Microsoft.Security assessmentMetadata

Template format

To create a Microsoft.Security/assessmentMetadata resource, add the following JSON to the resources section of your template.

  "name": "string",
  "type": "Microsoft.Security/assessmentMetadata",
  "apiVersion": "2020-01-01",
  "properties": {
    "displayName": "string",
    "description": "string",
    "remediationDescription": "string",
    "categories": [
    "severity": "string",
    "userImpact": "string",
    "implementationEffort": "string",
    "threats": [
    "preview": "boolean",
    "assessmentType": "string",
    "partnerData": {
      "partnerName": "string",
      "productName": "string",
      "secret": "string"

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Security/assessmentMetadata object


In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes The Assessment Key - Unique key for the assessment type
type enum Yes For JSON - Microsoft.Security/assessmentMetadata
apiVersion enum Yes For JSON - 2020-01-01
properties object Yes SecurityAssessmentMetadataProperties object

SecurityAssessmentMetadataProperties object

Name Type Required Value
displayName string Yes User friendly display name of the assessment
description string No Human readable description of the assessment
remediationDescription string No Human readable description of what you should do to mitigate this security issue
categories array No Compute, Networking, Data, IdentityAndAccess, IoT
severity enum Yes The severity level of the assessment. - Low, Medium, High
userImpact enum No The user impact of the assessment. - Low, Moderate, High
implementationEffort enum No The implementation effort required to remediate this assessment. - Low, Moderate, High
threats array No accountBreach, dataExfiltration, dataSpillage, maliciousInsider, elevationOfPrivilege, threatResistance, missingCoverage, denialOfService
preview boolean No True if this assessment is in preview release status
assessmentType enum Yes BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition. - BuiltIn, CustomPolicy, CustomerManaged, VerifiedPartner
partnerData object No SecurityAssessmentMetadataPartnerData object

SecurityAssessmentMetadataPartnerData object

Name Type Required Value
partnerName string Yes Name of the company of the partner
productName string No Name of the product of the partner that created the assessment
secret string Yes Secret to authenticate the partner and verify it created the assessment - write only