Home › Forums › Azure › AZ-104 Microsoft Azure Administrator › az-104 set 3. Azure Policy allow/deny virtual network › Reply To: az-104 set 3. Azure Policy allow/deny virtual network
-
Hi Kiryl T,
Thank you for bringing this to our attention. The statement that says, “You can create a virtual machine in TD-Subscription2,” is indeed incorrect. The Tenant Root Group has a Deny policy that restricts the creation of virtual networks, and since virtual machines require a virtual network to be deployed, this Deny policy also prevents the creation of virtual machines in TD-Subscription2.
To accurately address the scenario, it should clarify that the policy restricts the creation of virtual networks. Therefore, if a virtual network cannot be created due to the Deny policy, a virtual machine can also not be deployed. The assigned policy needs to be adjusted or removed to enable the creation of a virtual machine.
I hope this clarifies your question.
Cheers,
Irene @Tutorials Dojo