Az.Resources

Is this page helpful?

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

This topic displays help topics for the Azure Resource Manager Cmdlets.

Active Directory

Add-AzADAppPermission	Adds an API permission.
Add-AzADGroupMember	Adds member to group. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Get-AzADAppCredential	Lists key credentials and password credentials for an application. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Get-AzADApplication	Lists entities from applications or get entity from applications by key Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Get-AzADAppPermission	Lists API permissions the application has requested.
Get-AzADGroup	Lists entities from groups or get entity from groups by key Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Get-AzADGroupMember	Lists members from group. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Get-AzADServicePrincipal	Lists entities from service principals or get entity from service principals by key Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Get-AzADSpCredential	Lists key credentials and password credentials for an service principal. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Get-AzADUser	Lists entities from users or get entity from users by key Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
New-AzADAppCredential	Creates key credentials or password credentials for an application. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
New-AzADApplication	Adds new entity to applications Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
New-AzADGroup	Adds new entity to groups Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
New-AzADServicePrincipal	Adds new entity to servicePrincipals Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
New-AzADSpCredential	Creates key credentials or password credentials for an service principal. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
New-AzADUser	Adds new entity to users Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Remove-AzADAppCredential	Removes key credentials or password credentials for an application. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Remove-AzADApplication	Deletes entity from applications Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Remove-AzADAppPermission	Removes an API permission.
Remove-AzADGroup	Deletes entity from groups. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Remove-AzADGroupMember	Deletes member from group Users, contacts, and groups that are members of this group. HTTP Methods: GET (supported for all groups), POST (supported for security groups and mail-enabled security groups), DELETE (supported only for security groups) Read-only. Nullable. Supports $expand. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Remove-AzADServicePrincipal	Deletes entity from service principal. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Remove-AzADSpCredential	Removes key credentials or password credentials for an service principal. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Remove-AzADUser	Deletes entity from users. Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Update-AzADApplication	Updates entity in applications Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Update-AzADGroup	Update entity in groups
Update-AzADServicePrincipal	Updates entity in service principal Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.
Update-AzADUser	Updates entity in users Warning There are breaking changes in this cmdlet from version 6.6.0. The cmdlets in the Az PowerShell module that rely on Azure AD Graph have migrated to Microsoft Graph. This change is occurring because of the retirement announcement of Azure AD Graph. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Policy

Get-AzPolicyAlias	Get-AzPolicyAlias retrieves and outputs Azure provider resource types that have aliases defined and match the given parameter values. If no parameters are provided, all provider resource types that contain an alias will be output. The -ListAvailable switch modifies this behavior by listing all matching resource types including those without aliases.
Get-AzPolicyAssignment	Gets policy assignments.
Get-AzPolicyDefinition	Gets policy definitions.
Get-AzPolicyExemption	Gets policy exemptions.
Get-AzPolicySetDefinition	Gets policy set definitions.
Get-AzRoleManagementPolicy	Get the specified role management policy for a resource scope
Get-AzRoleManagementPolicyAssignment	Get the specified role management policy assignment for a resource scope
New-AzPolicyAssignment	Creates a policy assignment.
New-AzPolicyDefinition	Creates a policy definition.
New-AzPolicyExemption	Creates a policy exemption.
New-AzPolicySetDefinition	Creates a policy set definition.
New-AzRoleManagementPolicyAssignment	Create a role management policy assignment
Remove-AzPolicyAssignment	Removes a policy assignment.
Remove-AzPolicyDefinition	Removes a policy definition.
Remove-AzPolicyExemption	Removes a policy exemption.
Remove-AzPolicySetDefinition	Removes a policy set definition.
Remove-AzRoleManagementPolicy	Delete a role management policy
Remove-AzRoleManagementPolicyAssignment	Delete a role management policy assignment
Set-AzPolicyAssignment	Modifies a policy assignment.
Set-AzPolicyDefinition	Modifies a policy definition.
Set-AzPolicyExemption	Modifies a policy exemption.
Set-AzPolicySetDefinition	Modifies a policy set definition
Update-AzRoleManagementPolicy	Update a role management policy

Resources

Export-AzResourceGroup	Captures a resource group as a template and saves it to a file.
Export-AzTemplateSpec	Exports a Template Spec to the local filesystem
Get-AzDenyAssignment	Lists Azure RBAC deny assignments at the specified scope. By default it lists all deny assignments in the selected Azure subscription. Use respective parameters to list deny assignments to a specific user, or to list deny assignments on a specific resource group or resource. The cmdlet may call below Microsoft Graph API according to input parameters: GET /directoryObjects/{id} POST /directoryObjects/getByIds
Get-AzDeployment	Get deployment
Get-AzDeploymentOperation	Get deployment operation
Get-AzDeploymentScript	Gets or lists deployment scripts.
Get-AzDeploymentScriptLog	Gets the log of a deployment script execution.
Get-AzDeploymentWhatIfResult	Gets a template What-If result for a deployment at subscription scope.
Get-AzLocation	Gets all locations and the supported resource providers for each location.
Get-AzManagedApplication	Gets managed applications
Get-AzManagedApplicationDefinition	Gets managed application definitions
Get-AzManagementGroup	Gets Management Group(s)
Get-AzManagementGroupDeployment	Get deployment at a management group
Get-AzManagementGroupDeploymentOperation	Get deployment operation for management group deployment
Get-AzManagementGroupDeploymentWhatIfResult	Gets a template What-If result for a deployment at management group scope.
Get-AzPrivateLinkAssociation	Gets all the Azure Resource Management Private Link Association(s).
Get-AzProviderFeature	Gets information about Azure provider features.
Get-AzProviderOperation	Gets the operations for an Azure resource provider that are securable using Azure RBAC.
Get-AzProviderPreviewFeature	Gets a feature registration in your account.
Get-AzResource	Gets resources.
Get-AzResourceGroup	Gets resource groups.
Get-AzResourceGroupDeployment	Gets the deployments in a resource group.
Get-AzResourceGroupDeploymentOperation	Gets the resource group deployment operation
Get-AzResourceGroupDeploymentWhatIfResult	Gets a template What-If result for a deployment at resource group scope.
Get-AzResourceLock	Gets a resource lock.
Get-AzResourceManagementPrivateLink	Gets Azure Resource Management Private Link(s)
Get-AzResourceProvider	Gets a resource provider.
Get-AzRoleAssignment	Lists Azure RBAC role assignments at the specified scope. By default it lists all role assignments in the selected Azure subscription. Use respective parameters to list assignments to a specific user, or to list assignments on a specific resource group or resource. The cmdlet may call below Microsoft Graph API according to input parameters: GET /users/{id} GET /servicePrincipals/{id} GET /groups/{id} GET /directoryObjects/{id} POST /directoryObjects/getByIds Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.
Get-AzRoleAssignmentSchedule	Get the specified role assignment schedule for a resource scope
Get-AzRoleAssignmentScheduleInstance	Gets the specified role assignment schedule instance.
Get-AzRoleAssignmentScheduleRequest	Get the specified role assignment schedule request.
Get-AzRoleDefinition	Lists all Azure RBAC roles that are available for assignment.
Get-AzRoleEligibilitySchedule	Get the specified role eligibility schedule for a resource scope
Get-AzRoleEligibilityScheduleInstance	Gets the specified role eligibility schedule instance.
Get-AzRoleEligibilityScheduleRequest	Get the specified role eligibility schedule request.
Get-AzRoleEligibleChildResource	Get the child resources of a resource on which user has eligible access
Get-AzTag	Gets predefined Azure tags | Gets the entire set of tags on a resource or subscription.
Get-AzTemplateSpec	Gets or lists Template Specs
Get-AzTenantDeployment	Get deployment at tenant scope
Get-AzTenantDeploymentOperation	Get deployment operation for deployment at tenant scope
Get-AzTenantDeploymentWhatIfResult	Gets a template What-If result for a deployment at tenant scope.
Invoke-AzResourceAction	Invokes an action on a resource.
Move-AzResource	Moves a resource to a different resource group or subscription.
New-AzDeployment	Create a deployment
New-AzManagedApplication	Creates an Azure managed application.
New-AzManagedApplicationDefinition	Creates a managed application definition.
New-AzManagementGroup	Creates a Management Group
New-AzManagementGroupDeployment	Create a deployment at a management group
New-AzManagementGroupSubscription	Adds a Subscription to a Management Group.
New-AzPrivateLinkAssociation	Creates the Azure Resource Management Private Link Association.
New-AzResource	Creates a resource.
New-AzResourceGroup	Creates an Azure resource group.
New-AzResourceGroupDeployment	Adds an Azure deployment to a resource group.
New-AzResourceLock	Creates a resource lock.
New-AzResourceManagementPrivateLink	Create Azure Resource Management Private Link
New-AzRoleAssignment	Assigns the specified RBAC role to the specified principal, at the specified scope. The cmdlet may call below Microsoft Graph API according to input parameters: GET /users/{id} GET /servicePrincipals/{id} GET /groups/{id} GET /directoryObjects/{id} Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.
New-AzRoleAssignmentScheduleRequest	Creates a role assignment schedule request.
New-AzRoleDefinition	Creates a custom role in Azure RBAC. Provide either a JSON role definition file or a PSRoleDefinition object as input. First, use the Get-AzRoleDefinition command to generate a baseline role definition object. Then, modify its properties as required. Finally, use this command to create a custom role using role definition.
New-AzRoleEligibilityScheduleRequest	Creates a role eligibility schedule request.
New-AzTag	Creates a predefined Azure tag or adds values to an existing tag | Creates or updates the entire set of tags on a resource or subscription.
New-AzTemplateSpec	Creates a new Template Spec.
New-AzTenantDeployment	Create a deployment at tenant scope
Publish-AzBicepModule	Publishes a Bicep file to a registry.
Register-AzProviderFeature	Registers an Azure provider feature in your account.
Register-AzProviderPreviewFeature	Creates a feature registration in your account.
Register-AzResourceProvider	Registers a resource provider.
Remove-AzDeployment	Removes a deployment and any associated operations
Remove-AzDeploymentScript	Removes a deployment script and its associated resources.
Remove-AzManagedApplication	Removes a managed application
Remove-AzManagedApplicationDefinition	Removes a managed application definition
Remove-AzManagementGroup	Removes a Management Group
Remove-AzManagementGroupDeployment	Removes a deployment at a management group and any associated operations
Remove-AzManagementGroupSubscription	Removes a Subscription from a Management Group.
Remove-AzPrivateLinkAssociation	Delete a specific azure private link association.
Remove-AzResource	Removes a resource.
Remove-AzResourceGroup	Removes a resource group.
Remove-AzResourceGroupDeployment	Removes a resource group deployment and any associated operations.
Remove-AzResourceLock	Removes a resource lock.
Remove-AzResourceManagementPrivateLink	Deletes the Resource Manangement Private Link.
Remove-AzRoleAssignment	Removes a role assignment to the specified principal who is assigned to a particular role at a particular scope. The cmdlet may call below Microsoft Graph API according to input parameters: GET /users/{id} GET /servicePrincipals/{id} GET /groups/{id} GET /directoryObjects/{id} POST /directoryObjects/getByIds Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.
Remove-AzRoleDefinition	Deletes a custom role in Azure RBAC. The role to be deleted is specified using the Id property of the role. Delete will fail if there are existing role assignments made to the custom role.
Remove-AzTag	Deletes predefined Azure tags or values | Deletes the entire set of tags on a resource or subscription.
Remove-AzTemplateSpec	Removes a Template Spec
Remove-AzTenantDeployment	Removes a deployment at tenant scope and any associated operations
Save-AzDeploymentScriptLog	Saves the log of a deployment script execution to disk.
Save-AzDeploymentTemplate	Saves a deployment template to a file.
Save-AzManagementGroupDeploymentTemplate	Saves a deployment template to a file.
Save-AzResourceGroupDeploymentTemplate	Saves a resource group deployment template to a file.
Save-AzTenantDeploymentTemplate	Saves a deployment template to a file.
Set-AzManagedApplication	Updates managed application
Set-AzManagedApplicationDefinition	Updates managed application definition
Set-AzResource	Modifies a resource.
Set-AzResourceGroup	Modifies a resource group.
Set-AzResourceLock	Modifies a resource lock.
Set-AzRoleAssignment	Update an existing Role Assignment. The cmdlet may call below Microsoft Graph API according to input parameters: GET /users/{id} GET /servicePrincipals/{id} GET /groups/{id} GET /directoryObjects/{id} POST /directoryObjects/getByIds Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.
Set-AzRoleDefinition	Modifies a custom role in Azure RBAC. Provide the modified role definition either as a JSON file or as a PSRoleDefinition. First, use the Get-AzRoleDefinition command to retrieve the custom role that you wish to modify. Then, modify the properties that you wish to change. Finally, save the role definition using this command.
Set-AzTemplateSpec	Modifies a Template Spec.
Stop-AzDeployment	Cancel a running deployment
Stop-AzManagementGroupDeployment	Cancel a running deployment at a management group
Stop-AzResourceGroupDeployment	Cancels a resource group deployment.
Stop-AzRoleAssignmentScheduleRequest	Cancels a pending role assignment schedule request.
Stop-AzRoleEligibilityScheduleRequest	Cancels a pending role eligibility schedule request.
Stop-AzTenantDeployment	Cancel a running deployment at tenant scope
Test-AzDeployment	Validates a deployment.
Test-AzManagementGroupDeployment	Validates a deployment at a management group.
Test-AzResourceGroupDeployment	Validates a resource group deployment.
Test-AzTenantDeployment	Validates a deployment at tenant scope.
Unregister-AzProviderFeature	Unregisters an Azure provider feature in your account.
Unregister-AzProviderPreviewFeature	Removes a feature registration from your account.
Unregister-AzResourceProvider	Unregisters a resource provider.
Update-AzManagementGroup	Updates a Management Group
Update-AzTag	Selectively updates the set of tags on a resource or subscription.