Home › Forums › Azure › AZ-104 Microsoft Azure Administrator › az-104 set 3. Azure Policy allow/deny virtual network
-
az-104 set 3. Azure Policy allow/deny virtual network
-
The question defines policies:
Allowed resource types – “virtual network” for TD-Management-Group20
Not allowed resource types – “virtual network” for tenant root group
One of the question is “You can create a virtual machine in TD-Subscription2”
There is no policy that restricts virtual machine creation but correct answer that VM creation is not allowed – “Tenant Root Group has a Deny policy”.
Looks like a typo somewhere and question should ask regarding virtual network not VM.
-
Hi Kiryl T,
Thank you for bringing this to our attention. The statement that says, “You can create a virtual machine in TD-Subscription2,” is indeed incorrect. The Tenant Root Group has a Deny policy that restricts the creation of virtual networks, and since virtual machines require a virtual network to be deployed, this Deny policy also prevents the creation of virtual machines in TD-Subscription2.
To accurately address the scenario, it should clarify that the policy restricts the creation of virtual networks. Therefore, if a virtual network cannot be created due to the Deny policy, a virtual machine can also not be deployed. The assigned policy needs to be adjusted or removed to enable the creation of a virtual machine.
I hope this clarifies your question.
Cheers,
Irene @Tutorials Dojo
-
Hi Irene,
Thanks a lot for clarification. I probably missed some details of the clarifications for this question. I double checked it once again and everything is clear now!
It was a bit tricky question for me. Thanks a lot for your time and for the detailed explanation.
-
Log in to reply.