restrict resource creation to specific regions.
D. A reservation is a way to prepay for a specific Azure resource, such as a virtual machine or database, to receive a discount. This would not help to restrict resource creation to specific regions.