Exam AZ-104 topic 2 question 57 discussion

Since the discussion added a lot of confusion cause a lot of people in here just drop random facts without any proof,misleading people, i tested it at an Azure lab. In the scope field at the "Basics" tab i was able to select "Tenant Root Group" or "Management Group1" with the optional entries of Subscription and Resource group So ""you can assign policy to Tenant Root Group,ManagementGroup1,Subscription1 and RG1"" As for the second answer about the exclusions, i was able to select all the items in the scope EXCEPT the Tenant Root Group Therefore the correct answer would be ""ManagementGroup1,Subscription1,RG11 and VM1"" I hope that helps

Wrong! You can assign a policy to the Root, Management Group, Subscription and Ressource Group BUT NOT A RESSOUCE ITSELF! Test it in Portal! 2nd part of answer seems to be correct. You can not Exclude the highest scope that you can assign to. I tried it in portal as well and it wont save the exclusion Tenant Root Group

Just checked: Go to the VM > Operations > Policies and there you have the options to assign a policy or initiative.

1/ You can assign Policy1 to: Tenant Root Group, Management Group 1, Subscription 1, RG1,VM1 2/ You can exclude Policy1 to: Management Group 1, Subscription 1,RG1,VM1 Refer the link https://learn.microsoft.com/en-us/azure/governance/policy/overview It states this "Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources. The assignment applies to all resources within the Resource Manager scope of that assignment. Subscopes can be excluded"

The answer is correct. You CAN assign a policy to a RESOURCE level using AZURE PORTAL as well. But to do this you have to do it from the resource dashboard or using cli. go to VM1->Operations->Policies->Assign Policy->Scope->Subscription1/MG1/RG1/VM1

2025-Jan Tested in LAB: you can assign policy to Tenant Root Group,ManagementGroup1,Subscription1 and RG1, VM1 allow exclusions

!! Please be careful not to share incorrect information! According to Microsoft documentation: "policies can be assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources." !! -

Wrong You can assign Policy1 to: Tenant Root Group, ManagementGroup1, and Subscription1 only You can exclude Policy1 from: ManagementGroup1, Subscription1, RG1, and VM1 only

tested on lab, you can assign policy on vm

Policies can be applied to the resource like VM https://learn.microsoft.com/en-us/azure/governance/policy/concepts/recommended-policies

You can assign Policy1 to Tenant Root Group, ManagementGroup1, Subscription1, and RG1 only You can exclude Policy1 from ManagementGroup1, Subscription1, RG1, and VM1 only

given answer is correct.

Feeling tired of reading discussions. examtopics please quality seems ?

In the name of discussion most confusion is created and makes me think is it worth paying $65 to examtopics. I thought examtopics would be a good material so far out of 90 questions most of them have not been given exact answer

the key in question is only

You can Assign policy to: Tenant Root Group, ManagementGroup1, Subscription1 and RG1 ONLY" You can Exclude policy from: ""ManagementGroup1,Subscription1,RG1, and VM1 ONLY""

1/ You can assing Policy1 to: Tenant Root Group, Mangement Group 1, Subscription 1, RG1,VM1 2/ You can exclude Policy1 to: Mangement Group 1, Subscription 1,RG1,VM1 "Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources." https://learn.microsoft.com/en-us/azure/governance/policy/overview "Subscopes can be excluded, if necessary. "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/overview#understand-scope