Is compliance evaluation in Azure Policy limited to when a target resource is created or modified?

Compliance evaluation in Azure Policy is not limited to just the creation or modification of target resources. Instead, it is an ongoing process that continuously assesses resources against defined policy rules, even after they have been created or modified. This means Azure Policy can evaluate the compliance of resources at any time, not just during their lifecycle events.

When a resource is created or updated, Azure Policy will evaluate it immediately to ensure it meets compliance. However, compliance evaluation also occurs regularly for existing resources, ensuring that they remain in compliance as conditions change, policies evolve, or external factors impact the state of the resource.

Additionally, Azure Policy can trigger compliance evaluation based on events, scheduled assessments, or changes in policy definitions, reinforcing the idea that compliance is an ongoing concern rather than a one-time check at creation or modification. This ensures that organizations maintain adherence to their compliance requirements over time, proactively managing their resources rather than reactively addressing compliance issues only during resource deployment or changes.