Microsoft.Authorization policyAssignments 2019-09-01

Template format

To create a Microsoft.Authorization/policyAssignments resource, add the following JSON to the resources section of your template.

  "name": "string",
  "type": "Microsoft.Authorization/policyAssignments",
  "apiVersion": "2019-09-01",
  "scope": "string",
  "properties": {
    "displayName": "string",
    "policyDefinitionId": "string",
    "scope": "string",
    "notScopes": [
    "parameters": {},
    "description": "string",
    "metadata": {},
    "enforcementMode": "string"
  "sku": {
    "name": "string",
    "tier": "string"
  "location": "string",
  "identity": {
    "type": "string"

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Authorization/policyAssignments object

Name Type Required Value
name string Yes
type enum Yes Microsoft.Authorization/policyAssignments
apiVersion enum Yes 2019-09-01
scope string No Use when specifying a scope that is different than the deployment scope. See Setting scope for extension resources in ARM templates.
properties object Yes Properties for the policy assignment. - PolicyAssignmentProperties object
sku object No The policy sku. This property is optional, obsolete, and will be ignored. - PolicySku object
location string No The location of the policy assignment. Only required when utilizing managed identity.
identity object No The managed identity associated with the policy assignment. - Identity object

PolicyAssignmentProperties object

Name Type Required Value
displayName string No The display name of the policy assignment.
policyDefinitionId string No The ID of the policy definition or policy set definition being assigned.
scope string No The scope for the policy assignment.
notScopes array No The policy's excluded scopes. - string
parameters object No The parameter values for the assigned policy rule. The keys are the parameter names.
description string No This message will be part of response in case of policy violation.
metadata object No The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
enforcementMode enum No The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce

PolicySku object

Name Type Required Value
name string Yes The name of the policy sku. Possible values are A0 and A1.
tier string No The policy sku tier. Possible values are Free and Standard.

Identity object

Name Type Required Value
type enum No The identity type. This is the only required field when adding a system assigned identity to a resource. - SystemAssigned or None

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Assign a built-in policy to an existing Resource Group

Deploy to Azure
This template assigns a built-in policy to an existing resource group.
Deploy a policy definition and assign to a management group

Deploy to Azure
This template is a management group level template that will create a policy definition and assign that policy to the target management group. Currently, this template cannot be deployed via the Azure Portal.