Policy Definitions - Create Or Update At Management Group

Creates or updates a policy definition in a management group.
This operation creates or updates a policy definition in the given management group with the given name.

PUT https://management.azure.com/providers/Microsoft.Management/managementgroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}?api-version=2019-09-01

URI Parameters

Name In Required Type Description
managementGroupId
path True
  • string

The ID of the management group.

policyDefinitionName
path True
  • string

The name of the policy definition to create.

api-version
query True
  • string

The API version to use for the operation.

Request Body

Name Type Description
properties.description
  • string

The policy definition description.

properties.displayName
  • string

The display name of the policy definition.

properties.metadata
  • object

The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.

properties.mode
  • string

The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.

properties.parameters

The parameter definitions for parameters used in the policy rule. The keys are the parameter names.

properties.policyRule
  • object

The policy rule.

properties.policyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

Responses

Name Type Description
201 Created

Created - Returns information about the policy definition.

Other Status Codes

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Create or update a policy definition at management group level

Sample Request

PUT https://management.azure.com/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming?api-version=2019-09-01
{
  "properties": {
    "mode": "All",
    "displayName": "Enforce resource naming convention",
    "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
    "metadata": {
      "category": "Naming"
    },
    "policyRule": {
      "if": {
        "not": {
          "field": "name",
          "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]"
        }
      },
      "then": {
        "effect": "deny"
      }
    },
    "parameters": {
      "prefix": {
        "type": "String",
        "metadata": {
          "displayName": "Prefix",
          "description": "Resource name prefix"
        }
      },
      "suffix": {
        "type": "String",
        "metadata": {
          "displayName": "Suffix",
          "description": "Resource name suffix"
        }
      }
    }
  }
}

Sample Response

{
  "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "ResourceNaming",
  "properties": {
    "mode": "All",
    "displayName": "Naming Convention",
    "description": "Force resource names to begin with 'prefix' and end with 'suffix'",
    "metadata": {
      "category": "Naming"
    },
    "policyRule": {
      "if": {
        "not": {
          "field": "name",
          "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]"
        }
      },
      "then": {
        "effect": "deny"
      }
    },
    "parameters": {
      "prefix": {
        "type": "String",
        "metadata": {
          "displayName": "Prefix",
          "description": "Resource name prefix"
        }
      },
      "suffix": {
        "type": "String",
        "metadata": {
          "displayName": "Suffix",
          "description": "Resource name suffix"
        }
      }
    },
    "policyType": "Custom"
  }
}

Definitions

CloudError

An error response from a policy operation.

ErrorAdditionalInfo

The resource management error additional info.

ErrorResponse

The resource management error response.

Metadata

General metadata for the parameter.

ParameterDefinitionsValue

The definition of a parameter that can be provided to the policy.

parameterType

The data type of the parameter.

PolicyDefinition

The policy definition.

policyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

CloudError

An error response from a policy operation.

Name Type Description
error

The resource management error response.

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info
  • object

The additional info.

type
  • string

The additional info type.

ErrorResponse

The resource management error response.

Name Type Description
additionalInfo

The error additional info.

code
  • string

The error code.

details

The error details.

message
  • string

The error message.

target
  • string

The error target.

Metadata

General metadata for the parameter.

Name Type Description
description
  • string

The description of the parameter.

displayName
  • string

The display name for the parameter.

ParameterDefinitionsValue

The definition of a parameter that can be provided to the policy.

Name Type Description
allowedValues
  • object[]

The allowed values for the parameter.

defaultValue
  • object

The default value for the parameter if no value is provided.

metadata

General metadata for the parameter.

type

The data type of the parameter.

parameterType

The data type of the parameter.

Name Type Description
Array
  • string
Boolean
  • string
DateTime
  • string
Float
  • string
Integer
  • string
Object
  • string
String
  • string

PolicyDefinition

The policy definition.

Name Type Description
id
  • string

The ID of the policy definition.

name
  • string

The name of the policy definition.

properties.description
  • string

The policy definition description.

properties.displayName
  • string

The display name of the policy definition.

properties.metadata
  • object

The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.

properties.mode
  • string

The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.

properties.parameters

The parameter definitions for parameters used in the policy rule. The keys are the parameter names.

properties.policyRule
  • object

The policy rule.

properties.policyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

type
  • string

The type of the resource (Microsoft.Authorization/policyDefinitions).

policyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

Name Type Description
BuiltIn
  • string
Custom
  • string
NotSpecified
  • string
Static
  • string