When a request call with an applicable action name and targeted scope is submitted, denyAction prevents the request from succeeding. The request is returned as a `403 (Forbidden)``. In the portal, the Forbidden can be viewed as a status on the deployment that was prevented by the policy assignment.

Understand Azure Policy effects#DenyAction