To evaluate compliance without affecting any resources in Azure, which Azure Policy effect should be used?

The most appropriate Azure Policy effect for evaluating compliance without affecting any resources is the 'Audit' effect. When the Audit effect is applied, it assesses existing resources to determine if they comply with the defined policy without making any changes to those resources. The evaluation results indicate whether the resources comply with the set policy, which is essential for monitoring and governance activities.

The other effects, such as DeployIfNotExists, Modify, and Deny, are designed to enforce compliance by actively managing resources. DeployIfNotExists would typically take action to create any missing resources that are required for compliance, while Modify would alter existing resources to ensure they meet specified criteria. Deny would prevent any resource modifications or creations that do not comply with the policy, thus impacting operational capabilities. Since these actions involve making changes to resources or preventing operations, they do not fit the requirement of evaluating compliance without affecting resources. Thus, Audit stands out as the correct choice for purely assessing compliance status.