Set-AzPolicyAssignment

Modifies a policy assignment.

Syntax

Set-AzPolicyAssignment
   -Name <String>
   -Scope <String>
   [-NotScope <String[]>]
   [-DisplayName <String>]
   [-Description <String>]
   [-Metadata <String>]
   [-AssignIdentity]
   [-Location <String>]
   [-ApiVersion <String>]
   [-Pre]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Set-AzPolicyAssignment
   -Name <String>
   -Scope <String>
   [-NotScope <String[]>]
   [-DisplayName <String>]
   [-Description <String>]
   [-Metadata <String>]
   -PolicyParameterObject <Hashtable>
   [-AssignIdentity]
   [-Location <String>]
   [-ApiVersion <String>]
   [-Pre]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Set-AzPolicyAssignment
   -Name <String>
   -Scope <String>
   [-NotScope <String[]>]
   [-DisplayName <String>]
   [-Description <String>]
   [-Metadata <String>]
   -PolicyParameter <String>
   [-AssignIdentity]
   [-Location <String>]
   [-ApiVersion <String>]
   [-Pre]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Set-AzPolicyAssignment
   [-NotScope <String[]>]
   -Id <String>
   [-DisplayName <String>]
   [-Description <String>]
   [-Metadata <String>]
   [-AssignIdentity]
   [-Location <String>]
   [-ApiVersion <String>]
   [-Pre]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Set-AzPolicyAssignment
   [-NotScope <String[]>]
   -Id <String>
   [-DisplayName <String>]
   [-Description <String>]
   [-Metadata <String>]
   -PolicyParameterObject <Hashtable>
   [-AssignIdentity]
   [-Location <String>]
   [-ApiVersion <String>]
   [-Pre]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Set-AzPolicyAssignment
   [-NotScope <String[]>]
   -Id <String>
   [-DisplayName <String>]
   [-Description <String>]
   [-Metadata <String>]
   -PolicyParameter <String>
   [-AssignIdentity]
   [-Location <String>]
   [-ApiVersion <String>]
   [-Pre]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The Set-AzPolicyAssignment cmdlet modifies a policy assignment. Specify an assignment by ID or by name and scope.

Examples

Example 1: Update the display name

PS C:\> $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11'
PS C:\> $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' -Scope $ResourceGroup.ResourceId
PS C:\> Set-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -DisplayName 'Do not allow VM creation'

The first command gets a resource group named ResourceGroup11 by using the Get-AzResourceGroup cmdlet. The command stores that object in the $ResourceGroup variable. The second command gets the policy assignment named PolicyAssignment by using the Get-AzPolicyAssignment cmdlet. The command stores that object in the $PolicyAssignment variable. The final command updates the display name on the policy assignment on the resource group identified by the ResourceId property of $ResourceGroup.

Example 2: Add a managed identity to the policy assignment

PS C:\> $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment'
PS C:\> Set-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -AssignIdentity -Location 'westus'

The first command gets the policy assignment named PolicyAssignment from the current subscription by using the Get-AzPolicyAssignment cmdlet. The command stores that object in the $PolicyAssignment variable. The final command assigns a managed identity to the policy assignment.

Example 3: Update policy assignment parameters with new policy parameter object

PS C:\> $Locations = Get-AzLocation | where {($_.displayname -like 'france*') -or ($_.displayname -like 'uk*')}
PS C:\> $AllowedLocations = @{'listOfAllowedLocations'=($Locations.location)}
PS C:\> $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment'
PS C:\> Set-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -PolicyParameterObject $AllowedLocations

The first and second commands create an object containing all Azure regions whose names start with "france" or "uk". The second command stores that object in the $AllowedLocations variable. The third command gets the policy assignment named 'PolicyAssignment' The command stores that object in the $PolicyAssignment variable. The final command updates the parameter values on the policy assignment named PolicyAssignment.

Example 4: Update policy assignment parameters with policy parameter file

Create a file called AllowedLocations.json in the local working directory with the following content.

{
    "listOfAllowedLocations":  {
      "value": [
        "uksouth",
        "ukwest",
        "francecentral",
        "francesouth"
      ]
    }
}

PS C:\> Set-AzPolicyAssignment -Name 'PolicyAssignment' -PolicyParameter .\AllowedLocations.json

The command updates the policy assignment named 'PolicyAssignment' using the policy parameter file AllowedLocations.json from the local working directory.

Parameters

-ApiVersion

Specifies the version of the resource provider API to use. If you do not specify a version, this cmdlet uses the latest available version.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AssignIdentity

Generate and assign an Azure Active Directory Identity for this policy assignment. The identity will be used when executing deployments for 'deployIfNotExists' policies. Location is required when assigning an identity.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Description

The description for policy assignment

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-DisplayName

Specifies a new display name for the policy assignment.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Id

Specifies the fully qualified resource ID for the policy assignment that this cmdlet modifies.

Type:String
Aliases:ResourceId
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Location

The location of the policy assignment's resource identity. This is required when the -AssignIdentity switch is used.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Metadata

The updated metadata for the policy assignment. This can either be a path to a file name containing the metadata, or the metadata as a string.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Name

Specifies the name of the policy assignment that this cmdlet modifies.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-NotScope

The policy assignment not scopes.

Type:System.String[]
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-PolicyParameter

The new policy parameters file path or string for the policy assignment.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-PolicyParameterObject

The new policy parameters object for the policy assignment.

Type:Hashtable
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Pre

Indicates that this cmdlet considers pre-release API versions when it automatically determines which version to use.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Scope

Specifies the scope at which the policy is applied.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False

Inputs

String

System.String[]

Outputs

PSObject