Knowing the timing of policy evaluations is very important also as part of your overall study. <\/strong><\/p>\n\n\n\n You’ll also need to decide how to handle non compliant resources<\/strong>. What are non compliant resources? Should they be locked, flagged, or automatically remediated? And if so, how do you do each one of those things? Understand how remediation tasks can fix issues without manual intervention<\/strong>.<\/p>\n\n\n\n So I would recommend that you go in and practice creating manual remediation tasks<\/strong>. Policy compliance dashboards is another thing. Keep in mind this is where you audit and track compliance across your environment.<\/p>\n\n\n\n Finally study how Azure policy works alongside RBAC. RBAC controls who can do what <\/strong>while Policies control what can be done<\/strong>. Together these are going to be very important things so practice these in your lab so you’re prepared for any questions related to them.<\/p>\n\n\n\n When to use Azure Policy<\/strong><\/p>\n\n\n\n Helps to enforce organizational standards and to assess compliance at-scale Examples: Considerations:<\/p>\n\n\n\n Apply policies at the highest scope possible Use Cases<\/strong> <\/p>\n\n\n\n Design for role-based access control (RBAC)<\/a><\/p>\n\n\n\n Use Cases<\/p>\n\n\n\n Granular Access Control Layered Security Design for Azure landing zones<\/a><\/p>\n\n\n\n A landing zone provides an infrastructure environment for hosting your workloads.<\/p>\n\n\n\n Implements key foundational principles of governance, security, networking, management, and identity![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-28-1024x213.png\")
<\/figure>\n\n\n\n
There’s a large number of built-in policies and you can create your custom ones<\/p>\n\n\n\n
Allow only certain SKus of VMs to be created in a determined subscription
Ensure all resources are correctly tagged – if not, apply the tag
Recommend system updates on your servers
Enable MFA for all subscription accounts<\/p>\n\n\n\n
Know when policies are evaluated<\/strong>
Decide what to do if a resource is non-compliant
Consider when to automatically remediate non-compliant resources
Use the Azure Policy Compliance Dashboard <\/strong>for auditgin and review
Effectivelly combine Azure Policy with RBAC<\/p>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-29.png\")
<\/figure>\n\n\n\n
Regulatory Compliance<\/strong>
Meeting industry regulation (HIPAA, PCI DSS) by enfonrcing policies related to data storage, encryption, and access
Security Posture<\/strong>
implementing security best practices like requiring encryption, enabling logging or restricting access to specific ports
Cost Management<\/strong>
Controlling spending by limiting resource types, enforcing tagging for cost allocation or preventing the creation of certain expensive resources
Operational Efficiency<\/strong>
Enforcing naming convention, resource group structures and deployment patterns.<\/p>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-30-1024x454.png\")
<\/figure>\n\n\n\n
Allow different users or groups to manage specific resources only
Compliance Auditing
Segregation of Duties
<\/p>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-31-1024x507.png\")
<\/figure>\n\n\n\n
Comprehensive Governance<\/p>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-23.png\")
<\/figure>\n\n\n\n
\u00b7 Pre-provisions the environment through code
\u00b7 Good for both migrations and green field situations
\u00b7 You can transition existing architectures
. Part of the Cloud Adoption Framework Ready phase<\/p>\n\n\n\n