AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations includes account management and consolidated billing capabilities that enable you to better meet the budgetary, security, and compliance needs of your business.
Service control policy (SCP) A policy that specifies the services and actions that users and roles can use in the accounts that the SCP affects. SCPs are similar to IAM permissions policies except that they don't grant any permissions. Instead, SCPs specifies the maximum permissions for an organization, organizational unit (OU), or account. When you attach an SCP to your organization root or an OU, the SCP limits permissions for entities in member accounts.
The question is "is there any mechanism where we can find all the resources ( IAM policies) which are in conflict with the SCP enforcement ?"
I didn't find a way to detect those resources.
But anyway if an account user or role have more permissions than the SCP permits, the SCP policy takes priority and the user/role won't be able to perform that actions (e.g. an user with Administrator permissions and the SCP block a certain region, the user won't be able to manage resources on that region despite the fact he has Administrator access).
From docs:
An SCP restricts permissions for IAM users and roles in member accounts, including the member account's root user. Any account has only those permissions permitted by every parent above it. If a permission is blocked at any level above the account, either implicitly (by not being included in an Allow policy statement) or explicitly (by being included in a Deny policy statement), a user or role in the affected account can't use that permission, even if the account administrator attaches the AdministratorAccess IAM policy to the user.