Merge pull request #217089 from timwarner-msft/timwarner-poleval

prmerger-automator[bot] · web-flow · commit f63d04974b54 · 2022-11-04T13:06:14.000Z
Clarify policy evaluation scope
diff --git a/articles/governance/policy/concepts/exemption-structure.md b/articles/governance/policy/concepts/exemption-structure.md
@@ -1,7 +1,7 @@
 ---
 title: Details of the policy exemption structure
 description: Describes the policy exemption definition used by Azure Policy to exempt resources from evaluation of initiatives or definitions.
-ms.date: 07/09/2022
+ms.date: 11/03/2022
 ms.topic: conceptual
 ms.author: timwarner
 author: timwarner-msft
@@ -15,6 +15,10 @@ see [Understand scope in Azure Policy](./scope.md). Azure Policy exemptions only
 [Resource Manager modes](./definition-structure.md#resource-manager-modes) and don't work with
 [Resource Provider modes](./definition-structure.md#resource-provider-modes).
 
+> [!NOTE]
+> By design, Azure Policy exempts all resources under the `Microsoft.Resources` resource provider (RP) from
+policy evaluation with the exception of subscriptions and resource groups, which can be evaluated.
+
 You use JavaScript Object Notation (JSON) to create a policy exemption. The policy exemption contains elements for:
 
 - [display name](#display-name-and-description)
diff --git a/articles/governance/policy/how-to/get-compliance-data.md b/articles/governance/policy/how-to/get-compliance-data.md
@@ -2,7 +2,7 @@
 title: Get policy compliance data
 description: Azure Policy evaluations and effects determine compliance. Learn how to get the compliance details of your Azure resources.
 author: timwarner-msft
-ms.date: 11/02/2022
+ms.date: 11/03/2022
 ms.topic: how-to
 ms.author: timwarner
 ---
@@ -55,7 +55,7 @@ Evaluations of assigned policies and initiatives happen as the result of various
   compliant status information for the individual resource becomes available in the portal and SDKs
   around 15 minutes later. This event doesn't cause an evaluation of other resources.
 
-- A subscription (resource type `Microsoft.Resource/subscriptions`) is created or moved within a
+- A subscription (resource type `Microsoft.Resources/subscriptions`) is created or moved within a
   [management group hierarchy](../../management-groups/overview.md) with an assigned policy
   definition targeting the subscription resource type. Evaluation of the subscription supported
   effects (audit, auditIfNotExist, deployIfNotExists, modify), logging, and any remediation actions
@@ -74,6 +74,10 @@ Evaluations of assigned policies and initiatives happen as the result of various
 
 - On-demand scan
 
+> [!NOTE]
+> By design, Azure Policy exempts all resources under the `Microsoft.Resources` resource provider (RP) from
+policy evaluation with the exception of subscriptions and resource groups, which can be evaluated.
+
 ### On-demand evaluation scan
 
 An evaluation scan for a subscription or a resource group can be started with Azure CLI, Azure
