Your company has an Azure subscription with resources deployed in multiple regions. You need to configure a solution that restricts administrators to creating new resources only in those specific, existing regions. What should you use?