Microsoft.Security governanceRules 2022-01-01-preview
Bicep resource definition
The governanceRules resource type is an extension resource, which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.
The governanceRules resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/governanceRules resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/governanceRules@2022-01-01-preview' = {
name: 'string'
scope: resourceSymbolicName
properties: {
conditionSets: [
any
]
description: 'string'
displayName: 'string'
excludedScopes: [
'string'
]
governanceEmailNotification: {
disableManagerEmailNotification: bool
disableOwnerEmailNotification: bool
}
includeMemberScopes: bool
isDisabled: bool
isGracePeriod: bool
metadata: {}
ownerSource: {
type: 'string'
value: 'string'
}
remediationTimeframe: 'string'
rulePriority: int
ruleType: 'string'
sourceResourceType: 'Assessments'
}
}
Property values
governanceRules
Name | Description | Value |
---|---|---|
name | The resource name | string (required) |
scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource. |
properties | Properties of a governance rule | GovernanceRuleProperties |
GovernanceRuleProperties
Name | Description | Value |
---|---|---|
conditionSets | The governance rule conditionSets - see examples | any[] (required) |
description | Description of the governance rule | string |
displayName | Display name of the governance rule | string (required) |
excludedScopes | Excluded scopes, filter out the descendants of the scope (on management scopes) | string[] |
governanceEmailNotification | The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners | GovernanceRuleEmailNotification |
includeMemberScopes | Defines whether the rule is management scope rule (master connector as a single scope or management scope) | bool |
isDisabled | Defines whether the rule is active/inactive | bool |
isGracePeriod | Defines whether there is a grace period on the governance rule | bool |
metadata | The governance rule metadata | GovernanceRuleMetadata |
ownerSource | The owner source for the governance rule - e.g. Manually by user@contoso.com - see example | GovernanceRuleOwnerSource (required) |
remediationTimeframe | Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days | string Constraints: Pattern = ^[0-9]+\.[0-9]{2}:[0-9]{2}:[0-9]{2}$ |
rulePriority | The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed | int (required) Constraints: Min value = 0 Max value = 1000 |
ruleType | The rule type of the governance rule, defines the source of the rule e.g. Integrated | 'Integrated' 'ServiceNow' (required) |
sourceResourceType | The governance rule source, what the rule affects, e.g. Assessments | 'Assessments' (required) |
GovernanceRuleEmailNotification
Name | Description | Value |
---|---|---|
disableManagerEmailNotification | Defines whether manager email notifications are disabled | bool |
disableOwnerEmailNotification | Defines whether owner email notifications are disabled | bool |
GovernanceRuleMetadata
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
GovernanceRuleOwnerSource
Name | Description | Value |
---|---|---|
type | The owner type for the governance rule owner source | 'ByTag' 'Manually' |
value | The source value e.g. tag key like owner name or email address | string |
ARM template resource definition
The governanceRules resource type is an extension resource, which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
The governanceRules resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/governanceRules resource, add the following JSON to your template.
{
"type": "Microsoft.Security/governanceRules",
"apiVersion": "2022-01-01-preview",
"name": "string",
"scope": "string",
"properties": {
"conditionSets": [ object ],
"description": "string",
"displayName": "string",
"excludedScopes": [ "string" ],
"governanceEmailNotification": {
"disableManagerEmailNotification": "bool",
"disableOwnerEmailNotification": "bool"
},
"includeMemberScopes": "bool",
"isDisabled": "bool",
"isGracePeriod": "bool",
"metadata": {},
"ownerSource": {
"type": "string",
"value": "string"
},
"remediationTimeframe": "string",
"rulePriority": "int",
"ruleType": "string",
"sourceResourceType": "Assessments"
}
}
Property values
governanceRules
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Security/governanceRules' |
apiVersion | The resource api version | '2022-01-01-preview' |
name | The resource name | string (required) |
scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
properties | Properties of a governance rule | GovernanceRuleProperties |
GovernanceRuleProperties
Name | Description | Value |
---|---|---|
conditionSets | The governance rule conditionSets - see examples | any[] (required) |
description | Description of the governance rule | string |
displayName | Display name of the governance rule | string (required) |
excludedScopes | Excluded scopes, filter out the descendants of the scope (on management scopes) | string[] |
governanceEmailNotification | The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners | GovernanceRuleEmailNotification |
includeMemberScopes | Defines whether the rule is management scope rule (master connector as a single scope or management scope) | bool |
isDisabled | Defines whether the rule is active/inactive | bool |
isGracePeriod | Defines whether there is a grace period on the governance rule | bool |
metadata | The governance rule metadata | GovernanceRuleMetadata |
ownerSource | The owner source for the governance rule - e.g. Manually by user@contoso.com - see example | GovernanceRuleOwnerSource (required) |
remediationTimeframe | Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days | string Constraints: Pattern = ^[0-9]+\.[0-9]{2}:[0-9]{2}:[0-9]{2}$ |
rulePriority | The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed | int (required) Constraints: Min value = 0 Max value = 1000 |
ruleType | The rule type of the governance rule, defines the source of the rule e.g. Integrated | 'Integrated' 'ServiceNow' (required) |
sourceResourceType | The governance rule source, what the rule affects, e.g. Assessments | 'Assessments' (required) |
GovernanceRuleEmailNotification
Name | Description | Value |
---|---|---|
disableManagerEmailNotification | Defines whether manager email notifications are disabled | bool |
disableOwnerEmailNotification | Defines whether owner email notifications are disabled | bool |
GovernanceRuleMetadata
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
GovernanceRuleOwnerSource
Name | Description | Value |
---|---|---|
type | The owner type for the governance rule owner source | 'ByTag' 'Manually' |
value | The source value e.g. tag key like owner name or email address | string |
Terraform (AzAPI provider) resource definition
The governanceRules resource type is an extension resource, which means you can apply it to another resource.
Use the parent_id
property on this resource to set the scope for this resource.
The governanceRules resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/governanceRules resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/governanceRules@2022-01-01-preview"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
conditionSets = [ object ]
description = "string"
displayName = "string"
excludedScopes = [
"string"
]
governanceEmailNotification = {
disableManagerEmailNotification = bool
disableOwnerEmailNotification = bool
}
includeMemberScopes = bool
isDisabled = bool
isGracePeriod = bool
metadata = {}
ownerSource = {
type = "string"
value = "string"
}
remediationTimeframe = "string"
rulePriority = int
ruleType = "string"
sourceResourceType = "Assessments"
}
})
}
Property values
governanceRules
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.Security/governanceRules@2022-01-01-preview" |
name | The resource name | string (required) |
parent_id | The ID of the resource to apply this extension resource to. | string (required) |
properties | Properties of a governance rule | GovernanceRuleProperties |
GovernanceRuleProperties
Name | Description | Value |
---|---|---|
conditionSets | The governance rule conditionSets - see examples | any[] (required) |
description | Description of the governance rule | string |
displayName | Display name of the governance rule | string (required) |
excludedScopes | Excluded scopes, filter out the descendants of the scope (on management scopes) | string[] |
governanceEmailNotification | The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners | GovernanceRuleEmailNotification |
includeMemberScopes | Defines whether the rule is management scope rule (master connector as a single scope or management scope) | bool |
isDisabled | Defines whether the rule is active/inactive | bool |
isGracePeriod | Defines whether there is a grace period on the governance rule | bool |
metadata | The governance rule metadata | GovernanceRuleMetadata |
ownerSource | The owner source for the governance rule - e.g. Manually by user@contoso.com - see example | GovernanceRuleOwnerSource (required) |
remediationTimeframe | Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days | string Constraints: Pattern = ^[0-9]+\.[0-9]{2}:[0-9]{2}:[0-9]{2}$ |
rulePriority | The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed | int (required) Constraints: Min value = 0 Max value = 1000 |
ruleType | The rule type of the governance rule, defines the source of the rule e.g. Integrated | "Integrated" "ServiceNow" (required) |
sourceResourceType | The governance rule source, what the rule affects, e.g. Assessments | "Assessments" (required) |
GovernanceRuleEmailNotification
Name | Description | Value |
---|---|---|
disableManagerEmailNotification | Defines whether manager email notifications are disabled | bool |
disableOwnerEmailNotification | Defines whether owner email notifications are disabled | bool |
GovernanceRuleMetadata
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
GovernanceRuleOwnerSource
Name | Description | Value |
---|---|---|
type | The owner type for the governance rule owner source | "ByTag" "Manually" |
value | The source value e.g. tag key like owner name or email address | string |
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for