A company wants to ensure that all Azure resources are tagged with a 'CostCenter' tag at creation time. If a resource is created without the tag, it should be automatically denied. Which Azure Policy effect should they use?
Trap 1: B) audit
Audit only logs non-compliant resources; it does not block their creation.
Trap 2: C) append
Append adds the missing tag but does not deny creation if the tag cannot be added.
Trap 3: D) deployIfNotExists
DeployIfNotExists deploys additional resources to correct non-compliance, but does not block the original resource creation.
- A
A) deny
The deny effect prevents resources from being created if they do not comply with the policy condition.
- B
B) audit
Why wrong: Audit only logs non-compliant resources; it does not block their creation.
- C
C) append
Why wrong: Append adds the missing tag but does not deny creation if the tag cannot be added.
- D
D) deployIfNotExists
Why wrong: DeployIfNotExists deploys additional resources to correct non-compliance, but does not block the original resource creation.