Microsoft Azure Security Engineer Associate AZ-500 Practice Question
Your team assigns the built-in policy "Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace," which uses the DeployIfNotExists effect. After 24 hours the assignment lists 80 storage accounts as non-compliant, and every remediation task created from the assignment fails with the status Unauthorized. What is the most likely reason the remediation tasks cannot complete?
The policy assignment was created without a managed identity that has sufficient write permissions on the targeted storage accounts.
The policy assignment scope needs to be a management group rather than a subscription for remediation to succeed.
The policy definition must be changed to use the Modify effect instead of DeployIfNotExists.
Remediation tasks cannot run until the policy's overall compliance reaches 100 percent.
DeployIfNotExists (and Modify) effects rely on the managed identity that is automatically created (or supplied) when the policy assignment is made. During remediation, this identity runs the ARM deployment that adds the required diagnostic setting. If the assignment was created without a managed identity, or with an identity that lacks write permissions such as Contributor on the target scope, any deployment triggered by remediation will be rejected and surface as Unauthorized. Changing the effect, modifying the scope, or waiting for compliance will not grant the necessary permissions, so those actions would not resolve the failure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a managed identity in Azure?
Open an interactive chat with Bash
What permissions does a managed identity need to use DeployIfNotExists?
Open an interactive chat with Bash
How does the DeployIfNotExists effect work in Azure policies?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .