New-AzPolicyExemption
Creates a policy exemption.
Note
This is the previous version of our documentation. Please consult the most recent version for up-to-date information.
Syntax
New-AzPolicyExemption
-Name <String>
[-Scope <String>]
[-DisplayName <String>]
[-Description <String>]
-ExemptionCategory <String>
-PolicyAssignment <PsPolicyAssignment>
[-PolicyDefinitionReferenceId <String[]>]
[-ExpiresOn <DateTime>]
[-Metadata <String>]
[-ApiVersion <String>]
[-Pre]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The New-AzPolicyExemption cmdlet creates a policy exemption. Specify a policy assignment, exemption category and scope.
Examples
Example 1: Policy exemption at subscription level
PS C:\> $Subscription = Get-AzSubscription -SubscriptionName 'Subscription01'
PS C:\> $Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment'
PS C:\> New-AzPolicyExemption -Name 'VirtualMachinePolicyExemption' -PolicyAssignment $Assignment -Scope "/subscriptions/$($Subscription.Id)" -ExemptionCategory WaiverThe first command gets a subscription named Subscription01 by using the Get-AzSubscription cmdlet and stores it in the $Subscription variable. The second command gets the policy assignment named VirtualMachinePolicyAssignment by using the Get-AzPolicyAssignment cmdlet and stores it in the $Assignment variable. The final command exempts the policy assignment in $Assignment at the level of the subscription identified by the subscription scope string.
Example 2: Policy exemption at resource group level
PS C:\> $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11'
PS C:\> $Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment'
PS C:\> New-AzPolicyExemption -Name 'VirtualMachinePolicyAssignment' -PolicyAssignment $Assignment -Scope $ResourceGroup.ResourceId -ExemptionCategory MitigatedThe first command gets a resource group named ResourceGroup11 by using the Get-AzResourceGroup cmdlet and stores it in the $ResourceGroup variable. The second command gets the policy assignment named VirtualMachinePolicyAssignment by using the Get-AzPolicyAssignment cmdlet and stores it in the $Assignment variable. The final command exempts the policy assignment in $Assignment at the level of the resource group identified by the ResourceId property of $ResourceGroup.
Parameters
When set, indicates the version of the resource provider API to use. If not specified, the API version is automatically determined as the latest available.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The description for the new policy exemption.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The display name for the new policy exemption.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The policy exemption category of the new policy exemption. Possible values are Waiver and Mitigated.
| Type: | String |
| Accepted values: | Waiver, Mitigated |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the new policy exemption.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The metadata for the new policy exemption. This can either be a path to a file containing the metadata JSON, or the metadata as a JSON string.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The name of the new policy exemption.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The referenced policy assignment Id for the new policy exemption.
| Type: | PsPolicyAssignment |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The policy definition reference ID list when the associated policy assignment is for a policy set (initiative).
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
When set, indicates that the cmdlet should use pre-release API versions when automatically determining which version to use.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The scope of the new policy exemption, e.g. /providers/managementGroups/{managementGroupName}, defaults to current subscription.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
String[]
Nullable<T>[[System.DateTime, System.Private.CoreLib, Version=5.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]