Governance & Compliance
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Microsoft Azure Fundamentals premium course — no separate purchase.
Included in this chapter:
- What governance and compliance mean in Azure
- Microsoft Purview: governing the data estate
- Azure Policy: enforcing configuration standards at scale
- Azure Policy is not RBAC: the exam boundary
- Resource locks: protecting against accidental loss
- Recognizing these questions on the exam
Azure Policy vs Azure RBAC vs resource locks: what each controls
| Aspect | Azure Policy | Azure RBAC | Resource locks |
|---|---|---|---|
| Controls | Allowed resource configurations | Who can perform actions | Whether a resource can be deleted/changed |
| Question it answers | Is this configuration allowed? | Is this user permitted to do this? | Is this resource protected from accidental loss? |
| Typical use | Allowed regions, SKUs, required tags | Assign roles like Reader, Contributor, Owner | CanNotDelete or ReadOnly on critical resources |
| Applied at scope | Management group, subscription, RG, resource | Management group, subscription, RG, resource | Subscription, resource group, resource |
| Overrides user role? | Deny can block even an Owner's bad config | Defines the role itself | Yes, blocks even an Owner until removed |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- https://learn.microsoft.com/en-us/azure/role-based-access-control/overview
- https://learn.microsoft.com/en-us/purview/purview
- https://learn.microsoft.com/en-us/purview/data-governance-overview
- https://learn.microsoft.com/en-us/azure/governance/policy/overview
- https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
- https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources