Microsoft.Authorization policyExemptions
Bicep resource definition
The policyExemptions resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.
Valid deployment scopes for the policyExemptions resource are:
- Resource groups - See resource group deployment commands
- Subscriptions - See subscription deployment commands
- Management groups - See management group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/policyExemptions resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Authorization/policyExemptions@2022-07-01-preview' = {
name: 'string'
scope: resourceSymbolicName
properties: {
assignmentScopeValidation: 'string'
description: 'string'
displayName: 'string'
exemptionCategory: 'string'
expiresOn: 'string'
metadata: any()
policyAssignmentId: 'string'
policyDefinitionReferenceIds: [
'string'
]
resourceSelectors: [
{
name: 'string'
selectors: [
{
in: [
'string'
]
kind: 'string'
notIn: [
'string'
]
}
]
}
]
}
}
Property values
policyExemptions
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) Character limit: 1-128 display name 1-64 resource name Valid characters: Display name can contain any characters. Resource name can't use: <>*%&:\?.+/ or control characters. Can't end with period or space. |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource. |
| properties | Properties for the policy exemption. | PolicyExemptionProperties (required) |
PolicyExemptionProperties
| Name | Description | Value |
|---|---|---|
| assignmentScopeValidation | The option whether validate the exemption is at or under the assignment scope. | 'Default' 'DoNotValidate' |
| description | The description of the policy exemption. | string |
| displayName | The display name of the policy exemption. | string |
| exemptionCategory | The policy exemption category. Possible values are Waiver and Mitigated. | 'Mitigated' 'Waiver' (required) |
| expiresOn | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. | string |
| metadata | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs. | For Bicep, you can use the any() function. |
| policyAssignmentId | The ID of the policy assignment that is being exempted. | string (required) |
| policyDefinitionReferenceIds | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | string[] |
| resourceSelectors | The resource selector list to filter policies by resource properties. | ResourceSelector[] |
ResourceSelector
| Name | Description | Value |
|---|---|---|
| name | The name of the resource selector. | string |
| selectors | The list of the selector expressions. | Selector[] |
Selector
| Name | Description | Value |
|---|---|---|
| in | The list of values to filter in. | string[] |
| kind | The selector kind. | 'policyDefinitionReferenceId' 'resourceLocation' 'resourceType' 'resourceWithoutLocation' |
| notIn | The list of values to filter out. | string[] |
ARM template resource definition
The policyExemptions resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
Valid deployment scopes for the policyExemptions resource are:
- Resource groups - See resource group deployment commands
- Subscriptions - See subscription deployment commands
- Management groups - See management group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/policyExemptions resource, add the following JSON to your template.
{
"type": "Microsoft.Authorization/policyExemptions",
"apiVersion": "2022-07-01-preview",
"name": "string",
"scope": "string",
"properties": {
"assignmentScopeValidation": "string",
"description": "string",
"displayName": "string",
"exemptionCategory": "string",
"expiresOn": "string",
"metadata": {},
"policyAssignmentId": "string",
"policyDefinitionReferenceIds": [ "string" ],
"resourceSelectors": [
{
"name": "string",
"selectors": [
{
"in": [ "string" ],
"kind": "string",
"notIn": [ "string" ]
}
]
}
]
}
}
Property values
policyExemptions
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Authorization/policyExemptions' |
| apiVersion | The resource api version | '2022-07-01-preview' |
| name | The resource name | string (required) Character limit: 1-128 display name 1-64 resource name Valid characters: Display name can contain any characters. Resource name can't use: <>*%&:\?.+/ or control characters. Can't end with period or space. |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
| properties | Properties for the policy exemption. | PolicyExemptionProperties (required) |
PolicyExemptionProperties
| Name | Description | Value |
|---|---|---|
| assignmentScopeValidation | The option whether validate the exemption is at or under the assignment scope. | 'Default' 'DoNotValidate' |
| description | The description of the policy exemption. | string |
| displayName | The display name of the policy exemption. | string |
| exemptionCategory | The policy exemption category. Possible values are Waiver and Mitigated. | 'Mitigated' 'Waiver' (required) |
| expiresOn | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. | string |
| metadata | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs. | |
| policyAssignmentId | The ID of the policy assignment that is being exempted. | string (required) |
| policyDefinitionReferenceIds | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | string[] |
| resourceSelectors | The resource selector list to filter policies by resource properties. | ResourceSelector[] |
ResourceSelector
| Name | Description | Value |
|---|---|---|
| name | The name of the resource selector. | string |
| selectors | The list of the selector expressions. | Selector[] |
Selector
| Name | Description | Value |
|---|---|---|
| in | The list of values to filter in. | string[] |
| kind | The selector kind. | 'policyDefinitionReferenceId' 'resourceLocation' 'resourceType' 'resourceWithoutLocation' |
| notIn | The list of values to filter out. | string[] |
Terraform (AzAPI provider) resource definition
The policyExemptions resource type is an extension resource, which means you can apply it to another resource.
Use the parent_id property on this resource to set the scope for this resource.
Valid deployment scopes for the policyExemptions resource are:
- Resource groups
- Subscriptions
- Management groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/policyExemptions resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Authorization/policyExemptions@2022-07-01-preview"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
assignmentScopeValidation = "string"
description = "string"
displayName = "string"
exemptionCategory = "string"
expiresOn = "string"
policyAssignmentId = "string"
policyDefinitionReferenceIds = [
"string"
]
resourceSelectors = [
{
name = "string"
selectors = [
{
in = [
"string"
]
kind = "string"
notIn = [
"string"
]
}
]
}
]
}
})
}
Property values
policyExemptions
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Authorization/policyExemptions@2022-07-01-preview" |
| name | The resource name | string (required) Character limit: 1-128 display name 1-64 resource name Valid characters: Display name can contain any characters. Resource name can't use: <>*%&:\?.+/ or control characters. Can't end with period or space. |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | Properties for the policy exemption. | PolicyExemptionProperties (required) |
PolicyExemptionProperties
| Name | Description | Value |
|---|---|---|
| assignmentScopeValidation | The option whether validate the exemption is at or under the assignment scope. | "Default" "DoNotValidate" |
| description | The description of the policy exemption. | string |
| displayName | The display name of the policy exemption. | string |
| exemptionCategory | The policy exemption category. Possible values are Waiver and Mitigated. | "Mitigated" "Waiver" (required) |
| expiresOn | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. | string |
| metadata | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs. | |
| policyAssignmentId | The ID of the policy assignment that is being exempted. | string (required) |
| policyDefinitionReferenceIds | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | string[] |
| resourceSelectors | The resource selector list to filter policies by resource properties. | ResourceSelector[] |
ResourceSelector
| Name | Description | Value |
|---|---|---|
| name | The name of the resource selector. | string |
| selectors | The list of the selector expressions. | Selector[] |
Selector
| Name | Description | Value |
|---|---|---|
| in | The list of values to filter in. | string[] |
| kind | The selector kind. | "policyDefinitionReferenceId" "resourceLocation" "resourceType" "resourceWithoutLocation" |
| notIn | The list of values to filter out. | string[] |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for