Azure is phasing out the Docker Content Trust (DCT) feature in Azure Container Registry (ACR) over a three-year timeline. This means that the trustPolicy property will be removed from ARM APIs in a future update, which will directly affect certain Azure Policy aliases. Specifically, the aliases tied to trustPolicy, such as Microsoft.ContainerRegistry/registries/trustPolicy, will be impacted. Although there are currently no built-in policy definitions using these aliases, any custom policies relying on them will face issues when the DCT is officially deprecated. Active policies that reference these aliases will become non-compliant for new ACR resources. For instance, if a policy mandates that trustPolicy must be enabled, new ACRs created after the deprecation will automatically violate this requirement since the trustPolicy can no longer be set. The trustPolicy.status alias is modifiable, meaning any policies that alter this property will fail once it’s removed. To navigate these changes, users should first identify any custom policy definitions that reference the affected aliases. They need to update those definitions by removing or replacing any references to trustPolicy properties. Testing these updated policies is crucial to ensure they still enforce compliance effectively. Lastly, keeping an eye on Azure Container Registry documentation will help users adapt to the transition from Docker Content Trust to the Notary Project, which will take over its responsibilities.