Based on the exhibit, a compliance dashboard shows that several storage accounts are marked noncompliant because they do not have the required tag. The policy itself is correct, but one business unit needs a temporary exception for a single resource group during a merger. What should the administrator configure?
A policy exemption lets the administrator document and scope a temporary exception without disabling the policy for the rest of the environment. Because the request applies to one resource group for a limited time, an exemption at that scope is the cleanest governance solution.
Why this answer
A policy exemption at the rg-merger01 resource group scope is the correct solution because it allows the administrator to temporarily exclude a specific resource group from the policy's enforcement or compliance evaluation without modifying or deleting the original policy assignment. This is designed for scenarios like mergers where a short-term exception is needed, and it maintains the policy's integrity for all other scopes.
Exam trap
The trap here is that candidates often confuse a policy exemption with modifying the policy effect or scope, not realizing that exemptions are the only built-in mechanism to grant a temporary, scoped exception without affecting the rest of the environment.
How to eliminate wrong answers
Option B is wrong because deleting the policy assignment from corp-root would remove the policy from all resources under that root scope, not just rg-merger01, causing a broader compliance gap that would require manual re-creation later. Option C is wrong because moving rg-merger01 to a separate subscription is an overly complex and disruptive workaround that may break dependencies, incur additional management overhead, and does not address the temporary nature of the exception. Option D is wrong because changing the policy effect to Audit would make the policy non-enforcing for all resources under the assignment scope, not just rg-merger01, and would still mark resources as noncompliant without providing a true exception mechanism.