AZ-900 Exam - Question 72

You can assign a policy to any scope that you have access to, such as a management group, subscription, or resource group. However, you cannot assign a policy directly to an individual resource. You can assign a lock on every Azure resource that you have access to. You can apply a lock at different levels of scope: subscription, resource group, or individual resource. So, the right answer is "Lock"!

Got this on 12/11/2023

Lock is correct answer - confirmed from ChatGPT

Azure Policies can be set at each level, enabling you to set policies on a specific resource, resource group, subscription, and so on. reference: https://learn.microsoft.com/en-us/training/modules/describe-features-tools-azure-for-governance-compliance/3-describe-purpose-of-azure-policy Resource locks can be applied to individual resources, resource groups, or even an entire subscription. reference:https://learn.microsoft.com/en-us/training/modules/describe-features-tools-azure-for-governance-compliance/4-describe-purpose-of-resource-locks both policy and resource lock can be applied to individual resource. either this question is a multiple choice or I would say policy. why not the lock? because it is just lock and not precised enough as "resource lock"

Its Policy just because the term “assign” might not be the best fit for lock. Lock is applied not assigned

"Policy" The correct answer is "Azure Policy". Azure Policies can be assigned to every resource in Azure to enforce rules and effects, helping you prevent IT issues. Other options like Azure Locks, Azure Blueprints, and Azure Service Endpoints have certain limitations or specific use cases and cannot be assigned to absolutely every resource in Azure.

ANSWER : POLICY ! DONE GO TO NEXT QST

On exam 03-2024

Como administrador, puede bloquear una suscripción, un grupo de recursos o un recurso de Azure para protegerlos de eliminaciones y modificaciones accidentales del usuario

"Lock" seems to be correct here, from what I can tell "To view, add, or delete locks in the Azure portal, go to the Settings section of any resource's Settings pane in the Azure portal." Sauce: https://learn.microsoft.com/en-us/training/modules/describe-features-tools-azure-for-governance-compliance/4-describe-purpose-of-resource-locks

I think "Lock" is more like to be the answer. because I think some types of resource is not able to assign "Policy". but I am not so sure.

This comment thread seems to be fairly new... There doesn't seem to be any Microsoft resource online that suggests that either POLICIES or LOCKS cannot be applied to every resource. This may have originally been a multi-choice question. So, LOCK and POLICY are both correct...? Unless I'm proven wrong - provide a source.

Policy https://learn.microsoft.com/en-us/answers/questions/1086208/assign-policy-to-specific-resource-in-azure

https://learn.microsoft.com/en-us/azure/governance/policy/overview Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions. Seems both Lock and Policy are right answers

why is not policy?