Yes, a user with the contributor role in Azure can create a policy that restrict others from making changes
We can check Azure Policy assignments, role definitions, role assignments, and RBAC conditions also...so we can identify which policies are restricting or affecting the actions that "Owner" and "Contributor" roles can take within specific scopes in Azure.
ZRS acts like a failover cluster by keeping your data synced across multiple zones in one region for automatic zone-level protection, while GZRS adds protection by also copying data to a second region to handle full regional failures.