Microsoft.Authorization policyAssignments

11/16/2020
2 minutes de lecture

Template format

To create a Microsoft.Authorization/policyAssignments resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Authorization/policyAssignments",
  "apiVersion": "2020-03-01",
  "scope": "string",
  "properties": {
    "displayName": "string",
    "policyDefinitionId": "string",
    "scope": "string",
    "notScopes": [
      "string"
    ],
    "parameters": {},
    "description": "string",
    "metadata": {},
    "enforcementMode": "string"
  },
  "sku": {
    "name": "string",
    "tier": "string"
  },
  "location": "string",
  "identity": {
    "type": "string"
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Authorization/policyAssignments object

Name	Type	Required	Value
name	string	Yes
type	enum	Yes	Microsoft.Authorization/policyAssignments
apiVersion	enum	Yes	2020-03-01
scope	string	No	Use when specifying a scope that is different than the deployment scope. See Setting scope for extension resources in ARM templates.
properties	object	Yes	Properties for the policy assignment. - PolicyAssignmentProperties object
sku	object	No	The policy sku. This property is optional, obsolete, and will be ignored. - PolicySku object
location	string	No	The location of the policy assignment. Only required when utilizing managed identity.
identity	object	No	The managed identity associated with the policy assignment. - Identity object

PolicyAssignmentProperties object

Name	Type	Required	Value
displayName	string	No	The display name of the policy assignment.
policyDefinitionId	string	No	The ID of the policy definition or policy set definition being assigned.
scope	string	No	The scope for the policy assignment.
notScopes	array	No	The policy's excluded scopes. - string
parameters	object	No	The parameter values for the assigned policy rule. The keys are the parameter names.
description	string	No	This message will be part of response in case of policy violation.
metadata	object	No	The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
enforcementMode	enum	No	The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce

PolicySku object

Name	Type	Required	Value
name	string	Yes	The name of the policy sku. Possible values are A0 and A1.
tier	string	No	The policy sku tier. Possible values are Free and Standard.

Identity object

Name	Type	Required	Value
type	enum	No	The identity type. This is the only required field when adding a system assigned identity to a resource. - SystemAssigned or None

Quickstart templates

The following quickstart templates deploy this resource type.

Template	Description
Assign a built-in policy to an existing resource group	This template assigns a built-in policy to an existing resource group.
Deploy a policy definition and assign to a management group	This template is a management group level template that will create a policy definition and assign that policy to the target management group. Currently, this template cannot be deployed via the Azure Portal.
Deploy a Policy Def and Assign to Multiple Mgmt Groups	This template is a management group level template that will create a policy definition and assign that policy to multiple management groups.