Share via

Azure: How to Duplicate a Policy Definition with Metadata?

Juan Alicea 0 Reputation points
2025-03-03T15:55:32.2033333+00:00

0

I'm trying to duplicate a policy definition along with its metadata in Azure Policy, specifically for NIST SP 800 171. While I can do this through the portal UI, it doesn't duplicate the entire metadata. For instance, the original policy initiative for NIST-800 171 R2 and my duplicate show the same data, but the nesting is different. Does anyone know how to achieve a complete duplication, including all metadata? Whether it be in the portal, CLI, etc. Below is a brief description of the issue I've been encountering:

NIST-800 171 R2 is nested as 3.1 Access Control -> 3.1.1 Limit system access... etc) -> Automated assessments.

(https://i.sstatic.net/mLwOkUyD.png)

Eval Custom NIST SP 800 (Duplicate) is nested as 1. NIST_SP_800-171_R2_3.1.1 -> Automated assessments.

(https://i.sstatic.net/xF8GyAEi.png)

Attempted to duplicate via the portal, and CLI but I cannot seem to find the way to create the custom policy definition with the all the metadata from the original standard.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
968 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rahul Podila 2,000 Reputation points Microsoft External Staff
    2025-03-05T07:35:04.3466667+00:00

    Hi @Juan Alicea

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    To copy a policy definition in Azure Policy along with its details, you can use either Azure CLI or Azure PowerShell. However, keep in mind that some details might not copy exactly as expected through the portal UI.

    1. Using Azure CLI: First, export the existing policy definition to a JSON file using the az policy definition show command. Then, update the JSON file with any changes you want. Finally, use the az policy definition create command to create a new policy based on the updated JSON.
    2. Using Azure PowerShell: You can use the Get-AzPolicyDefinition cmdlet to fetch the existing policy definition. Modify the retrieved policy and then create a new one using New-AzPolicyDefinition.

    Note that some metadata, like metadataId, is read-only and can't be changed or copied. This means there might be slight differences in the structure when you create the duplicate policy.

    If you're having trouble copying certain metadata correctly, make sure to carefully check the properties in the JSON or PowerShell objects and adjust them if needed.

    If you have any concerns, please go through this link: -

    https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/security-controls-policy#nist-sp-800-171-r2

    https://learn.microsoft.com/en-us/azure/governance/policy/concepts/initiative-definition-structure#policy-definition-groups

    If you have any further queries, do let us know

    If the answer is helpful, please click and "Upvote it"

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.