Answer: an Azure policy

Azure Policy is the correct solution because it allows granular control over resource deployment by enforcing compliance rules. Specifically, Azure Policy can be configured to deny the creation of virtual machines while permitting other resource types in RG1, aligning with the requirement to prevent VM creation but allow other objects. Azure locks (option A) are not suitable as they apply broadly to the entire resource group or resource, potentially blocking all modifications or deletions, which contradicts the need to allow other resource creations. Azure roles (option B) manage user permissions and do not directly control resource creation. Tags (option C) are for organizational purposes and do not enforce deployment restrictions. The community discussion, with 100% consensus on option D and upvoted explanations, reinforces that Azure Policy is optimal for this scenario, as it enforces conditions on new and existing resources without affecting other operations.

Author: LeetQuiz Editorial Team