Az.Resources

This topic displays help topics for the Azure Resource Manager Cmdlets.

Active Directory

Add-AzADAppPermission

Adds an API permission.

Add-AzADGroupMember

Adds member to group.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Get-AzADAppCredential

Lists key credentials and password credentials for an application.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Get-AzADApplication

Lists entities from applications or get entity from applications by key

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Get-AzADAppPermission

Lists API permissions the application has requested.

Get-AzADGroup

Lists entities from groups or get entity from groups by key

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Get-AzADGroupMember

Lists members from group.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Get-AzADServicePrincipal

Lists entities from service principals or get entity from service principals by key

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Get-AzADSpCredential

Lists key credentials and password credentials for an service principal.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Get-AzADUser

Lists entities from users or get entity from users by key

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

New-AzADAppCredential

Creates key credentials or password credentials for an application.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

New-AzADApplication

Adds new entity to applications

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

New-AzADGroup

Adds new entity to groups

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

New-AzADServicePrincipal

Adds new entity to servicePrincipals

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

New-AzADSpCredential

Creates key credentials or password credentials for an service principal.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

New-AzADUser

Adds new entity to users

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Remove-AzADAppCredential

Removes key credentials or password credentials for an application.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Remove-AzADApplication

Deletes entity from applications

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Remove-AzADAppPermission

Removes an API permission.

Remove-AzADGroup

Deletes entity from groups.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Remove-AzADGroupMember

Deletes member from group Users, contacts, and groups that are members of this group. HTTP Methods: GET (supported for all groups), POST (supported for security groups and mail-enabled security groups), DELETE (supported only for security groups) Read-only. Nullable. Supports $expand.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Remove-AzADServicePrincipal

Deletes entity from service principal.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Remove-AzADSpCredential

Removes key credentials or password credentials for an service principal.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Remove-AzADUser

Deletes entity from users.

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Update-AzADApplication

Updates entity in applications

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Update-AzADGroup

Update entity in groups

Update-AzADServicePrincipal

Updates entity in service principal

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Update-AzADUser

Updates entity in users

Warning

There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Policy

Get-AzPolicyAlias

Get-AzPolicyAlias retrieves and outputs Azure provider resource types that have aliases defined and match the given parameter values. If no parameters are provided, all provider resource types that contain an alias will be output. The -ListAvailable switch modifies this behavior by listing all matching resource types including those without aliases.

Get-AzPolicyAssignment

Gets policy assignments.

Get-AzPolicyDefinition

Gets policy definitions.

Get-AzPolicyExemption

Gets policy exemptions.

Get-AzPolicySetDefinition

Gets policy set definitions.

Get-AzRoleManagementPolicy

Get the specified role management policy for a resource scope

Get-AzRoleManagementPolicyAssignment

Get the specified role management policy assignment for a resource scope

New-AzPolicyAssignment

Creates a policy assignment.

New-AzPolicyDefinition

Creates a policy definition.

New-AzPolicyExemption

Creates a policy exemption.

New-AzPolicySetDefinition

Creates a policy set definition.

New-AzRoleManagementPolicyAssignment

Create a role management policy assignment

Remove-AzPolicyAssignment

Removes a policy assignment.

Remove-AzPolicyDefinition

Removes a policy definition.

Remove-AzPolicyExemption

Removes a policy exemption.

Remove-AzPolicySetDefinition

Removes a policy set definition.

Remove-AzRoleManagementPolicy

Delete a role management policy

Remove-AzRoleManagementPolicyAssignment

Delete a role management policy assignment

Set-AzPolicyAssignment

Modifies a policy assignment.

Set-AzPolicyDefinition

Modifies a policy definition.

Set-AzPolicyExemption

Modifies a policy exemption.

Set-AzPolicySetDefinition

Modifies a policy set definition

Update-AzRoleManagementPolicy

Update a role management policy

Resources

Export-AzResourceGroup

Captures a resource group as a template and saves it to a file.

Export-AzTemplateSpec

Exports a Template Spec to the local filesystem

Get-AzDenyAssignment

Lists Azure RBAC deny assignments at the specified scope. By default it lists all deny assignments in the selected Azure subscription. Use respective parameters to list deny assignments to a specific user, or to list deny assignments on a specific resource group or resource.

The cmdlet may call below Microsoft Graph API according to input parameters:

  • GET /directoryObjects/{id}
  • POST /directoryObjects/getByIds
Get-AzDeployment

Get deployment

Get-AzDeploymentOperation

Get deployment operation

Get-AzDeploymentScript

Gets or lists deployment scripts.

Get-AzDeploymentScriptLog

Gets the log of a deployment script execution.

Get-AzDeploymentWhatIfResult

Gets a template What-If result for a deployment at subscription scope.

Get-AzLocation

Gets all locations and the supported resource providers for each location.

Get-AzManagedApplication

Gets managed applications

Get-AzManagedApplicationDefinition

Gets managed application definitions

Get-AzManagementGroup

Gets Management Group(s)

Get-AzManagementGroupDeployment

Get deployment at a management group

Get-AzManagementGroupDeploymentOperation

Get deployment operation for management group deployment

Get-AzManagementGroupDeploymentWhatIfResult

Gets a template What-If result for a deployment at management group scope.

Get-AzPrivateLinkAssociation

Gets all the Azure Resource Management Private Link Association(s).

Get-AzProviderFeature

Gets information about Azure provider features.

Get-AzProviderOperation

Gets the operations for an Azure resource provider that are securable using Azure RBAC.

Get-AzProviderPreviewFeature

Gets a feature registration in your account.

Get-AzResource

Gets resources.

Get-AzResourceGroup

Gets resource groups.

Get-AzResourceGroupDeployment

Gets the deployments in a resource group.

Get-AzResourceGroupDeploymentOperation

Gets the resource group deployment operation

Get-AzResourceGroupDeploymentWhatIfResult

Gets a template What-If result for a deployment at resource group scope.

Get-AzResourceLock

Gets a resource lock.

Get-AzResourceManagementPrivateLink

Gets Azure Resource Management Private Link(s)

Get-AzResourceProvider

Gets a resource provider.

Get-AzRoleAssignment

Lists Azure RBAC role assignments at the specified scope. By default it lists all role assignments in the selected Azure subscription. Use respective parameters to list assignments to a specific user, or to list assignments on a specific resource group or resource.

The cmdlet may call below Microsoft Graph API according to input parameters:

  • GET /users/{id}
  • GET /servicePrincipals/{id}
  • GET /groups/{id}
  • GET /directoryObjects/{id}
  • POST /directoryObjects/getByIds

Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.

Get-AzRoleAssignmentSchedule

Get the specified role assignment schedule for a resource scope

Get-AzRoleAssignmentScheduleInstance

Gets the specified role assignment schedule instance.

Get-AzRoleAssignmentScheduleRequest

Get the specified role assignment schedule request.

Get-AzRoleDefinition

Lists all Azure RBAC roles that are available for assignment.

Get-AzRoleEligibilitySchedule

Get the specified role eligibility schedule for a resource scope

Get-AzRoleEligibilityScheduleInstance

Gets the specified role eligibility schedule instance.

Get-AzRoleEligibilityScheduleRequest

Get the specified role eligibility schedule request.

Get-AzRoleEligibleChildResource

Get the child resources of a resource on which user has eligible access

Get-AzTag

Gets predefined Azure tags | Gets the entire set of tags on a resource or subscription.

Get-AzTemplateSpec

Gets or lists Template Specs

Get-AzTenantDeployment

Get deployment at tenant scope

Get-AzTenantDeploymentOperation

Get deployment operation for deployment at tenant scope

Get-AzTenantDeploymentWhatIfResult

Gets a template What-If result for a deployment at tenant scope.

Invoke-AzResourceAction

Invokes an action on a resource.

Move-AzResource

Moves a resource to a different resource group or subscription.

New-AzDeployment

Create a deployment

New-AzManagedApplication

Creates an Azure managed application.

New-AzManagedApplicationDefinition

Creates a managed application definition.

New-AzManagementGroup

Creates a Management Group

New-AzManagementGroupDeployment

Create a deployment at a management group

New-AzManagementGroupSubscription

Adds a Subscription to a Management Group.

New-AzPrivateLinkAssociation

Creates the Azure Resource Management Private Link Association.

New-AzResource

Creates a resource.

New-AzResourceGroup

Creates an Azure resource group.

New-AzResourceGroupDeployment

Adds an Azure deployment to a resource group.

New-AzResourceLock

Creates a resource lock.

New-AzResourceManagementPrivateLink

Create Azure Resource Management Private Link

New-AzRoleAssignment

Assigns the specified RBAC role to the specified principal, at the specified scope.

The cmdlet may call below Microsoft Graph API according to input parameters:

  • GET /users/{id}
  • GET /servicePrincipals/{id}
  • GET /groups/{id}
  • GET /directoryObjects/{id}

Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.

New-AzRoleAssignmentScheduleRequest

Creates a role assignment schedule request.

New-AzRoleDefinition

Creates a custom role in Azure RBAC. Provide either a JSON role definition file or a PSRoleDefinition object as input. First, use the Get-AzRoleDefinition command to generate a baseline role definition object. Then, modify its properties as required. Finally, use this command to create a custom role using role definition.

New-AzRoleEligibilityScheduleRequest

Creates a role eligibility schedule request.

New-AzTag

Creates a predefined Azure tag or adds values to an existing tag | Creates or updates the entire set of tags on a resource or subscription.

New-AzTemplateSpec

Creates a new Template Spec.

New-AzTenantDeployment

Create a deployment at tenant scope

Publish-AzBicepModule

Publishes a Bicep file to a registry.

Register-AzProviderFeature

Registers an Azure provider feature in your account.

Register-AzProviderPreviewFeature

Creates a feature registration in your account.

Register-AzResourceProvider

Registers a resource provider.

Remove-AzDeployment

Removes a deployment and any associated operations

Remove-AzDeploymentScript

Removes a deployment script and its associated resources.

Remove-AzManagedApplication

Removes a managed application

Remove-AzManagedApplicationDefinition

Removes a managed application definition

Remove-AzManagementGroup

Removes a Management Group

Remove-AzManagementGroupDeployment

Removes a deployment at a management group and any associated operations

Remove-AzManagementGroupSubscription

Removes a Subscription from a Management Group.

Remove-AzPrivateLinkAssociation

Delete a specific azure private link association.

Remove-AzResource

Removes a resource.

Remove-AzResourceGroup

Removes a resource group.

Remove-AzResourceGroupDeployment

Removes a resource group deployment and any associated operations.

Remove-AzResourceLock

Removes a resource lock.

Remove-AzResourceManagementPrivateLink

Deletes the Resource Manangement Private Link.

Remove-AzRoleAssignment

Removes a role assignment to the specified principal who is assigned to a particular role at a particular scope.

The cmdlet may call below Microsoft Graph API according to input parameters:

  • GET /users/{id}
  • GET /servicePrincipals/{id}
  • GET /groups/{id}
  • GET /directoryObjects/{id}
  • POST /directoryObjects/getByIds

Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.

Remove-AzRoleDefinition

Deletes a custom role in Azure RBAC. The role to be deleted is specified using the Id property of the role. Delete will fail if there are existing role assignments made to the custom role.

Remove-AzTag

Deletes predefined Azure tags or values | Deletes the entire set of tags on a resource or subscription.

Remove-AzTemplateSpec

Removes a Template Spec

Remove-AzTenantDeployment

Removes a deployment at tenant scope and any associated operations

Save-AzDeploymentScriptLog

Saves the log of a deployment script execution to disk.

Save-AzDeploymentTemplate

Saves a deployment template to a file.

Save-AzManagementGroupDeploymentTemplate

Saves a deployment template to a file.

Save-AzResourceGroupDeploymentTemplate

Saves a resource group deployment template to a file.

Save-AzTenantDeploymentTemplate

Saves a deployment template to a file.

Set-AzManagedApplication

Updates managed application

Set-AzManagedApplicationDefinition

Updates managed application definition

Set-AzResource

Modifies a resource.

Set-AzResourceGroup

Modifies a resource group.

Set-AzResourceLock

Modifies a resource lock.

Set-AzRoleAssignment

Update an existing Role Assignment.

The cmdlet may call below Microsoft Graph API according to input parameters:

  • GET /users/{id}
  • GET /servicePrincipals/{id}
  • GET /groups/{id}
  • GET /directoryObjects/{id}
  • POST /directoryObjects/getByIds

Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.

Set-AzRoleDefinition

Modifies a custom role in Azure RBAC. Provide the modified role definition either as a JSON file or as a PSRoleDefinition. First, use the Get-AzRoleDefinition command to retrieve the custom role that you wish to modify. Then, modify the properties that you wish to change. Finally, save the role definition using this command.

Set-AzTemplateSpec

Modifies a Template Spec.

Stop-AzDeployment

Cancel a running deployment

Stop-AzManagementGroupDeployment

Cancel a running deployment at a management group

Stop-AzResourceGroupDeployment

Cancels a resource group deployment.

Stop-AzRoleAssignmentScheduleRequest

Cancels a pending role assignment schedule request.

Stop-AzRoleEligibilityScheduleRequest

Cancels a pending role eligibility schedule request.

Stop-AzTenantDeployment

Cancel a running deployment at tenant scope

Test-AzDeployment

Validates a deployment.

Test-AzManagementGroupDeployment

Validates a deployment at a management group.

Test-AzResourceGroupDeployment

Validates a resource group deployment.

Test-AzTenantDeployment

Validates a deployment at tenant scope.

Unregister-AzProviderFeature

Unregisters an Azure provider feature in your account.

Unregister-AzProviderPreviewFeature

Removes a feature registration from your account.

Unregister-AzResourceProvider

Unregisters a resource provider.

Update-AzManagementGroup

Updates a Management Group

Update-AzTag

Selectively updates the set of tags on a resource or subscription.