Home › Azure AZ-305 › cloudcomputing › az305identitygov › Which Azure governance feature should an archite…
Which Azure governance feature should an architect recommend to enforce constraints across the entire tenant (e.g. 'no resources outside India regions', 'no public IPs on storage accounts')?
APer-resource manual reviews each quarter
BAzure Policy (assigned at management-group or subscription scope) with definitions like 'Allowed Locations' and built-in security baselines
CAzure DNS
DAzure Bastion
Answer & Solution
Correct answer: B. Azure Policy (assigned at management-group or subscription scope) with definitions like 'Allowed Locations' and built-in security baselines
Azure Policy enforces compliance at scale (per AZ-305 §1 governance). The other options aren't policy services.
Related questions
Which Azure governance service should an architect recommend to track and report regulatorWhich Microsoft Entra feature should an architect recommend so external partners (e.g. conWhich Azure feature should an architect recommend so that the same Microsoft Entra workforWhich Microsoft Entra ID feature should an architect recommend for adaptive risk-based autWhich Azure feature should an architect recommend to give an Azure VM or App Service an idWhich Azure governance hierarchy should an architect recommend so that a single Azure PoliWhich Azure service should an architect recommend to centrally store and rotate secrets, cWhich Microsoft Entra ID feature should an architect recommend to give engineers JIT, appr