Az.Resources

This topic displays help topics for the Azure Resource Manager Cmdlets.

Active Directory

Add-AzADAppPermission

Adds an API permission.

Add-AzADGroupMember

Adds member to group.

Get-AzADAppCredential

Lists key credentials and password credentials for an application.

Get-AzADAppFederatedCredential

Get federatedIdentityCredentials by Id from applications.

Get-AzADApplication

Lists entities from applications or get entity from applications by key

Get-AzADAppPermission

Lists API permissions the application has requested.

Get-AzADGroup

Lists entities from groups or get entity from groups by key

Get-AzADGroupMember

Lists members from group.

Get-AzADGroupOwner

The owners of the group. Limited to 100 owners. Nullable. If this property is not specified when creating a Microsoft 365 group, the calling user is automatically assigned as the group owner. Supports $filter (/$count eq 0, /$count ne 0, /$count eq 1, /$count ne 1). Supports $expand including nested $select. For example, /groups?$filter=startsWith(displayName,'Role')&$select=id,displayName&$expand=owners($select=id,userPrincipalName,displayName).

Get-AzADOrganization

Retrieve a list of organization objects.

Get-AzADServicePrincipal

Lists entities from service principals or get entity from service principals by key

Get-AzADServicePrincipalAppRoleAssignment

Get appRoleAssignments from servicePrincipals

Get-AzADSpCredential

Lists key credentials and password credentials for an service principal.

Get-AzADUser

Lists entities from users or get entity from users by key

New-AzADAppCredential

Creates key credentials or password credentials for an application.

New-AzADAppFederatedCredential

Create federatedIdentityCredential for applications.

New-AzADApplication

Adds new entity to applications

New-AzADGroup

Adds new entity to groups

New-AzADGroupOwner

Create new navigation property ref to owners for groups

New-AzADServicePrincipal

Adds new entity to servicePrincipals

New-AzADServicePrincipalAppRoleAssignment

Create new navigation property to appRoleAssignments for servicePrincipals

New-AzADSpCredential

Creates key credentials or password credentials for an service principal.

New-AzADUser

Adds new entity to users

Remove-AzADAppCredential

Removes key credentials or password credentials for an application.

Remove-AzADAppFederatedCredential

Delete navigation property federatedIdentityCredentials for applications

Remove-AzADApplication

Deletes entity from applications

Remove-AzADAppPermission

Removes an API permission.

Remove-AzADGroup

Deletes entity from groups.

Remove-AzADGroupMember

Deletes member from group Users, contacts, and groups that are members of this group. HTTP Methods: GET (supported for all groups), POST (supported for security groups and mail-enabled security groups), DELETE (supported only for security groups) Read-only. Nullable. Supports $expand.

Remove-AzADGroupOwner

Delete ref of navigation property owners for groups

Remove-AzADServicePrincipal

Deletes entity from service principal.

Remove-AzADServicePrincipalAppRoleAssignment

Delete navigation property appRoleAssignments for servicePrincipals

Remove-AzADSpCredential

Removes key credentials or password credentials for an service principal.

Remove-AzADUser

Deletes entity from users.

Update-AzADAppFederatedCredential

Update the navigation property federatedIdentityCredentials in applications

Update-AzADApplication

Updates entity in applications

Update-AzADGroup

Update entity in groups

Update-AzADServicePrincipal

Updates entity in service principal

Update-AzADServicePrincipalAppRoleAssignment

Update the navigation property appRoleAssignments in servicePrincipals

Update-AzADUser

Updates entity in users

Managed Applications

Get-AzManagedApplication

Gets managed applications

Get-AzManagedApplicationDefinition

Gets managed application definitions

New-AzManagedApplication

Creates an Azure managed application.

New-AzManagedApplicationDefinition

Creates a managed application definition.

Remove-AzManagedApplication

Removes a managed application

Remove-AzManagedApplicationDefinition

Removes a managed application definition

Set-AzManagedApplication

Updates managed application

Set-AzManagedApplicationDefinition

Updates managed application definition

Policy

Get-AzPolicyAlias

Get-AzPolicyAlias retrieves and outputs Azure provider resource types that have aliases defined and match the given parameter values. If no parameters are provided, all provider resource types that contain an alias will be output. The -ListAvailable switch modifies this behavior by listing all matching resource types including those without aliases.

Get-AzPolicyAssignment

Gets policy assignments.

Get-AzPolicyDefinition

Gets policy set definitions.

Get-AzPolicyExemption

Gets policy exemptions.

Get-AzPolicySetDefinition

Gets policy set definitions.

Get-AzRoleManagementPolicy

Get the specified role management policy for a resource scope

Get-AzRoleManagementPolicyAssignment

Get the specified role management policy assignment for a resource scope

New-AzPolicyAssignment

Creates or updates a policy assignment.

New-AzPolicyDefinition

Creates or updates a policy definition.

New-AzPolicyExemption

Creates or updates a policy exemption.

New-AzPolicySetDefinition

Creates or updates a policy set definition.

New-AzRoleManagementPolicyAssignment

Create a role management policy assignment

Remove-AzPolicyAssignment

This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.

Remove-AzPolicyDefinition

This operation deletes the policy definition in the given subscription with the given name.

Remove-AzPolicyExemption

This operation deletes a policy exemption, given its name and the scope it was created in. The scope of a policy exemption is the part of its ID preceding '/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}'.

Remove-AzPolicySetDefinition

This operation deletes the policy definition in the given subscription with the given name.

Remove-AzRoleManagementPolicy

Delete a role management policy

Remove-AzRoleManagementPolicyAssignment

Delete a role management policy assignment

Update-AzPolicyAssignment

This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.

Update-AzPolicyDefinition

This operation updates an existing policy definition in the given subscription or management group with the given name.

Update-AzPolicyExemption

This operation updates a policy exemption with the given scope and name.

Update-AzPolicySetDefinition

This operation updates an existing policy set definition in the given subscription or management group with the given name.

Update-AzRoleManagementPolicy

Update a role management policy

Resources

Export-AzResourceGroup

Captures a resource group as a template and saves it to a file.

Export-AzTemplateSpec

Exports a Template Spec to the local filesystem

Get-AzDenyAssignment

Lists Azure RBAC deny assignments at the specified scope. By default it lists all deny assignments in the selected Azure subscription. Use respective parameters to list deny assignments to a specific user, or to list deny assignments on a specific resource group or resource.

The cmdlet may call below Microsoft Graph API according to input parameters:

  • GET /directoryObjects/{id}
  • POST /directoryObjects/getByIds
Get-AzDeployment

Get deployment

Get-AzDeploymentOperation

Get deployment operation

Get-AzDeploymentScript

Gets or lists deployment scripts.

Get-AzDeploymentScriptLog

Gets the log of a deployment script execution.

Get-AzDeploymentWhatIfResult

Gets a template What-If result for a deployment at subscription scope.

Get-AzLocation

Gets all locations and the supported resource providers for each location.

Get-AzManagementGroup

Gets Management Group(s)

Get-AzManagementGroupDeployment

Get deployment at a management group

Get-AzManagementGroupDeploymentOperation

Get deployment operation for management group deployment

Get-AzManagementGroupDeploymentStack

Gets Management Group scoped Deployment Stacks.

Get-AzManagementGroupDeploymentWhatIfResult

Gets a template What-If result for a deployment at management group scope.

Get-AzManagementGroupEntity

Lists all Entities under the current Tenant

Get-AzManagementGroupHierarchySetting

Gets the Hierarchy Settings under the current tenant

Get-AzManagementGroupNameAvailability

Checks if the Management Group name is available in the Tenant and a valid name.

Get-AzManagementGroupSubscription

Gets the details of Subscription(s) under a Management Group.

Get-AzPrivateLinkAssociation

Gets all the Azure Resource Management Private Link Association(s).

Get-AzProviderFeature

Gets information about Azure provider features.

Get-AzProviderOperation

Gets the operations for an Azure resource provider that are securable using Azure RBAC.

Get-AzProviderPreviewFeature

Gets a feature registration in your account.

Get-AzResource

Gets resources.

Get-AzResourceGroup

Gets resource groups.

Get-AzResourceGroupDeployment

Gets the deployments in a resource group.

Get-AzResourceGroupDeploymentOperation

Gets the resource group deployment operation

Get-AzResourceGroupDeploymentStack

Gets Resource Group scoped Deployment Stacks.

Get-AzResourceGroupDeploymentWhatIfResult

Gets a template What-If result for a deployment at resource group scope.

Get-AzResourceLock

Gets a resource lock.

Get-AzResourceManagementPrivateLink

Gets Azure Resource Management Private Link(s)

Get-AzResourceProvider

Gets a resource provider.

Get-AzRoleAssignment

Lists Azure RBAC role assignments at the specified scope. By default it lists all role assignments in the selected Azure subscription. Use respective parameters to list assignments to a specific user, or to list assignments on a specific resource group or resource.

The cmdlet may call below Microsoft Graph API according to input parameters:

  • GET /users/{id}
  • GET /servicePrincipals/{id}
  • GET /groups/{id}
  • GET /directoryObjects/{id}
  • POST /directoryObjects/getByIds

Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.

Get-AzRoleAssignmentSchedule

Get the specified role assignment schedule for a resource scope

Get-AzRoleAssignmentScheduleInstance

Gets the specified role assignment schedule instance.

Get-AzRoleAssignmentScheduleRequest

Get the specified role assignment schedule request.

Get-AzRoleDefinition

Lists all Azure RBAC roles that are available for assignment.

Get-AzRoleEligibilitySchedule

Get the specified role eligibility schedule for a resource scope

Get-AzRoleEligibilityScheduleInstance

Gets the specified role eligibility schedule instance.

Get-AzRoleEligibilityScheduleRequest

Get the specified role eligibility schedule request.

Get-AzRoleEligibleChildResource

Get the child resources of a resource on which user has eligible access

Get-AzSubscriptionDeploymentStack

Gets Subscription scoped Deployment Stacks.

Get-AzTag

Gets predefined Azure tags | Gets the entire set of tags on a resource or subscription.

Get-AzTemplateSpec

Gets or lists Template Specs

Get-AzTenantBackfillStatus

Get the current Tenant Backfill Subscription Status

Get-AzTenantDeployment

Get deployment at tenant scope

Get-AzTenantDeploymentOperation

Get deployment operation for deployment at tenant scope

Get-AzTenantDeploymentWhatIfResult

Gets a template What-If result for a deployment at tenant scope.

Invoke-AzResourceAction

Invokes an action on a resource.

Move-AzResource

Moves a resource to a different resource group or subscription.

New-AzDeployment

Create a deployment at the current subscription scope.

New-AzManagementGroup

Creates a Management Group

New-AzManagementGroupDeployment

Create a deployment at a management group

New-AzManagementGroupDeploymentStack

Creates a new Management Group scoped Deployment Stack.

New-AzManagementGroupHierarchySetting

Creates Hierarchy Settings under the current tenant

New-AzManagementGroupSubscription

Adds a Subscription to a Management Group.

New-AzPrivateLinkAssociation

Creates the Azure Resource Management Private Link Association.

New-AzResource

Creates a resource.

New-AzResourceGroup

Creates an Azure resource group.

New-AzResourceGroupDeployment

Adds an Azure deployment to a resource group.

New-AzResourceGroupDeploymentStack

Creates a new Resource Group scoped Deployment Stack.

New-AzResourceLock

Creates a resource lock.

New-AzResourceManagementPrivateLink

Create Azure Resource Management Private Link

New-AzRoleAssignment

Assigns the specified RBAC role to the specified principal, at the specified scope.

The cmdlet may call below Microsoft Graph API according to input parameters:

  • GET /users/{id}
  • GET /servicePrincipals/{id}
  • GET /groups/{id}
  • GET /directoryObjects/{id}

Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.

New-AzRoleAssignmentScheduleRequest

Creates a role assignment schedule request.

New-AzRoleDefinition

Creates a custom role in Azure RBAC. Provide either a JSON role definition file or a PSRoleDefinition object as input. First, use the Get-AzRoleDefinition command to generate a baseline role definition object. Then, modify its properties as required. Finally, use this command to create a custom role using role definition.

New-AzRoleEligibilityScheduleRequest

Creates a role eligibility schedule request.

New-AzSubscriptionDeploymentStack

Creates a new Subscription scoped Deployment Stack.

New-AzTag

Creates a predefined Azure tag or adds values to an existing tag | Creates or updates the entire set of tags on a resource or subscription.

New-AzTemplateSpec

Creates a new Template Spec.

New-AzTenantDeployment

Create a deployment at tenant scope

Publish-AzBicepModule

Publishes a Bicep file to a registry.

Register-AzProviderFeature

Registers an Azure provider feature in your current subscription context.

Register-AzProviderPreviewFeature

Creates a feature registration in your account.

Register-AzResourceProvider

Registers a resource provider.

Remove-AzDeployment

Removes a deployment and any associated operations

Remove-AzDeploymentScript

Removes a deployment script and its associated resources.

Remove-AzManagementGroup

Removes a Management Group

Remove-AzManagementGroupDeployment

Removes a deployment at a management group and any associated operations

Remove-AzManagementGroupDeploymentStack

Removes a Management Group scoped Deployment Stack.

Remove-AzManagementGroupHierarchySetting

Deletes all Hierarchy Settings under the current tenant

Remove-AzManagementGroupSubscription

Removes a Subscription from a Management Group.

Remove-AzPrivateLinkAssociation

Delete a specific azure private link association.

Remove-AzResource

Removes a resource.

Remove-AzResourceGroup

Removes a resource group.

Remove-AzResourceGroupDeployment

Removes a resource group deployment and any associated operations.

Remove-AzResourceGroupDeploymentStack

Removes a Resource Group scoped Deployment Stack.

Remove-AzResourceLock

Removes a resource lock.

Remove-AzResourceManagementPrivateLink

Deletes the Resource Manangement Private Link.

Remove-AzRoleAssignment

Removes a role assignment to the specified principal who is assigned to a particular role at a particular scope.

The cmdlet may call below Microsoft Graph API according to input parameters:

  • GET /users/{id}
  • GET /servicePrincipals/{id}
  • GET /groups/{id}
  • GET /directoryObjects/{id}
  • POST /directoryObjects/getByIds

Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.

Remove-AzRoleDefinition

Deletes a custom role in Azure RBAC. The role to be deleted is specified using the Id property of the role. Delete will fail if there are existing role assignments made to the custom role.

Remove-AzSubscriptionDeploymentStack

Removes a Subscription scoped Deployment Stack.

Remove-AzTag

Deletes predefined Azure tags or values | Deletes the entire set of tags on a resource or subscription.

Remove-AzTemplateSpec

Removes a Template Spec

Remove-AzTenantDeployment

Removes a deployment at tenant scope and any associated operations

Save-AzDeploymentScriptLog

Saves the log of a deployment script execution to disk.

Save-AzDeploymentTemplate

Saves a deployment template to a file.

Save-AzManagementGroupDeploymentStackTemplate

Saves a Management Group scoped Deployment Stack Template.

Save-AzManagementGroupDeploymentTemplate

Saves a deployment template to a file.

Save-AzResourceGroupDeploymentStackTemplate

Saves a Resource Group scoped Deployment Stack Template.

Save-AzResourceGroupDeploymentTemplate

Saves a resource group deployment template to a file.

Save-AzSubscriptionDeploymentStackTemplate

Saves a Subscription scoped Deployment Stack Template.

Save-AzTenantDeploymentTemplate

Saves a deployment template to a file.

Set-AzManagementGroupDeploymentStack

Sets a new Management Group scoped Deployment Stack.

Set-AzResource

Modifies a resource.

Set-AzResourceGroup

Modifies a resource group.

Set-AzResourceGroupDeploymentStack

Sets a new Resource Group scoped Deployment Stack.

Set-AzResourceLock

Modifies a resource lock.

Set-AzRoleAssignment

Update an existing Role Assignment.

The cmdlet may call below Microsoft Graph API according to input parameters:

  • GET /users/{id}
  • GET /servicePrincipals/{id}
  • GET /groups/{id}
  • GET /directoryObjects/{id}
  • POST /directoryObjects/getByIds

Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.

Set-AzRoleDefinition

Modifies a custom role in Azure RBAC. Provide the modified role definition either as a JSON file or as a PSRoleDefinition. First, use the Get-AzRoleDefinition command to retrieve the custom role that you wish to modify. Then, modify the properties that you wish to change. Finally, save the role definition using this command.

Set-AzSubscriptionDeploymentStack

Sets a new Subscription scoped Deployment Stack.

Set-AzTemplateSpec

Modifies a Template Spec.

Start-AzTenantBackfill

Starts backfilling subscriptions for the current Tenant

Stop-AzDeployment

Cancel a running deployment

Stop-AzManagementGroupDeployment

Cancel a running deployment at a management group

Stop-AzResourceGroupDeployment

Cancels a resource group deployment.

Stop-AzRoleAssignmentScheduleRequest

Cancels a pending role assignment schedule request.

Stop-AzRoleEligibilityScheduleRequest

Cancels a pending role eligibility schedule request.

Stop-AzTenantDeployment

Cancel a running deployment at tenant scope

Test-AzDeployment

Validates a deployment.

Test-AzManagementGroupDeployment

Validates a deployment at a management group.

Test-AzResourceGroupDeployment

Validates a resource group deployment.

Test-AzTenantDeployment

Validates a deployment at tenant scope.

Unregister-AzProviderFeature

Unregisters an Azure provider feature in your account.

Unregister-AzProviderPreviewFeature

Removes a feature registration from your account.

Unregister-AzResourceProvider

Unregisters a resource provider.

Update-AzManagementGroup

Updates a Management Group

Update-AzManagementGroupHierarchySetting

Updates Hierarchy Settings under the current tenant

Update-AzTag

Selectively updates the set of tags on a resource or subscription.