Microsoft.Security deviceSecurityGroups

The deviceSecurityGroups resource type can be deployed to: Resource groups.

To learn about resource group deployments, see Bicep or ARM template.

Template format

To create a Microsoft.Security/deviceSecurityGroups resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.Security/deviceSecurityGroups@2019-08-01' = {
  name: 'string'
  properties: {
    allowlistRules: [
      {
        allowlistValues: [ 'string' ]
        isEnabled: bool
        ruleType: 'string'
        // For remaining properties, see AllowlistCustomAlertRule objects
      }
    ]
    denylistRules: [
      {
        denylistValues: [ 'string' ]
        isEnabled: bool
        ruleType: 'string'
      }
    ]
    thresholdRules: [
      {
        isEnabled: bool
        maxThreshold: int
        minThreshold: int
        ruleType: 'string'
        // For remaining properties, see ThresholdCustomAlertRule objects
      }
    ]
    timeWindowRules: [
      {
        isEnabled: bool
        maxThreshold: int
        minThreshold: int
        timeWindowSize: 'string'
        ruleType: 'string'
        // For remaining properties, see TimeWindowCustomAlertRule objects
      }
    ]
  }
}

AllowlistCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ConnectionFromIpNotAllowed, use:

  ruleType: 'ConnectionFromIpNotAllowed'

For ConnectionToIpNotAllowed, use:

  ruleType: 'ConnectionToIpNotAllowed'

For LocalUserNotAllowed, use:

  ruleType: 'LocalUserNotAllowed'

For ProcessNotAllowed, use:

  ruleType: 'ProcessNotAllowed'

ThresholdCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

  ruleType: 'ActiveConnectionsNotInAllowedRange'

For AmqpC2DMessagesNotInAllowedRange, use:

  ruleType: 'AmqpC2DMessagesNotInAllowedRange'

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'AmqpC2DRejectedMessagesNotInAllowedRange'

For AmqpD2CMessagesNotInAllowedRange, use:

  ruleType: 'AmqpD2CMessagesNotInAllowedRange'

For DirectMethodInvokesNotInAllowedRange, use:

  ruleType: 'DirectMethodInvokesNotInAllowedRange'

For FailedLocalLoginsNotInAllowedRange, use:

  ruleType: 'FailedLocalLoginsNotInAllowedRange'

For FileUploadsNotInAllowedRange, use:

  ruleType: 'FileUploadsNotInAllowedRange'

For HttpC2DMessagesNotInAllowedRange, use:

  ruleType: 'HttpC2DMessagesNotInAllowedRange'

For HttpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'HttpC2DRejectedMessagesNotInAllowedRange'

For HttpD2CMessagesNotInAllowedRange, use:

  ruleType: 'HttpD2CMessagesNotInAllowedRange'

For MqttC2DMessagesNotInAllowedRange, use:

  ruleType: 'MqttC2DMessagesNotInAllowedRange'

For MqttC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'MqttC2DRejectedMessagesNotInAllowedRange'

For MqttD2CMessagesNotInAllowedRange, use:

  ruleType: 'MqttD2CMessagesNotInAllowedRange'

For QueuePurgesNotInAllowedRange, use:

  ruleType: 'QueuePurgesNotInAllowedRange'

For TwinUpdatesNotInAllowedRange, use:

  ruleType: 'TwinUpdatesNotInAllowedRange'

For UnauthorizedOperationsNotInAllowedRange, use:

  ruleType: 'UnauthorizedOperationsNotInAllowedRange'

TimeWindowCustomAlertRule objects

Set the ruleType property to specify the type of object.

For ActiveConnectionsNotInAllowedRange, use:

  ruleType: 'ActiveConnectionsNotInAllowedRange'

For AmqpC2DMessagesNotInAllowedRange, use:

  ruleType: 'AmqpC2DMessagesNotInAllowedRange'

For AmqpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'AmqpC2DRejectedMessagesNotInAllowedRange'

For AmqpD2CMessagesNotInAllowedRange, use:

  ruleType: 'AmqpD2CMessagesNotInAllowedRange'

For DirectMethodInvokesNotInAllowedRange, use:

  ruleType: 'DirectMethodInvokesNotInAllowedRange'

For FailedLocalLoginsNotInAllowedRange, use:

  ruleType: 'FailedLocalLoginsNotInAllowedRange'

For FileUploadsNotInAllowedRange, use:

  ruleType: 'FileUploadsNotInAllowedRange'

For HttpC2DMessagesNotInAllowedRange, use:

  ruleType: 'HttpC2DMessagesNotInAllowedRange'

For HttpC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'HttpC2DRejectedMessagesNotInAllowedRange'

For HttpD2CMessagesNotInAllowedRange, use:

  ruleType: 'HttpD2CMessagesNotInAllowedRange'

For MqttC2DMessagesNotInAllowedRange, use:

  ruleType: 'MqttC2DMessagesNotInAllowedRange'

For MqttC2DRejectedMessagesNotInAllowedRange, use:

  ruleType: 'MqttC2DRejectedMessagesNotInAllowedRange'

For MqttD2CMessagesNotInAllowedRange, use:

  ruleType: 'MqttD2CMessagesNotInAllowedRange'

For QueuePurgesNotInAllowedRange, use:

  ruleType: 'QueuePurgesNotInAllowedRange'

For TwinUpdatesNotInAllowedRange, use:

  ruleType: 'TwinUpdatesNotInAllowedRange'

For UnauthorizedOperationsNotInAllowedRange, use:

  ruleType: 'UnauthorizedOperationsNotInAllowedRange'

Property values

deviceSecurityGroups

Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
'Microsoft.Security/deviceSecurityGroups'
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
'2019-08-01'
name The resource name string (required)
properties describes properties of a security group. DeviceSecurityGroupProperties

DeviceSecurityGroupProperties

Name Description Value
allowlistRules The allow-list custom alert rules. AllowlistCustomAlertRule[]
denylistRules The deny-list custom alert rules. DenylistCustomAlertRule[]
thresholdRules The list of custom alert threshold rules. ThresholdCustomAlertRule[]
timeWindowRules The list of custom alert time-window rules. TimeWindowCustomAlertRule[]

AllowlistCustomAlertRule

Name Description Value
allowlistValues The values to allow. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType Set the object type ConnectionFromIpNotAllowed
ConnectionToIpNotAllowed
LocalUserNotAllowed
ProcessNotAllowed

ConnectionFromIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionFromIpNotAllowed'

ConnectionToIpNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ConnectionToIpNotAllowed'

LocalUserNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'LocalUserNotAllowed'

ProcessNotAllowed

Name Description Value
ruleType The type of the custom alert rule. 'ProcessNotAllowed'

DenylistCustomAlertRule

Name Description Value
denylistValues The values to deny. The format of the values depends on the rule type. string[] (required)
isEnabled Status of the custom alert. bool (required)
ruleType The type of the custom alert rule. string (required)

ThresholdCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
ruleType Set the object type ActiveConnectionsNotInAllowedRange
AmqpC2DMessagesNotInAllowedRange
AmqpC2DRejectedMessagesNotInAllowedRange
AmqpD2CMessagesNotInAllowedRange
DirectMethodInvokesNotInAllowedRange
FailedLocalLoginsNotInAllowedRange
FileUploadsNotInAllowedRange
HttpC2DMessagesNotInAllowedRange
HttpC2DRejectedMessagesNotInAllowedRange
HttpD2CMessagesNotInAllowedRange
MqttC2DMessagesNotInAllowedRange
MqttC2DRejectedMessagesNotInAllowedRange
MqttD2CMessagesNotInAllowedRange
QueuePurgesNotInAllowedRange
TwinUpdatesNotInAllowedRange
UnauthorizedOperationsNotInAllowedRange

ActiveConnectionsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'ActiveConnectionsNotInAllowedRange'

AmqpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DMessagesNotInAllowedRange'

AmqpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpC2DRejectedMessagesNotInAllowedRange'

AmqpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'AmqpD2CMessagesNotInAllowedRange'

DirectMethodInvokesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'DirectMethodInvokesNotInAllowedRange'

FailedLocalLoginsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FailedLocalLoginsNotInAllowedRange'

FileUploadsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'FileUploadsNotInAllowedRange'

HttpC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DMessagesNotInAllowedRange'

HttpC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpC2DRejectedMessagesNotInAllowedRange'

HttpD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'HttpD2CMessagesNotInAllowedRange'

MqttC2DMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DMessagesNotInAllowedRange'

MqttC2DRejectedMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttC2DRejectedMessagesNotInAllowedRange'

MqttD2CMessagesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'MqttD2CMessagesNotInAllowedRange'

QueuePurgesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'QueuePurgesNotInAllowedRange'

TwinUpdatesNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'TwinUpdatesNotInAllowedRange'

UnauthorizedOperationsNotInAllowedRange

Name Description Value
ruleType The type of the custom alert rule. 'UnauthorizedOperationsNotInAllowedRange'

TimeWindowCustomAlertRule

Name Description Value
isEnabled Status of the custom alert. bool (required)
maxThreshold The maximum threshold. int (required)
minThreshold The minimum threshold. int (required)
timeWindowSize The time window size in iso8601 format. string (required)
ruleType Set the object type ActiveConnectionsNotInAllowedRange
AmqpC2DMessagesNotInAllowedRange
AmqpC2DRejectedMessagesNotInAllowedRange
AmqpD2CMessagesNotInAllowedRange
DirectMethodInvokesNotInAllowedRange
FailedLocalLoginsNotInAllowedRange
FileUploadsNotInAllowedRange
HttpC2DMessagesNotInAllowedRange
HttpC2DRejectedMessagesNotInAllowedRange
HttpD2CMessagesNotInAllowedRange
MqttC2DMessagesNotInAllowedRange
MqttC2DRejectedMessagesNotInAllowedRange
MqttD2CMessagesNotInAllowedRange
QueuePurgesNotInAllowedRange
TwinUpdatesNotInAllowedRange
UnauthorizedOperationsNotInAllowedRange