Microsoft.Security assessments template reference

Template format

To create a Microsoft.Security/assessments resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Security/assessments",
  "apiVersion": "2020-01-01",
  "properties": {
    "resourceDetails": {
      "source": "string"
    },
    "status": {
      "code": "string",
      "cause": "string",
      "description": "string"
    },
    "additionalData": {},
    "links": {},
    "metadata": {
      "displayName": "string",
      "description": "string",
      "remediationDescription": "string",
      "category": [
        "string"
      ],
      "severity": "string",
      "userImpact": "string",
      "implementationEffort": "string",
      "threats": [
        "string"
      ],
      "preview": "boolean",
      "assessmentType": "string",
      "partnerData": {
        "partnerName": "string",
        "productName": "string",
        "secret": "string"
      }
    },
    "partnersData": {
      "partnerName": "string",
      "secret": "string"
    }
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Security/assessments object

Name Type Required Value
name string Yes The Assessment Key - Unique key for the assessment type
type enum Yes Microsoft.Security/assessments
apiVersion enum Yes 2020-01-01
properties object Yes SecurityAssessmentProperties object

SecurityAssessmentProperties object

Name Type Required Value
resourceDetails object Yes ResourceDetails object
status object Yes AssessmentStatus object
additionalData object No Additional data regarding the assessment
links object No
metadata object No SecurityAssessmentMetadataProperties object
partnersData object No SecurityAssessmentPartnerData object

ResourceDetails object

Name Type Required Value
source string Yes

AssessmentStatus object

Name Type Required Value
code enum Yes Programmatic code for the status of the assessment. - Healthy, Unhealthy, NotApplicable
cause string No Programmatic code for the cause of the assessment status
description string No Human readable description of the assessment status

SecurityAssessmentMetadataProperties object

Name Type Required Value
displayName string Yes User friendly display name of the assessment
description string No Human readable description of the assessment
remediationDescription string No Human readable description of what you should do to mitigate this security issue
category array No Compute, Networking, Data, IdentityAndAccess, IoT
severity enum Yes The severity level of the assessment. - Low, Medium, High
userImpact enum No The user impact of the assessment. - Low, Moderate, High
implementationEffort enum No The implementation effort required to remediate this assessment. - Low, Moderate, High
threats array No accountBreach, dataExfiltration, dataSpillage, maliciousInsider, elevationOfPrivilege, threatResistance, missingCoverage, denialOfService
preview boolean No True if this assessment is in preview release status
assessmentType enum Yes BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition. - BuiltIn, CustomPolicy, CustomerManaged, VerifiedPartner
partnerData object No SecurityAssessmentMetadataPartnerData object

SecurityAssessmentPartnerData object

Name Type Required Value
partnerName string Yes Name of the company of the partner
secret string Yes secret to authenticate the partner - write only

SecurityAssessmentMetadataPartnerData object

Name Type Required Value
partnerName string Yes Name of the company of the partner
productName string No Name of the product of the partner that created the assessment
secret string Yes Secret to authenticate the partner and verify it created the assessment - write only