No—to assign permissions to users, you need to use role-based access control. Yes—you can use the Azure policy to check whether all of the virtual machines inside your Azure subscription use managed disks. No—custom policies are created in JSON.