Microsoft.Authorization policyAssignments 2019-01-01
Bicep resource definition
The policyAssignments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/policyAssignments resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Authorization/policyAssignments@2019-01-01' = {
scope: resourceSymbolicName or scope
identity: {
type: 'string'
}
location: 'string'
name: 'string'
properties: {
description: 'string'
displayName: 'string'
metadata: any(Azure.Bicep.Types.Concrete.AnyType)
notScopes: [
'string'
]
parameters: any(Azure.Bicep.Types.Concrete.AnyType)
policyDefinitionId: 'string'
scope: 'string'
}
sku: {
name: 'string'
tier: 'string'
}
}
Property values
Identity
| Name | Description | Value |
|---|---|---|
| type | The identity type. | 'None' 'SystemAssigned' |
Microsoft.Authorization/policyAssignments
| Name | Description | Value |
|---|---|---|
| identity | The managed identity associated with the policy assignment. | Identity |
| location | The location of the policy assignment. Only required when utilizing managed identity. | string |
| name | The resource name | string (required) |
| properties | Properties for the policy assignment. | PolicyAssignmentProperties |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
| sku | The policy sku. This property is optional, obsolete, and will be ignored. | PolicySku |
PolicyAssignmentProperties
| Name | Description | Value |
|---|---|---|
| description | This message will be part of response in case of policy violation. | string |
| displayName | The display name of the policy assignment. | string |
| metadata | The policy assignment metadata. | any |
| notScopes | The policy's excluded scopes. | string[] |
| parameters | Required if a parameter is used in policy rule. | any |
| policyDefinitionId | The ID of the policy definition or policy set definition being assigned. | string |
| scope | The scope for the policy assignment. | string |
PolicySku
| Name | Description | Value |
|---|---|---|
| name | The name of the policy sku. Possible values are A0 and A1. | string (required) |
| tier | The policy sku tier. Possible values are Free and Standard. | string |
Quickstart samples
The following quickstart samples deploy this resource type.
| Bicep File | Description |
|---|---|
| Assign built-in policy to audit VM managed disks | This template assigns a built-in policy to a resource group scope to audit virtual machine (VM) managed disks. |
| Create an Azure Virtual Network Manager and sample VNETs | This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. |
| Deploy a Policy Def and Assign to Multiple Mgmt Groups | This template is a management group level template that will create a policy definition and assign that policy to multiple management groups. |
| Deploy a policy definition and assign to a management group | This template is a management group level template that will create a policy definition and assign that policy to the target management group. Currently, this template cannot be deployed via the Azure Portal. |
ARM template resource definition
The policyAssignments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/policyAssignments resource, add the following JSON to your template.
{
"type": "Microsoft.Authorization/policyAssignments",
"apiVersion": "2019-01-01",
"name": "string",
"identity": {
"type": "string"
},
"location": "string",
"properties": {
"description": "string",
"displayName": "string",
"metadata": {},
"notScopes": [ "string" ],
"parameters": {},
"policyDefinitionId": "string",
"scope": "string"
},
"sku": {
"name": "string",
"tier": "string"
}
}
Property values
Identity
| Name | Description | Value |
|---|---|---|
| type | The identity type. | 'None' 'SystemAssigned' |
Microsoft.Authorization/policyAssignments
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2019-01-01' |
| identity | The managed identity associated with the policy assignment. | Identity |
| location | The location of the policy assignment. Only required when utilizing managed identity. | string |
| name | The resource name | string (required) |
| properties | Properties for the policy assignment. | PolicyAssignmentProperties |
| sku | The policy sku. This property is optional, obsolete, and will be ignored. | PolicySku |
| type | The resource type | 'Microsoft.Authorization/policyAssignments' |
PolicyAssignmentProperties
| Name | Description | Value |
|---|---|---|
| description | This message will be part of response in case of policy violation. | string |
| displayName | The display name of the policy assignment. | string |
| metadata | The policy assignment metadata. | any |
| notScopes | The policy's excluded scopes. | string[] |
| parameters | Required if a parameter is used in policy rule. | any |
| policyDefinitionId | The ID of the policy definition or policy set definition being assigned. | string |
| scope | The scope for the policy assignment. | string |
PolicySku
| Name | Description | Value |
|---|---|---|
| name | The name of the policy sku. Possible values are A0 and A1. | string (required) |
| tier | The policy sku tier. Possible values are Free and Standard. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Assign a built-in policy to an existing resource group |
This template assigns a built-in policy to an existing resource group. |
| Assign built-in policy to audit VM managed disks |
This template assigns a built-in policy to a resource group scope to audit virtual machine (VM) managed disks. |
| Create an Azure Virtual Network Manager and sample VNETs |
This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. |
| Deploy a Policy Def and Assign to Multiple Mgmt Groups |
This template is a management group level template that will create a policy definition and assign that policy to multiple management groups. |
| Deploy a policy definition and assign to a management group |
This template is a management group level template that will create a policy definition and assign that policy to the target management group. Currently, this template cannot be deployed via the Azure Portal. |
Terraform (AzAPI provider) resource definition
The policyAssignments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/policyAssignments resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Authorization/policyAssignments@2019-01-01"
name = "string"
parent_id = "string"
identity = {
type = "string"
}
location = "string"
sku = {
name = "string"
tier = "string"
}
body = jsonencode({
properties = {
description = "string"
displayName = "string"
metadata = ?
notScopes = [
"string"
]
parameters = ?
policyDefinitionId = "string"
scope = "string"
}
})
}
Property values
Identity
| Name | Description | Value |
|---|---|---|
| type | The identity type. | 'None' 'SystemAssigned' |
Microsoft.Authorization/policyAssignments
| Name | Description | Value |
|---|---|---|
| identity | The managed identity associated with the policy assignment. | Identity |
| location | The location of the policy assignment. Only required when utilizing managed identity. | string |
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | Properties for the policy assignment. | PolicyAssignmentProperties |
| sku | The policy sku. This property is optional, obsolete, and will be ignored. | PolicySku |
| type | The resource type | "Microsoft.Authorization/policyAssignments@2019-01-01" |
PolicyAssignmentProperties
| Name | Description | Value |
|---|---|---|
| description | This message will be part of response in case of policy violation. | string |
| displayName | The display name of the policy assignment. | string |
| metadata | The policy assignment metadata. | any |
| notScopes | The policy's excluded scopes. | string[] |
| parameters | Required if a parameter is used in policy rule. | any |
| policyDefinitionId | The ID of the policy definition or policy set definition being assigned. | string |
| scope | The scope for the policy assignment. | string |
PolicySku
| Name | Description | Value |
|---|---|---|
| name | The name of the policy sku. Possible values are A0 and A1. | string (required) |
| tier | The policy sku tier. Possible values are Free and Standard. | string |