Azure AZ-900 Governance and Compliance Guide

April 1, 2026

Study Azure AZ-900 Governance and Compliance: key concepts, common traps, and exam decision cues.

On this page

This lesson is about governance controls rather than identity or monitoring. AZ-900 expects you to know which tool helps with policy enforcement, which one helps with compliance and data-governance understanding, and which control prevents accidental changes.

Service-purpose map

Service or feature	Best mental label
Azure Policy	enforce or assess policy compliance
Resource locks	help prevent accidental deletion or modification
Microsoft Purview	governance, compliance, and data estate understanding

The three lanes this lesson is separating

If the requirement is really about…	Strongest first reading
allowing or denying configurations	Azure Policy
stopping accidental delete or change	resource lock
data governance, classification, and estate visibility	Microsoft Purview

What weak answers usually do

answer with RBAC when the requirement is really about allowed configuration
answer with a lock when the requirement is really about policy-driven standards
treat Purview like a direct replacement for Policy or locks

Decision order that usually wins

Decide whether the requirement is preventive governance, compliance tracking, or accidental-change protection.
Separate Policy, locks, and compliance reporting by purpose.
Use preventive controls before after-the-fact cleanup when the stem rewards guardrails.
Read resource protection as different from identity and cost management.
Choose the smallest control that matches the requirement scope.

Quiz

Loading quiz…

Revised on Sunday, May 10, 2026

3.1 Cost Management & Tags

3.3 Managing & Deploying Azure Resources