Microsoft.Security deviceSecurityGroups 2019-08-01

Bicep resource definition

The deviceSecurityGroups resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.

The deviceSecurityGroups resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/deviceSecurityGroups resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Security/deviceSecurityGroups@2019-08-01' = {
  name: 'string'
  scope: resourceSymbolicName
  properties: {
    allowlistRules: [
      {
        allowlistValues: [
          'string'
        ]
        isEnabled: bool
        ruleType: 'string'
        // For remaining properties, see AllowlistCustomAlertRule objects
      }
    ]
    denylistRules: [
      {
        denylistValues: [
          'string'
        ]
        isEnabled: bool
        ruleType: 'string'
      }
    ]
    thresholdRules: [
      {
        isEnabled: bool
        maxThreshold: int
        minThreshold: int
        ruleType: 'string'
        // For remaining properties, see ThresholdCustomAlertRule objects
      }
    ]
    timeWindowRules: [
      {
        isEnabled: bool
        maxThreshold: int
        minThreshold: int
        timeWindowSize: 'string'
        ruleType: 'string'
        // For remaining properties, see TimeWindowCustomAlertRule objects
      }
    ]
  }
}

AllowlistCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ConnectionFromIpNotAllowed, use:

  ruleType: 'ConnectionFromIpNotAllowed'

For ConnectionToIpNotAllowed, use:

  ruleType: 'ConnectionToIpNotAllowed'

For LocalUserNotAllowed, use:

  ruleType: 'LocalUserNotAllowed'

For ProcessNotAllowed, use:

  ruleType: 'ProcessNotAllowed'

ThresholdCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

  ruleType: 'ActiveConnectionsNotInAllowedRange'
  timeWindowSize: 'string'

For AmqpC2DMessagesNotInAllowedRange, use:

  ruleType: 'AmqpC2DMessagesNotInAllowedRange'
  timeWindowSize: 'string'

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'AmqpC2DRejectedMessagesNotInAllowedRange'
  timeWindowSize: 'string'

For AmqpD2CMessagesNotInAllowedRange, use:

  ruleType: 'AmqpD2CMessagesNotInAllowedRange'
  timeWindowSize: 'string'

For DirectMethodInvokesNotInAllowedRange, use:

  ruleType: 'DirectMethodInvokesNotInAllowedRange'
  timeWindowSize: 'string'

For FailedLocalLoginsNotInAllowedRange, use:

  ruleType: 'FailedLocalLoginsNotInAllowedRange'
  timeWindowSize: 'string'

For FileUploadsNotInAllowedRange, use:

  ruleType: 'FileUploadsNotInAllowedRange'
  timeWindowSize: 'string'

For HttpC2DMessagesNotInAllowedRange, use:

  ruleType: 'HttpC2DMessagesNotInAllowedRange'
  timeWindowSize: 'string'

For HttpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'HttpC2DRejectedMessagesNotInAllowedRange'
  timeWindowSize: 'string'

For HttpD2CMessagesNotInAllowedRange, use:

  ruleType: 'HttpD2CMessagesNotInAllowedRange'
  timeWindowSize: 'string'

For MqttC2DMessagesNotInAllowedRange, use:

  ruleType: 'MqttC2DMessagesNotInAllowedRange'
  timeWindowSize: 'string'

For MqttC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'MqttC2DRejectedMessagesNotInAllowedRange'
  timeWindowSize: 'string'

For MqttD2CMessagesNotInAllowedRange, use:

  ruleType: 'MqttD2CMessagesNotInAllowedRange'
  timeWindowSize: 'string'

For QueuePurgesNotInAllowedRange, use:

  ruleType: 'QueuePurgesNotInAllowedRange'
  timeWindowSize: 'string'

For TwinUpdatesNotInAllowedRange, use:

  ruleType: 'TwinUpdatesNotInAllowedRange'
  timeWindowSize: 'string'

For UnauthorizedOperationsNotInAllowedRange, use:

  ruleType: 'UnauthorizedOperationsNotInAllowedRange'
  timeWindowSize: 'string'

TimeWindowCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

  ruleType: 'ActiveConnectionsNotInAllowedRange'

For AmqpC2DMessagesNotInAllowedRange, use:

  ruleType: 'AmqpC2DMessagesNotInAllowedRange'

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'AmqpC2DRejectedMessagesNotInAllowedRange'

For AmqpD2CMessagesNotInAllowedRange, use:

  ruleType: 'AmqpD2CMessagesNotInAllowedRange'

For DirectMethodInvokesNotInAllowedRange, use:

  ruleType: 'DirectMethodInvokesNotInAllowedRange'

For FailedLocalLoginsNotInAllowedRange, use:

  ruleType: 'FailedLocalLoginsNotInAllowedRange'

For FileUploadsNotInAllowedRange, use:

  ruleType: 'FileUploadsNotInAllowedRange'

For HttpC2DMessagesNotInAllowedRange, use:

  ruleType: 'HttpC2DMessagesNotInAllowedRange'

For HttpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'HttpC2DRejectedMessagesNotInAllowedRange'

For HttpD2CMessagesNotInAllowedRange, use:

  ruleType: 'HttpD2CMessagesNotInAllowedRange'

For MqttC2DMessagesNotInAllowedRange, use:

  ruleType: 'MqttC2DMessagesNotInAllowedRange'

For MqttC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'MqttC2DRejectedMessagesNotInAllowedRange'

For MqttD2CMessagesNotInAllowedRange, use:

  ruleType: 'MqttD2CMessagesNotInAllowedRange'

For QueuePurgesNotInAllowedRange, use:

  ruleType: 'QueuePurgesNotInAllowedRange'

For TwinUpdatesNotInAllowedRange, use:

  ruleType: 'TwinUpdatesNotInAllowedRange'

For UnauthorizedOperationsNotInAllowedRange, use:

  ruleType: 'UnauthorizedOperationsNotInAllowedRange'

Property values

deviceSecurityGroups

Name Description Value
name The resource name string (required)

Character limit: 1-260

Valid characters:
Alphanumerics, underscores, and hyphens.
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For Bicep, set this property to the symbolic name of the resource to apply the extension resource.
properties Device Security group data DeviceSecurityGroupProperties

DeviceSecurityGroupProperties

Name Description Value
allowlistRules The allow-list custom alert rules. AllowlistCustomAlertRule[]
denylistRules The deny-list custom alert rules. DenylistCustomAlertRule[]
thresholdRules The list of custom alert threshold rules. ThresholdCustomAlertRule[]
timeWindowRules The list of custom alert time-window rules. TimeWindowCustomAlertRule[]

AllowlistCustomAlertRule

Name Description Value
allowlistValues The values to allow. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType Set the object type ConnectionFromIpNotAllowed
ConnectionToIpNotAllowed
LocalUserNotAllowed
ProcessNotAllowed (required)

ConnectionFromIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionFromIpNotAllowed' (required)

ConnectionToIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionToIpNotAllowed' (required)

LocalUserNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'LocalUserNotAllowed' (required)

ProcessNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ProcessNotAllowed' (required)

DenylistCustomAlertRule

Name Description Value
denylistValues The values to deny. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType The type of the custom alert rule. string (required)

ThresholdCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
ruleType Set the object type ActiveConnectionsNotInAllowedRange
AmqpC2DMessagesNotInAllowedRange
AmqpC2DRejectedMessagesNotInAllowedRange
AmqpD2CMessagesNotInAllowedRange
DirectMethodInvokesNotInAllowedRange
FailedLocalLoginsNotInAllowedRange
FileUploadsNotInAllowedRange
HttpC2DMessagesNotInAllowedRange
HttpC2DRejectedMessagesNotInAllowedRange
HttpD2CMessagesNotInAllowedRange
MqttC2DMessagesNotInAllowedRange
MqttC2DRejectedMessagesNotInAllowedRange
MqttD2CMessagesNotInAllowedRange
QueuePurgesNotInAllowedRange
TwinUpdatesNotInAllowedRange
UnauthorizedOperationsNotInAllowedRange (required)

ActiveConnectionsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'ActiveConnectionsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

DirectMethodInvokesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'DirectMethodInvokesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

FailedLocalLoginsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FailedLocalLoginsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

FileUploadsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FileUploadsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

QueuePurgesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'QueuePurgesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

TwinUpdatesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'TwinUpdatesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

UnauthorizedOperationsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'UnauthorizedOperationsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

TimeWindowCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
timeWindowSize The time window size in iso8601 format. string (required)
ruleType Set the object type ActiveConnectionsNotInAllowedRange
AmqpC2DMessagesNotInAllowedRange
AmqpC2DRejectedMessagesNotInAllowedRange
AmqpD2CMessagesNotInAllowedRange
DirectMethodInvokesNotInAllowedRange
FailedLocalLoginsNotInAllowedRange
FileUploadsNotInAllowedRange
HttpC2DMessagesNotInAllowedRange
HttpC2DRejectedMessagesNotInAllowedRange
HttpD2CMessagesNotInAllowedRange
MqttC2DMessagesNotInAllowedRange
MqttC2DRejectedMessagesNotInAllowedRange
MqttD2CMessagesNotInAllowedRange
QueuePurgesNotInAllowedRange
TwinUpdatesNotInAllowedRange
UnauthorizedOperationsNotInAllowedRange (required)

ARM template resource definition

The deviceSecurityGroups resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.

The deviceSecurityGroups resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/deviceSecurityGroups resource, add the following JSON to your template.

{
  "type": "Microsoft.Security/deviceSecurityGroups",
  "apiVersion": "2019-08-01",
  "name": "string",
  "scope": "string",
  "properties": {
    "allowlistRules": [
      {
        "allowlistValues": [ "string" ],
        "isEnabled": "bool",
        "ruleType": "string"
        // For remaining properties, see AllowlistCustomAlertRule objects
      }
    ],
    "denylistRules": [
      {
        "denylistValues": [ "string" ],
        "isEnabled": "bool",
        "ruleType": "string"
      }
    ],
    "thresholdRules": [
      {
        "isEnabled": "bool",
        "maxThreshold": "int",
        "minThreshold": "int",
        "ruleType": "string"
        // For remaining properties, see ThresholdCustomAlertRule objects
      }
    ],
    "timeWindowRules": [
      {
        "isEnabled": "bool",
        "maxThreshold": "int",
        "minThreshold": "int",
        "timeWindowSize": "string",
        "ruleType": "string"
        // For remaining properties, see TimeWindowCustomAlertRule objects
      }
    ]
  }
}

AllowlistCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ConnectionFromIpNotAllowed, use:

  "ruleType": "ConnectionFromIpNotAllowed"

For ConnectionToIpNotAllowed, use:

  "ruleType": "ConnectionToIpNotAllowed"

For LocalUserNotAllowed, use:

  "ruleType": "LocalUserNotAllowed"

For ProcessNotAllowed, use:

  "ruleType": "ProcessNotAllowed"

ThresholdCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

  "ruleType": "ActiveConnectionsNotInAllowedRange",
  "timeWindowSize": "string"

For AmqpC2DMessagesNotInAllowedRange, use:

  "ruleType": "AmqpC2DMessagesNotInAllowedRange",
  "timeWindowSize": "string"

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

  "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange",
  "timeWindowSize": "string"

For AmqpD2CMessagesNotInAllowedRange, use:

  "ruleType": "AmqpD2CMessagesNotInAllowedRange",
  "timeWindowSize": "string"

For DirectMethodInvokesNotInAllowedRange, use:

  "ruleType": "DirectMethodInvokesNotInAllowedRange",
  "timeWindowSize": "string"

For FailedLocalLoginsNotInAllowedRange, use:

  "ruleType": "FailedLocalLoginsNotInAllowedRange",
  "timeWindowSize": "string"

For FileUploadsNotInAllowedRange, use:

  "ruleType": "FileUploadsNotInAllowedRange",
  "timeWindowSize": "string"

For HttpC2DMessagesNotInAllowedRange, use:

  "ruleType": "HttpC2DMessagesNotInAllowedRange",
  "timeWindowSize": "string"

For HttpC2DRejectedMessagesNotInAllowedRange, use:

  "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange",
  "timeWindowSize": "string"

For HttpD2CMessagesNotInAllowedRange, use:

  "ruleType": "HttpD2CMessagesNotInAllowedRange",
  "timeWindowSize": "string"

For MqttC2DMessagesNotInAllowedRange, use:

  "ruleType": "MqttC2DMessagesNotInAllowedRange",
  "timeWindowSize": "string"

For MqttC2DRejectedMessagesNotInAllowedRange, use:

  "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange",
  "timeWindowSize": "string"

For MqttD2CMessagesNotInAllowedRange, use:

  "ruleType": "MqttD2CMessagesNotInAllowedRange",
  "timeWindowSize": "string"

For QueuePurgesNotInAllowedRange, use:

  "ruleType": "QueuePurgesNotInAllowedRange",
  "timeWindowSize": "string"

For TwinUpdatesNotInAllowedRange, use:

  "ruleType": "TwinUpdatesNotInAllowedRange",
  "timeWindowSize": "string"

For UnauthorizedOperationsNotInAllowedRange, use:

  "ruleType": "UnauthorizedOperationsNotInAllowedRange",
  "timeWindowSize": "string"

TimeWindowCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

  "ruleType": "ActiveConnectionsNotInAllowedRange"

For AmqpC2DMessagesNotInAllowedRange, use:

  "ruleType": "AmqpC2DMessagesNotInAllowedRange"

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

  "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange"

For AmqpD2CMessagesNotInAllowedRange, use:

  "ruleType": "AmqpD2CMessagesNotInAllowedRange"

For DirectMethodInvokesNotInAllowedRange, use:

  "ruleType": "DirectMethodInvokesNotInAllowedRange"

For FailedLocalLoginsNotInAllowedRange, use:

  "ruleType": "FailedLocalLoginsNotInAllowedRange"

For FileUploadsNotInAllowedRange, use:

  "ruleType": "FileUploadsNotInAllowedRange"

For HttpC2DMessagesNotInAllowedRange, use:

  "ruleType": "HttpC2DMessagesNotInAllowedRange"

For HttpC2DRejectedMessagesNotInAllowedRange, use:

  "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange"

For HttpD2CMessagesNotInAllowedRange, use:

  "ruleType": "HttpD2CMessagesNotInAllowedRange"

For MqttC2DMessagesNotInAllowedRange, use:

  "ruleType": "MqttC2DMessagesNotInAllowedRange"

For MqttC2DRejectedMessagesNotInAllowedRange, use:

  "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange"

For MqttD2CMessagesNotInAllowedRange, use:

  "ruleType": "MqttD2CMessagesNotInAllowedRange"

For QueuePurgesNotInAllowedRange, use:

  "ruleType": "QueuePurgesNotInAllowedRange"

For TwinUpdatesNotInAllowedRange, use:

  "ruleType": "TwinUpdatesNotInAllowedRange"

For UnauthorizedOperationsNotInAllowedRange, use:

  "ruleType": "UnauthorizedOperationsNotInAllowedRange"

Property values

deviceSecurityGroups

Name Description Value
type The resource type 'Microsoft.Security/deviceSecurityGroups'
apiVersion The resource api version '2019-08-01'
name The resource name string (required)

Character limit: 1-260

Valid characters:
Alphanumerics, underscores, and hyphens.
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For JSON, set the value to the full name of the resource to apply the extension resource to.
properties Device Security group data DeviceSecurityGroupProperties

DeviceSecurityGroupProperties

Name Description Value
allowlistRules The allow-list custom alert rules. AllowlistCustomAlertRule[]
denylistRules The deny-list custom alert rules. DenylistCustomAlertRule[]
thresholdRules The list of custom alert threshold rules. ThresholdCustomAlertRule[]
timeWindowRules The list of custom alert time-window rules. TimeWindowCustomAlertRule[]

AllowlistCustomAlertRule

Name Description Value
allowlistValues The values to allow. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType Set the object type ConnectionFromIpNotAllowed
ConnectionToIpNotAllowed
LocalUserNotAllowed
ProcessNotAllowed (required)

ConnectionFromIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionFromIpNotAllowed' (required)

ConnectionToIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionToIpNotAllowed' (required)

LocalUserNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'LocalUserNotAllowed' (required)

ProcessNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ProcessNotAllowed' (required)

DenylistCustomAlertRule

Name Description Value
denylistValues The values to deny. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType The type of the custom alert rule. string (required)

ThresholdCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
ruleType Set the object type ActiveConnectionsNotInAllowedRange
AmqpC2DMessagesNotInAllowedRange
AmqpC2DRejectedMessagesNotInAllowedRange
AmqpD2CMessagesNotInAllowedRange
DirectMethodInvokesNotInAllowedRange
FailedLocalLoginsNotInAllowedRange
FileUploadsNotInAllowedRange
HttpC2DMessagesNotInAllowedRange
HttpC2DRejectedMessagesNotInAllowedRange
HttpD2CMessagesNotInAllowedRange
MqttC2DMessagesNotInAllowedRange
MqttC2DRejectedMessagesNotInAllowedRange
MqttD2CMessagesNotInAllowedRange
QueuePurgesNotInAllowedRange
TwinUpdatesNotInAllowedRange
UnauthorizedOperationsNotInAllowedRange (required)

ActiveConnectionsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'ActiveConnectionsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

DirectMethodInvokesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'DirectMethodInvokesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

FailedLocalLoginsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FailedLocalLoginsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

FileUploadsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FileUploadsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DRejectedMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttD2CMessagesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

QueuePurgesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'QueuePurgesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

TwinUpdatesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'TwinUpdatesNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

UnauthorizedOperationsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'UnauthorizedOperationsNotInAllowedRange' (required)
timeWindowSize The time window size in iso8601 format. string (required)

TimeWindowCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
timeWindowSize The time window size in iso8601 format. string (required)
ruleType Set the object type ActiveConnectionsNotInAllowedRange
AmqpC2DMessagesNotInAllowedRange
AmqpC2DRejectedMessagesNotInAllowedRange
AmqpD2CMessagesNotInAllowedRange
DirectMethodInvokesNotInAllowedRange
FailedLocalLoginsNotInAllowedRange
FileUploadsNotInAllowedRange
HttpC2DMessagesNotInAllowedRange
HttpC2DRejectedMessagesNotInAllowedRange
HttpD2CMessagesNotInAllowedRange
MqttC2DMessagesNotInAllowedRange
MqttC2DRejectedMessagesNotInAllowedRange
MqttD2CMessagesNotInAllowedRange
QueuePurgesNotInAllowedRange
TwinUpdatesNotInAllowedRange
UnauthorizedOperationsNotInAllowedRange (required)

Terraform (AzAPI provider) resource definition

The deviceSecurityGroups resource type is an extension resource, which means you can apply it to another resource.

Use the parent_id property on this resource to set the scope for this resource.

The deviceSecurityGroups resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/deviceSecurityGroups resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Security/deviceSecurityGroups@2019-08-01"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      allowlistRules = [
        {
          allowlistValues = [
            "string"
          ]
          isEnabled = bool
          ruleType = "string"
          // For remaining properties, see AllowlistCustomAlertRule objects
        }
      ]
      denylistRules = [
        {
          denylistValues = [
            "string"
          ]
          isEnabled = bool
          ruleType = "string"
        }
      ]
      thresholdRules = [
        {
          isEnabled = bool
          maxThreshold = int
          minThreshold = int
          ruleType = "string"
          // For remaining properties, see ThresholdCustomAlertRule objects
        }
      ]
      timeWindowRules = [
        {
          isEnabled = bool
          maxThreshold = int
          minThreshold = int
          timeWindowSize = "string"
          ruleType = "string"
          // For remaining properties, see TimeWindowCustomAlertRule objects
        }
      ]
    }
  })
}

AllowlistCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ConnectionFromIpNotAllowed, use:

  ruleType = "ConnectionFromIpNotAllowed"

For ConnectionToIpNotAllowed, use:

  ruleType = "ConnectionToIpNotAllowed"

For LocalUserNotAllowed, use:

  ruleType = "LocalUserNotAllowed"

For ProcessNotAllowed, use:

  ruleType = "ProcessNotAllowed"

ThresholdCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

  ruleType = "ActiveConnectionsNotInAllowedRange"
  timeWindowSize = "string"

For AmqpC2DMessagesNotInAllowedRange, use:

  ruleType = "AmqpC2DMessagesNotInAllowedRange"
  timeWindowSize = "string"

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType = "AmqpC2DRejectedMessagesNotInAllowedRange"
  timeWindowSize = "string"

For AmqpD2CMessagesNotInAllowedRange, use:

  ruleType = "AmqpD2CMessagesNotInAllowedRange"
  timeWindowSize = "string"

For DirectMethodInvokesNotInAllowedRange, use:

  ruleType = "DirectMethodInvokesNotInAllowedRange"
  timeWindowSize = "string"

For FailedLocalLoginsNotInAllowedRange, use:

  ruleType = "FailedLocalLoginsNotInAllowedRange"
  timeWindowSize = "string"

For FileUploadsNotInAllowedRange, use:

  ruleType = "FileUploadsNotInAllowedRange"
  timeWindowSize = "string"

For HttpC2DMessagesNotInAllowedRange, use:

  ruleType = "HttpC2DMessagesNotInAllowedRange"
  timeWindowSize = "string"

For HttpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType = "HttpC2DRejectedMessagesNotInAllowedRange"
  timeWindowSize = "string"

For HttpD2CMessagesNotInAllowedRange, use:

  ruleType = "HttpD2CMessagesNotInAllowedRange"
  timeWindowSize = "string"

For MqttC2DMessagesNotInAllowedRange, use:

  ruleType = "MqttC2DMessagesNotInAllowedRange"
  timeWindowSize = "string"

For MqttC2DRejectedMessagesNotInAllowedRange, use:

  ruleType = "MqttC2DRejectedMessagesNotInAllowedRange"
  timeWindowSize = "string"

For MqttD2CMessagesNotInAllowedRange, use:

  ruleType = "MqttD2CMessagesNotInAllowedRange"
  timeWindowSize = "string"

For QueuePurgesNotInAllowedRange, use:

  ruleType = "QueuePurgesNotInAllowedRange"
  timeWindowSize = "string"

For TwinUpdatesNotInAllowedRange, use:

  ruleType = "TwinUpdatesNotInAllowedRange"
  timeWindowSize = "string"

For UnauthorizedOperationsNotInAllowedRange, use:

  ruleType = "UnauthorizedOperationsNotInAllowedRange"
  timeWindowSize = "string"

TimeWindowCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

  ruleType = "ActiveConnectionsNotInAllowedRange"

For AmqpC2DMessagesNotInAllowedRange, use:

  ruleType = "AmqpC2DMessagesNotInAllowedRange"

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType = "AmqpC2DRejectedMessagesNotInAllowedRange"

For AmqpD2CMessagesNotInAllowedRange, use:

  ruleType = "AmqpD2CMessagesNotInAllowedRange"

For DirectMethodInvokesNotInAllowedRange, use:

  ruleType = "DirectMethodInvokesNotInAllowedRange"

For FailedLocalLoginsNotInAllowedRange, use:

  ruleType = "FailedLocalLoginsNotInAllowedRange"

For FileUploadsNotInAllowedRange, use:

  ruleType = "FileUploadsNotInAllowedRange"

For HttpC2DMessagesNotInAllowedRange, use:

  ruleType = "HttpC2DMessagesNotInAllowedRange"

For HttpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType = "HttpC2DRejectedMessagesNotInAllowedRange"

For HttpD2CMessagesNotInAllowedRange, use:

  ruleType = "HttpD2CMessagesNotInAllowedRange"

For MqttC2DMessagesNotInAllowedRange, use:

  ruleType = "MqttC2DMessagesNotInAllowedRange"

For MqttC2DRejectedMessagesNotInAllowedRange, use:

  ruleType = "MqttC2DRejectedMessagesNotInAllowedRange"

For MqttD2CMessagesNotInAllowedRange, use:

  ruleType = "MqttD2CMessagesNotInAllowedRange"

For QueuePurgesNotInAllowedRange, use:

  ruleType = "QueuePurgesNotInAllowedRange"

For TwinUpdatesNotInAllowedRange, use:

  ruleType = "TwinUpdatesNotInAllowedRange"

For UnauthorizedOperationsNotInAllowedRange, use:

  ruleType = "UnauthorizedOperationsNotInAllowedRange"

Property values

deviceSecurityGroups

Name Description Value
type The resource type "Microsoft.Security/deviceSecurityGroups@2019-08-01"
name The resource name string (required)

Character limit: 1-260

Valid characters:
Alphanumerics, underscores, and hyphens.
parent_id The ID of the resource to apply this extension resource to. string (required)
properties Device Security group data DeviceSecurityGroupProperties

DeviceSecurityGroupProperties

Name Description Value
allowlistRules The allow-list custom alert rules. AllowlistCustomAlertRule[]
denylistRules The deny-list custom alert rules. DenylistCustomAlertRule[]
thresholdRules The list of custom alert threshold rules. ThresholdCustomAlertRule[]
timeWindowRules The list of custom alert time-window rules. TimeWindowCustomAlertRule[]

AllowlistCustomAlertRule

Name Description Value
allowlistValues The values to allow. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType Set the object type ConnectionFromIpNotAllowed
ConnectionToIpNotAllowed
LocalUserNotAllowed
ProcessNotAllowed (required)

ConnectionFromIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. "ConnectionFromIpNotAllowed" (required)

ConnectionToIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. "ConnectionToIpNotAllowed" (required)

LocalUserNotAllowed

Name Description Value
ruleType The type of the custom alert rule. "LocalUserNotAllowed" (required)

ProcessNotAllowed

Name Description Value
ruleType The type of the custom alert rule. "ProcessNotAllowed" (required)

DenylistCustomAlertRule

Name Description Value
denylistValues The values to deny. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType The type of the custom alert rule. string (required)

ThresholdCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
ruleType Set the object type ActiveConnectionsNotInAllowedRange
AmqpC2DMessagesNotInAllowedRange
AmqpC2DRejectedMessagesNotInAllowedRange
AmqpD2CMessagesNotInAllowedRange
DirectMethodInvokesNotInAllowedRange
FailedLocalLoginsNotInAllowedRange
FileUploadsNotInAllowedRange
HttpC2DMessagesNotInAllowedRange
HttpC2DRejectedMessagesNotInAllowedRange
HttpD2CMessagesNotInAllowedRange
MqttC2DMessagesNotInAllowedRange
MqttC2DRejectedMessagesNotInAllowedRange
MqttD2CMessagesNotInAllowedRange
QueuePurgesNotInAllowedRange
TwinUpdatesNotInAllowedRange
UnauthorizedOperationsNotInAllowedRange (required)

ActiveConnectionsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "ActiveConnectionsNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "AmqpC2DMessagesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "AmqpC2DRejectedMessagesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

AmqpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "AmqpD2CMessagesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

DirectMethodInvokesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "DirectMethodInvokesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

FailedLocalLoginsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "FailedLocalLoginsNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

FileUploadsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "FileUploadsNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "HttpC2DMessagesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "HttpC2DRejectedMessagesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

HttpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "HttpD2CMessagesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "MqttC2DMessagesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "MqttC2DRejectedMessagesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

MqttD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "MqttD2CMessagesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

QueuePurgesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "QueuePurgesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

TwinUpdatesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "TwinUpdatesNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

UnauthorizedOperationsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. "UnauthorizedOperationsNotInAllowedRange" (required)
timeWindowSize The time window size in iso8601 format. string (required)

TimeWindowCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
timeWindowSize The time window size in iso8601 format. string (required)
ruleType Set the object type ActiveConnectionsNotInAllowedRange
AmqpC2DMessagesNotInAllowedRange
AmqpC2DRejectedMessagesNotInAllowedRange
AmqpD2CMessagesNotInAllowedRange
DirectMethodInvokesNotInAllowedRange
FailedLocalLoginsNotInAllowedRange
FileUploadsNotInAllowedRange
HttpC2DMessagesNotInAllowedRange
HttpC2DRejectedMessagesNotInAllowedRange
HttpD2CMessagesNotInAllowedRange
MqttC2DMessagesNotInAllowedRange
MqttC2DRejectedMessagesNotInAllowedRange
MqttD2CMessagesNotInAllowedRange
QueuePurgesNotInAllowedRange
TwinUpdatesNotInAllowedRange
UnauthorizedOperationsNotInAllowedRange (required)