Policy Definitions - List Built In

Retrieve built-in policy definitions
This operation retrieves a list of all the built-in policy definitions.

GET https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions?api-version=2018-05-01

URI Parameters

Name In Required Type Description
api-version
query True
  • string

The API version to use for the operation.

Responses

Name Type Description
200 OK

OK - Returns an array of built-in policy definitions.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

List built-in policy definitions

Sample Request

GET https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions?api-version=2018-05-01

Sample Response

{
  "value": [
    {
      "properties": {
        "displayName": "Audit SQL DB Level Audit Setting",
        "policyType": "BuiltIn",
        "mode": "All",
        "description": "Audit DB level audit setting for SQL databases",
        "parameters": {
          "setting": {
            "type": "String",
            "metadata": {
              "displayName": "Audit Setting"
            },
            "allowedValues": [
              "enabled",
              "disabled"
            ]
          }
        },
        "policyRule": {
          "if": {
            "field": "type",
            "equals": "Microsoft.Sql/servers/databases"
          },
          "then": {
            "effect": "AuditIfNotExists",
            "details": {
              "type": "Microsoft.Sql/servers/databases/auditingSettings",
              "name": "default",
              "existenceCondition": {
                "allOf": [
                  {
                    "field": "Microsoft.Sql/auditingSettings.state",
                    "equals": "[parameters('setting')]"
                  }
                ]
              }
            }
          }
        }
      },
      "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12",
      "type": "Microsoft.Authorization/policyDefinitions",
      "name": "06a78e20-9358-41c9-923c-fb736d382a12"
    },
    {
      "properties": {
        "displayName": "Allowed storage account SKUs",
        "policyType": "BuiltIn",
        "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.",
        "parameters": {
          "listOfAllowedSKUs": {
            "type": "Array",
            "metadata": {
              "description": "The list of SKUs that can be specified for storage accounts.",
              "displayName": "Allowed SKUs",
              "strongType": "StorageSKUs"
            }
          }
        },
        "policyRule": {
          "if": {
            "allOf": [
              {
                "field": "type",
                "equals": "Microsoft.Storage/storageAccounts"
              },
              {
                "not": {
                  "field": "Microsoft.Storage/storageAccounts/sku.name",
                  "in": "[parameters('listOfAllowedSKUs')]"
                }
              }
            ]
          },
          "then": {
            "effect": "Deny"
          }
        }
      },
      "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
      "type": "Microsoft.Authorization/policyDefinitions",
      "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1"
    }
  ]
}

Definitions

PolicyDefinition

The policy definition.

PolicyDefinitionListResult

List of policy definitions.

policyMode

The policy definition mode. Possible values are NotSpecified, Indexed, and All.

policyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom.

PolicyDefinition

The policy definition.

Name Type Description
id
  • string

The ID of the policy definition.

name
  • string

The name of the policy definition.

properties.description
  • string

The policy definition description.

properties.displayName
  • string

The display name of the policy definition.

properties.metadata
  • object

The policy definition metadata.

properties.mode

The policy definition mode. Possible values are NotSpecified, Indexed, and All.

properties.parameters
  • object

Required if a parameter is used in policy rule.

properties.policyRule
  • object

The policy rule.

properties.policyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom.

type
  • string

The type of the resource (Microsoft.Authorization/policyDefinitions).

PolicyDefinitionListResult

List of policy definitions.

Name Type Description
nextLink
  • string

The URL to use for getting the next set of results.

value

An array of policy definitions.

policyMode

The policy definition mode. Possible values are NotSpecified, Indexed, and All.

Name Type Description
All
  • string
Indexed
  • string
NotSpecified
  • string

policyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom.

Name Type Description
BuiltIn
  • string
Custom
  • string
NotSpecified
  • string