Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
Tailwind Traders operates in Americas, EMEA, and APAC, and will create hundreds of Azure subscriptions per region. Compliance requires that deployments stay within region-specific Azure locations and that every resource automatically inherits a costCenter tag from its subscription. Regional IT staff must be able to add further policies and control costs for their own subscriptions without affecting other regions. You need to recommend a governance design that minimizes ongoing administrative effort. What should you recommend?
Apply Azure Blueprints at the resource-group level inside each subscription to enforce allowed regions and tagging, without using management groups.
Create a root management group, then a management group for each region (Americas, EMEA, APAC). Assign an Azure Policy initiative containing Allowed locations and Inherit costCenter tag to each regional management group and place regional subscriptions beneath them.
Enable resource locks on each subscription and use Azure RBAC deny assignments to restrict regions, while requiring governance scripts to add the costCenter tag manually.
Create a single management group that holds all subscriptions and assign the Allowed locations and Inherit costCenter tag policies separately to every subscription with region-specific parameters.
Management groups provide a hierarchy for policy and RBAC inheritance. Creating one management group for each geography under the tenant root lets you assign an Azure Policy initiative to each region once and have it flow to all current and future subscriptions in that region. The initiative can include the built-in Allowed locations policy with parameters set to the permitted datacenters for that geography and the Inherit tag policy so resources automatically receive the costCenter tag. Subscriptions placed under the proper regional management group inherit these settings, and regional administrators can still add policies at lower scopes without affecting other regions. Assigning policies to every subscription or resource group would multiply administration effort, and resource locks or deny assignments do not address automatic tag inheritance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Azure Policy initiative, and how does it work?
Open an interactive chat with Bash
Why should Tailwind Traders use management groups for governance instead of applying policies to individual subscriptions?
Open an interactive chat with Bash
How does Azure's costCenter tag inheritance work at the subscription level?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .