Microsoft Azure Architect Design (AZ-301) Practice Exam

What is the preferred solution to enforce restrictions on virtual machine provisioning?

• A. Conditional access policies
• B. Azure Policy
• C. Azure Resource Manager templates
• D. Role-based access control (RBAC)

The correct answer is: Azure Policy

The preferred solution to enforce restrictions on virtual machine provisioning is Azure Policy. Azure Policy allows you to create, assign, and manage policies that enforce specific rules and effects on your Azure resources. It helps ensure that resources are compliant with your organization's standards and service level agreements by actively monitoring and controlling resource creation and configuration. Using Azure Policy, you can define specific constraints such as allowed VM sizes, regions, and configurations. This ensures that virtual machines are provisioned in a way that adheres to your governance requirements. If a user attempts to deploy a virtual machine that does not comply with an assigned policy, the deployment will be denied, thus ensuring that only compliant resource configurations are used. While conditional access policies, Azure Resource Manager templates, and Role-based access control (RBAC) serve important roles in Azure management, they do not specifically target the provisioning restrictions of virtual machines in the same way that Azure Policy does. Conditional access policies are more focused on user authentication and access controls, Azure Resource Manager templates are used primarily for resource deployment and infrastructure as code, and RBAC manages permissions and actions users can take on resources but does not enforce specific configuration standards. Therefore, Azure Policy stands out as the most appropriate mechanism for enforcing restrictions on virtual machine provisioning.