Microsoft.Blueprint blueprintAssignments template reference

Template format

To create a Microsoft.Blueprint/blueprintAssignments resource, add the following JSON to the resources section of your template.

  "name": "string",
  "type": "Microsoft.Blueprint/blueprintAssignments",
  "apiVersion": "2018-11-01-preview",
  "location": "string",
  "identity": {
    "type": "string",
    "principalId": "string",
    "tenantId": "string",
    "userAssignedIdentities": {}
  "properties": {
    "displayName": "string",
    "description": "string",
    "blueprintId": "string",
    "scope": "string",
    "parameters": {},
    "resourceGroups": {},
    "locks": {
      "mode": "string",
      "excludedPrincipals": [
      "excludedActions": [

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Blueprint/blueprintAssignments object

Name Type Required Value
name string Yes Name of the blueprint assignment.
type enum Yes Microsoft.Blueprint/blueprintAssignments
apiVersion enum Yes 2018-11-01-preview
location string Yes The location of this blueprint assignment.
identity object Yes Managed identity for this blueprint assignment. - ManagedServiceIdentity object
properties object Yes Properties for blueprint assignment object. - AssignmentProperties object

ManagedServiceIdentity object

Name Type Required Value
type enum Yes Type of the managed identity. - None, SystemAssigned, UserAssigned
principalId string No Azure Active Directory principal ID associated with this Identity.
tenantId string No ID of the Azure Active Directory.
userAssignedIdentities object No The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity.

AssignmentProperties object

Name Type Required Value
displayName string No One-liner string explain this resource.
description string No Multi-line explain this resource.
blueprintId string No ID of the published version of a blueprint definition.
scope string No The target subscription scope of the blueprint assignment (format: '/subscriptions/{subscriptionId}'). For management group level assignments, the property is required.
parameters object Yes Blueprint assignment parameter values.
resourceGroups object Yes Names and locations of resource group placeholders.
locks object No Defines how resources deployed by a blueprint assignment are locked. - AssignmentLockSettings object

AssignmentLockSettings object

Name Type Required Value
mode enum No Lock mode. - None, AllResourcesReadOnly, AllResourcesDoNotDelete
excludedPrincipals array No List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted. - string
excludedActions array No List of management operations that are excluded from blueprint locks. Up to 200 actions are permitted. If the lock mode is set to 'AllResourcesReadOnly', then the following actions are automatically appended to 'excludedActions': '*/read', 'Microsoft.Network/virtualNetworks/subnets/join/action' and 'Microsoft.Authorization/locks/delete'. If the lock mode is set to 'AllResourcesDoNotDelete', then the following actions are automatically appended to 'excludedActions': 'Microsoft.Authorization/locks/delete'. Duplicate actions will get removed. - string