Changelog of Azure APIs

2025/04/11 • 19 updated methods

PolicyDefinitionVersions_ListAllBuiltins (updated)

Description	: This operation lists all the built-in policy definition versions for all built-in policy definitions.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitionVersions_ListAllBuiltins",
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "properties": [
              {
                "externalEvaluationEnforcementSettings": [
                  {
                    "#name": "missingTokenAction",
                    "Description": {
                      "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                      "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                    }
                  },
                  {
                    "#name": "resultLifespan",
                    "Description": {
                      "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                      "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                    }
                  }
                ]
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

POST: /providers/Microsoft.Authorization/listPolicyDefinitionVersions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitionVersions_ListAllAtManagementGroup (updated)

Description	: This operation lists all the policy definition versions for all policy definitions at the management group scope.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitionVersions_ListAllAtManagementGroup",
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "properties": [
              {
                "externalEvaluationEnforcementSettings": [
                  {
                    "#name": "missingTokenAction",
                    "Description": {
                      "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                      "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                    }
                  },
                  {
                    "#name": "resultLifespan",
                    "Description": {
                      "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                      "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                    }
                  }
                ]
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

POST: /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicyDefinitionVersions

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitionVersions_ListAll (updated)

Description	: This operation lists all the policy definition versions for all policy definitions within a subscription.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitionVersions_ListAll",
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "properties": [
              {
                "externalEvaluationEnforcementSettings": [
                  {
                    "#name": "missingTokenAction",
                    "Description": {
                      "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                      "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                    }
                  },
                  {
                    "#name": "resultLifespan",
                    "Description": {
                      "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                      "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                    }
                  }
                ]
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

POST: /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicyDefinitionVersions

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitionVersions_CreateOrUpdate (updated)

Description	: This operation creates or updates a policy definition in the given subscription with the given name.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitionVersions_CreateOrUpdate",
  "$parameters": {
    "parameters": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  },
  "$responses": {
    "201": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    },
    "200": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  }
}

⚼ Request

PUT: /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

parameters:

{

Description: The policy definition properties. ,

Required: True ,

}

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (201)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitionVersions_Get (updated)

Description	: This operation retrieves the policy definition version in the given subscription with the given name.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitionVersions_Get",
  "$responses": {
    "200": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  }
}

⚼ Request

GET: /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitionVersions_GetBuiltIn (updated)

Description	: This operation retrieves the built-in policy definition version with the given name.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitionVersions_GetBuiltIn",
  "$responses": {
    "200": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  }
}

⚼ Request

GET: /providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup (updated)

Description	: This operation creates or updates a policy definition version in the given management group with the given name.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup",
  "$parameters": {
    "parameters": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  },
  "$responses": {
    "201": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    },
    "200": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  }
}

⚼ Request

PUT: /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

parameters:

{

Description: The policy definition properties. ,

Required: True ,

}

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (201)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitionVersions_GetAtManagementGroup (updated)

Description	: This operation retrieves the policy definition version in the given management group with the given name.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitionVersions_GetAtManagementGroup",
  "$responses": {
    "200": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  }
}

⚼ Request

GET: /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitionVersions_List (updated)

Description	: This operation retrieves a list of all the policy definition versions for the given policy definition.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitionVersions_List",
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "properties": [
              {
                "externalEvaluationEnforcementSettings": [
                  {
                    "#name": "missingTokenAction",
                    "Description": {
                      "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                      "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                    }
                  },
                  {
                    "#name": "resultLifespan",
                    "Description": {
                      "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                      "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                    }
                  }
                ]
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

GET: /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitionVersions_ListBuiltIn (updated)

Description	: This operation retrieves a list of all the built-in policy definition versions for the given policy definition.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitionVersions_ListBuiltIn",
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "properties": [
              {
                "externalEvaluationEnforcementSettings": [
                  {
                    "#name": "missingTokenAction",
                    "Description": {
                      "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                      "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                    }
                  },
                  {
                    "#name": "resultLifespan",
                    "Description": {
                      "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                      "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                    }
                  }
                ]
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

GET: /providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions

{

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitionVersions_ListByManagementGroup (updated)

Description	: This operation retrieves a list of all the policy definition versions for the given policy definition in the given management group.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitionVersions_ListByManagementGroup",
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "properties": [
              {
                "externalEvaluationEnforcementSettings": [
                  {
                    "#name": "missingTokenAction",
                    "Description": {
                      "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                      "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                    }
                  },
                  {
                    "#name": "resultLifespan",
                    "Description": {
                      "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                      "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                    }
                  }
                ]
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

GET: /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitions_CreateOrUpdate (updated)

Description	: This operation creates or updates a policy definition in the given subscription with the given name.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitions_CreateOrUpdate",
  "$parameters": {
    "parameters": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  },
  "$responses": {
    "201": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  }
}

⚼ Request

PUT: /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition to create. ,

Required: True ,

}

string ,

parameters:

{

Description: The policy definition properties. ,

Required: True ,

}

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (201)

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitions_Get (updated)

Description	: This operation retrieves the policy definition in the given subscription with the given name.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitions_Get",
  "$responses": {
    "200": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  }
}

⚼ Request

GET: /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition to get. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitions_GetBuiltIn (updated)

Description	: This operation retrieves the built-in policy definition with the given name.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitions_GetBuiltIn",
  "$responses": {
    "200": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  }
}

⚼ Request

GET: /providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

policyDefinitionName:

{

Description: The name of the built-in policy definition to get. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitions_CreateOrUpdateAtManagementGroup (updated)

Description	: This operation creates or updates a policy definition in the given management group with the given name.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitions_CreateOrUpdateAtManagementGroup",
  "$parameters": {
    "parameters": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  },
  "$responses": {
    "201": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  }
}

⚼ Request

PUT: /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition to create. ,

Required: True ,

}

string ,

parameters:

{

Description: The policy definition properties. ,

Required: True ,

}

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (201)

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitions_GetAtManagementGroup (updated)

Description	: This operation retrieves the policy definition in the given management group with the given name.
Reference	: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitions_GetAtManagementGroup",
  "$responses": {
    "200": {
      "$properties": {
        "properties": [
          {
            "externalEvaluationEnforcementSettings": [
              {
                "#name": "missingTokenAction",
                "Description": {
                  "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                  "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                }
              },
              {
                "#name": "resultLifespan",
                "Description": {
                  "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                  "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                }
              }
            ]
          }
        ]
      }
    }
  }
}

⚼ Request

GET: /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition to get. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitions_List (updated)

Description

: This operation retrieves a list of all the policy definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.

Reference

: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitions_List",
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "properties": [
              {
                "externalEvaluationEnforcementSettings": [
                  {
                    "#name": "missingTokenAction",
                    "Description": {
                      "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                      "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                    }
                  },
                  {
                    "#name": "resultLifespan",
                    "Description": {
                      "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                      "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                    }
                  }
                ]
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

GET: /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

$filter:

{

Description: The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: An array of policy definitions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitions_ListBuiltIn (updated)

Description

: This operation retrieves a list of all the built-in policy definitions that match the optional given $filter. If $filter='policyType -eq {value}' is provided, the returned list only includes all built-in policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy definitions whose category match the {value}.

Reference

: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitions_ListBuiltIn",
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "properties": [
              {
                "externalEvaluationEnforcementSettings": [
                  {
                    "#name": "missingTokenAction",
                    "Description": {
                      "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                      "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                    }
                  },
                  {
                    "#name": "resultLifespan",
                    "Description": {
                      "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                      "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                    }
                  }
                ]
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

GET: /providers/Microsoft.Authorization/policyDefinitions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$filter:

{

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: An array of policy definitions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

PolicyDefinitions_ListByManagementGroup (updated)

Description

: This operation retrieves a list of all the policy definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.

Reference

: Link ¶

⚶ Changes

{
  "#id": "PolicyDefinitions_ListByManagementGroup",
  "$responses": {
    "200": {
      "$properties": {
        "value": {
          "$properties": {
            "properties": [
              {
                "externalEvaluationEnforcementSettings": [
                  {
                    "#name": "missingTokenAction",
                    "Description": {
                      "new": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported.",
                      "old": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny."
                    }
                  },
                  {
                    "#name": "resultLifespan",
                    "Description": {
                      "new": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported.",
                      "old": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format."
                    }
                  }
                ]
              }
            ]
          }
        }
      }
    }
  }
}

⚼ Request

GET: /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

$filter:

{

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: An array of policy definitions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

}

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

Microsoft.Authorization (stable:2025-03-01)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (201)

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (201)

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (201)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (201)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)

⚶ Changes

⚼ Request

⚐ Response (200)

⚐ Response (default)