A company uses Microsoft Defender for Cloud to assess the security posture of their Azure subscriptions. They want to receive alerts when a resource is deployed without encryption enabled. What should they configure?
Correct: Azure Policy enforces encryption requirements.
Why this answer
Azure Policy with a custom policy definition can audit or deny resources without encryption. Defender for Cloud's regulatory compliance dashboard shows compliance status. Security alerts are for threats, not configuration drift.
Azure Blueprints are for packaging resources.