Status: IN
Azure Policy operates as an explicit deny system with cumulative most-restrictive evaluation — when multiple policies overlap, the strictest wins — orthogonal to RBAC which evaluates user actions rather than resource state, making Policy the resource-centric complement to RBAC's identity-centric access control.