I dont think that azure policy will get enforced at management group level. https://learn.microsoft.com/en-us/azure/governance/policy/overview#resources-covered-by-azure-policy It says "Although a policy can be assigned at the management group level, only resources at the subscription or resource group level are evaluated"
