Microsoft Azure Architect Design (AZ-304) Practice Test

To allow developers to provision Azure virtual machines in specific regions and sizes, what should be included in the recommendation?

• A. Azure Resource Manager templates
• B. Azure Policy
• C. conditional access policies
• D. role-based access control (RBAC)

The correct answer is: Azure Policy

In this context, the most appropriate recommendation is to utilize Azure Policy. Azure Policy is designed to enforce organizational standards and assess compliance at scale. By creating policies, you can define specific rules regarding the allowed regions and sizes for virtual machines. These rules ensure that developers can only provision resources that conform to the defined criteria, thus managing resources effectively and maintaining governance across your Azure environment. Using Azure Policy, you can implement policies that restrict the creation of resources outside of the specified regions and sizes, leading to better resource management, cost control, and compliance with organizational standards. This is especially important in scenarios where certain regions might be preferred due to performance, compliance, or cost considerations. In contrast, while Azure Resource Manager templates are useful for deploying resources consistently, they do not inherently enforce policies on resource provisioning. Conditional access policies are related to access management and not specifically for resource provisioning controls. Role-based access control (RBAC) can manage who has access to resources but does not provide the mechanism to limit the specific regions or sizes developers can use.