You are in the process of configuring an Azure policy via the Azure portal. Your policy will include an effect that will need a managed identity for it to be assigned. Which of the following is the effect in question?
Answer: C, DeployIfNotExist
Reason: The DeployIfNotExist effect in Azure Policy requires a managed identity to be assigned when the policy is created.
Reference: https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects#deployifnotexists
Correct answer C. DeployIfNotExist
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure
Azure Policy supports the following types of effect:
Append: adds the defined set of fields to the request
Audit: generates a warning event in activity log but doesn't fail the request
AuditIfNotExists: generates a warning event in activity log if a related resource doesn't exist
Deny: generates an event in the activity log and fails the request
DeployIfNotExists: deploys a related resource if it doesn't already exist
Disabled: doesn't evaluate resources for compliance to the policy rule
Modify: adds, updates, or removes the defined set of fields in the request
EnforceOPAConstraint (deprecated): configures the Open Policy Agent admissions controller with Gatekeeper v3 for self-managed Kubernetes clusters on Azure
EnforceRegoPolicy (deprecated): configures the Open Policy Agent admissions controller with Gatekeeper v2 in Azure Kubernetes Service
Correct answer C. DeployIfNotExist
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure
Azure Policy supports the following types of effect:
Append: adds the defined set of fields to the request
Audit: generates a warning event in activity log but doesn't fail the request
AuditIfNotExists: generates a warning event in activity log if a related resource doesn't exist
Deny: generates an event in the activity log and fails the request
DeployIfNotExists: deploys a related resource if it doesn't already exist
Disabled: doesn't evaluate resources for compliance to the policy rule
Modify: adds, updates, or removes the defined set of fields in the request
EnforceOPAConstraint (deprecated): configures the Open Policy Agent admissions controller with Gatekeeper v3 for self-managed Kubernetes clusters on Azure
EnforceRegoPolicy (deprecated): configures the Open Policy Agent admissions controller with Gatekeeper v2 in Azure Kubernetes Service
The DeployIfNotExist effect in Azure policy allows you to automatically deploy and configure resources if they do not exist. When using this effect, a managed identity is required to perform the necessary deployment actions on behalf of the policy.
C is the answer.
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects#deployifnotexists
Similar to AuditIfNotExists, a DeployIfNotExists policy definition executes a template deployment when the condition is met. Policy assignments with effect set as DeployIfNotExists require a managed identity to do remediation.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AKYK
Highly Voted 3 years, 6 months agoSecurityAnalyst
Highly Voted 3 years, 7 months agoSabr_
Most Recent 20 hours, 28 minutes agostonwall12
1 month, 3 weeks agoRuffyit
5 months, 1 week agoJimmy500
9 months, 3 weeks agomeeko86
1 year, 7 months agoAzureAdventure
1 year, 8 months agoESAJRR
1 year, 9 months agoAndre369
1 year, 10 months agozellck
1 year, 11 months agoETV
1 year, 11 months agomajstor86
2 years, 1 month agoamitdimpy
2 years, 2 months agoAmit3
2 years, 6 months agoEltooth
3 years agoCessyd
3 years, 3 months ago