Microsoft.Authorization policyDefinitions

Template format

To create a Microsoft.Authorization/policyDefinitions resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Authorization/policyDefinitions",
  "apiVersion": "2020-09-01",
  "scope": "string",
  "properties": {
    "policyType": "string",
    "mode": "string",
    "displayName": "string",
    "description": "string",
    "policyRule": {},
    "metadata": {},
    "parameters": {}
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Authorization/policyDefinitions object

Note

In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes
type enum Yes For JSON - Microsoft.Authorization/policyDefinitions
apiVersion enum Yes For JSON - 2020-09-01
scope string No Use when specifying a scope that is different than the deployment scope. See Setting scope for extension resources in ARM templates.
properties object Yes The policy definition properties. - PolicyDefinitionProperties object

PolicyDefinitionProperties object

Name Type Required Value
policyType enum No The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. - NotSpecified, BuiltIn, Custom, Static
mode string No The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
displayName string No The display name of the policy definition.
description string No The policy definition description.
policyRule object No The policy rule.
metadata object No The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
parameters object No The parameter definitions for parameters used in the policy rule. The keys are the parameter names.

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Deploy a policy definition and assign to a management group

Deploy to Azure
This template is a management group level template that will create a policy definition and assign that policy to the target management group. Currently, this template cannot be deployed via the Azure Portal.
Deploy a Policy Def and Assign to Multiple Mgmt Groups

Deploy to Azure
This template is a management group level template that will create a policy definition and assign that policy to multiple management groups.