Policy Definitions - List Built In

Retrieve built-in policy definitions
This operation retrieves a list of all the built-in policy definitions.

GET https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01

URI Parameters

Name In Required Type Description
api-version
query True
  • string

The API version to use for the operation.

Responses

Name Type Description
200 OK

OK - Returns an array of built-in policy definitions.

Other Status Codes

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

List built-in policy definitions

Sample Request

GET https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions?api-version=2019-09-01

Sample Response

{
  "value": [
    {
      "properties": {
        "mode": "All",
        "displayName": "Audit SQL DB Level Audit Setting",
        "policyType": "BuiltIn",
        "description": "Audit DB level audit setting for SQL databases",
        "parameters": {
          "setting": {
            "type": "String",
            "metadata": {
              "displayName": "Audit Setting"
            },
            "allowedValues": [
              "enabled",
              "disabled"
            ]
          }
        },
        "policyRule": {
          "if": {
            "field": "type",
            "equals": "Microsoft.Sql/servers/databases"
          },
          "then": {
            "effect": "AuditIfNotExists",
            "details": {
              "type": "Microsoft.Sql/servers/databases/auditingSettings",
              "name": "default",
              "existenceCondition": {
                "allOf": [
                  {
                    "field": "Microsoft.Sql/auditingSettings.state",
                    "equals": "[parameters('setting')]"
                  }
                ]
              }
            }
          }
        }
      },
      "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12",
      "type": "Microsoft.Authorization/policyDefinitions",
      "name": "06a78e20-9358-41c9-923c-fb736d382a12"
    },
    {
      "properties": {
        "mode": "All",
        "displayName": "Allowed storage account SKUs",
        "policyType": "Static",
        "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.",
        "parameters": {
          "listOfAllowedSKUs": {
            "type": "Array",
            "metadata": {
              "description": "The list of SKUs that can be specified for storage accounts.",
              "displayName": "Allowed SKUs",
              "strongType": "StorageSKUs"
            }
          }
        },
        "policyRule": {
          "if": {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.Storage/storageAccounts"
              },
              {
                "not": {
                  "field": "Microsoft.Storage/storageAccounts/sku.name",
                  "in": "[parameters('listOfAllowedSKUs')]"
                }
              }
            ]
          },
          "then": {
            "effect": "Deny"
          }
        }
      },
      "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
      "type": "Microsoft.Authorization/policyDefinitions",
      "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1"
    },
    {
      "properties": {
        "mode": "Microsoft.KeyVault.Data",
        "displayName": "Audit KeyVault certificates that expire within specified number of days",
        "policyType": "BuiltIn",
        "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.",
        "metadata": {
          "category": "KeyVault DataPlane"
        },
        "parameters": {
          "daysToExpire": {
            "type": "Integer",
            "metadata": {
              "displayName": "Days to expire",
              "description": "The number of days for a certificate to expire."
            }
          }
        },
        "policyRule": {
          "if": {
            "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn",
            "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]"
          },
          "then": {
            "effect": "audit"
          }
        }
      },
      "id": "/providers/Microsoft.Authorization/policyDefinitions/abeed54a-73c5-441d-8a8c-6b5e7a0c299e",
      "type": "Microsoft.Authorization/policyDefinitions",
      "name": "abeed54a-73c5-441d-8a8c-6b5e7a0c299e"
    }
  ]
}

Definitions

CloudError

An error response from a policy operation.

ErrorAdditionalInfo

The resource management error additional info.

ErrorResponse

The resource management error response.

Metadata

General metadata for the parameter.

ParameterDefinitionsValue

The definition of a parameter that can be provided to the policy.

parameterType

The data type of the parameter.

PolicyDefinition

The policy definition.

PolicyDefinitionListResult

List of policy definitions.

policyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

CloudError

An error response from a policy operation.

Name Type Description
error

The resource management error response.

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info
  • object

The additional info.

type
  • string

The additional info type.

ErrorResponse

The resource management error response.

Name Type Description
additionalInfo

The error additional info.

code
  • string

The error code.

details

The error details.

message
  • string

The error message.

target
  • string

The error target.

Metadata

General metadata for the parameter.

Name Type Description
description
  • string

The description of the parameter.

displayName
  • string

The display name for the parameter.

ParameterDefinitionsValue

The definition of a parameter that can be provided to the policy.

Name Type Description
allowedValues
  • object[]

The allowed values for the parameter.

defaultValue
  • object

The default value for the parameter if no value is provided.

metadata

General metadata for the parameter.

type

The data type of the parameter.

parameterType

The data type of the parameter.

Name Type Description
Array
  • string
Boolean
  • string
DateTime
  • string
Float
  • string
Integer
  • string
Object
  • string
String
  • string

PolicyDefinition

The policy definition.

Name Type Description
id
  • string

The ID of the policy definition.

name
  • string

The name of the policy definition.

properties.description
  • string

The policy definition description.

properties.displayName
  • string

The display name of the policy definition.

properties.metadata
  • object

The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.

properties.mode
  • string

The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.

properties.parameters

The parameter definitions for parameters used in the policy rule. The keys are the parameter names.

properties.policyRule
  • object

The policy rule.

properties.policyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

type
  • string

The type of the resource (Microsoft.Authorization/policyDefinitions).

PolicyDefinitionListResult

List of policy definitions.

Name Type Description
nextLink
  • string

The URL to use for getting the next set of results.

value

An array of policy definitions.

policyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

Name Type Description
BuiltIn
  • string
Custom
  • string
NotSpecified
  • string
Static
  • string