Microsoft.Authorization (stable:2025-03-01)

2025/02/25 • 59 new methods

PolicyAssignments_Delete (new)

Description	:  This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}

{

scope:

{

Description: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ,

Required: True ,

}

string ,

policyAssignmentName:

{

Description: The name of the policy assignment to delete. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (204)

{}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyAssignments_Create (new)

Description	:  This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
Reference	:  Link ¶

---

⚼ Request

PUT:  /{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}

{

scope:

{

Description: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ,

Required: True ,

}

string ,

policyAssignmentName:

{

Description: The name of the policy assignment. ,

Required: True ,

}

string ,

parameters:

{

Description: Parameters for the policy assignment. ,

Required: True ,

}

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyAssignments_Get (new)

Description	:  This operation retrieves a single policy assignment, given its name and the scope it was created at.
Reference	:  Link ¶

---

⚼ Request

GET:  /{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}

{

scope:

{

Description: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ,

Required: True ,

}

string ,

policyAssignmentName:

{

Description: The name of the policy assignment to get. ,

Required: True ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyAssignments_Update (new)

Description	:  This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
Reference	:  Link ¶

---

⚼ Request

PATCH:  /{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}

{

scope:

{

Description: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ,

Required: True ,

}

string ,

policyAssignmentName:

{

Description: The name of the policy assignment. ,

Required: True ,

}

string ,

parameters:

{

Description: Parameters for policy assignment patch request. ,

Required: True ,

}

{

properties:

{

Description: The policy assignment properties for Patch request. ,

Required: False ,

}

{

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

}

,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyAssignments_ListForResourceGroup (new)

Description

:  This operation retrieves the list of all policy assignments associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource group, which is everything in the unfiltered list except those applied to resources contained within the resource group. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource group.

Reference

:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group that contains policy assignments. ,

Required: True ,

}

string ,

$filter:

{

Description: The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}. ,

Required: False ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy assignments. ,

Required: False ,

}

[

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyAssignments_ListForResource (new)

Description

:  This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource level. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').

Reference

:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group containing the resource. ,

Required: True ,

}

string ,

resourceProviderNamespace:

{

Description: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) ,

Required: True ,

}

string ,

parentResourcePath:

{

Description: The parent resource path. Use empty string if there is none. ,

Required: True ,

}

string ,

resourceType:

{

Description: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). ,

Required: True ,

}

string ,

resourceName:

{

Description: The name of the resource. ,

Required: True ,

}

string ,

$filter:

{

Description: The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}. ,

Required: False ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy assignments. ,

Required: False ,

}

[

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyAssignments_ListForManagementGroup (new)

Description

:  This operation retrieves the list of all policy assignments applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter=atScope() is provided, the returned list includes all policy assignments that are assigned to the management group or the management group's ancestors. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the management group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the management group.

Reference

:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyAssignments

{

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

$filter:

{

Description: The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}. ,

Required: False ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy assignments. ,

Required: False ,

}

[

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyAssignments_List (new)

Description

:  This operation retrieves the list of all policy assignments associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the subscription, which is everything in the unfiltered list except those applied to objects contained within the subscription. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the subscription. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.

Reference

:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments

{

$filter:

{

Description: The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}. ,

Required: False ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy assignments. ,

Required: False ,

}

[

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyAssignments_DeleteById (new)

Description

:  This operation deletes the policy with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid formats for {scope} are: '/providers/Microsoft.Management/managementGroups/{managementGroup}' (management group), '/subscriptions/{subscriptionId}' (subscription), '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}' (resource group), or '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' (resource).

Reference

:  Link ¶

---

⚼ Request

DELETE:  /{policyAssignmentId}

{

policyAssignmentId:

{

Description: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (204)

{}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyAssignments_CreateById (new)

Description

:  This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.

Reference

:  Link ¶

---

⚼ Request

PUT:  /{policyAssignmentId}

{

policyAssignmentId:

{

Description: The ID of the policy assignment to create. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ,

Required: True ,

}

string ,

parameters:

{

Description: Parameters for policy assignment. ,

Required: True ,

}

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyAssignments_GetById (new)

Description

:  The operation retrieves the policy assignment with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.

Reference

:  Link ¶

---

⚼ Request

GET:  /{policyAssignmentId}

{

policyAssignmentId:

{

Description: The ID of the policy assignment to get. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyAssignments_UpdateById (new)

Description

:  This operation updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.

Reference

:  Link ¶

---

⚼ Request

PATCH:  /{policyAssignmentId}

{

policyAssignmentId:

{

Description: The ID of the policy assignment to update. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ,

Required: True ,

}

string ,

parameters:

{

Description: Parameters for policy assignment patch request. ,

Required: True ,

}

{

properties:

{

Description: The policy assignment properties for Patch request. ,

Required: False ,

}

{

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

}

,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: Properties for the policy assignment. ,

Required: False ,

}

{

displayName:

{

Description: The display name of the policy assignment. ,

Required: False ,

}

string ,

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition being assigned. ,

Required: False ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

scope:

{

Description: The scope for the policy assignment. ,

Required: False ,

}

string ,

notScopes:

{

Description: The policy's excluded scopes. ,

Required: False ,

}

[

string ,

]

,

parameters:

{

Description: The parameter values for the assigned policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

description:

{

Description: This message will be part of response in case of policy violation. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

enforcementMode:

{

Description: The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll ,

Enum:

{

Default: The policy effect is enforced during resource creation or update. ,

DoNotEnforce: The policy effect is not enforced during resource creation or update. ,

Enroll: The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. ,

}

,

Required: False ,

}

enum ,

nonComplianceMessages:

{

Description: The messages that describe why a resource is non-compliant with the policy. ,

Required: False ,

}

[

{

message:

{

Description: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. ,

Required: True ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. ,

Required: False ,

}

string ,

}

,

]

,

resourceSelectors:

{

Description: The resource selector list to filter policies by resource properties. ,

Required: False ,

}

[

{

name:

{

Description: The name of the resource selector. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

overrides:

{

Description: The policy property value override. ,

Required: False ,

}

[

{

kind:

{

Description: The override kind. ,

Enum:

{

policyEffect: It will override the policy effect type. ,

definitionVersion: It will override the definition version property value of the policy assignment. ,

}

,

Required: False ,

}

enum ,

value:

{

Description: The value to override the policy property. ,

Required: False ,

}

string ,

selectors:

{

Description: The list of the selector expressions. ,

Required: False ,

}

[

{

kind:

{

Description: The selector kind. ,

Enum:

{

resourceLocation: The selector kind to filter policies by the resource location. ,

resourceType: The selector kind to filter policies by the resource type. ,

resourceWithoutLocation: The selector kind to filter policies by the resource without location. ,

policyDefinitionReferenceId: The selector kind to filter policies by the policy definition reference ID. ,

}

,

Required: False ,

}

enum ,

in:

{

Description: The list of values to filter in. ,

Required: False ,

}

[

string ,

]

,

notIn:

{

Description: The list of values to filter out. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

}

,

]

,

assignmentType:

{

Description: The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. ,

Enum:

{

NotSpecified: No description available. ,

System: No description available. ,

SystemHidden: No description available. ,

Custom: No description available. ,

}

,

Required: False ,

}

enum ,

instanceId:

{

Description: The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy assignment. ,

Required: False ,

}

string ,

type:

{

Description: The type of the policy assignment. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy assignment. ,

Required: False ,

}

string ,

location:

{

Description: The location of the policy assignment. Only required when utilizing managed identity. ,

Required: False ,

}

string ,

identity:

{

Description: The managed identity associated with the policy assignment. ,

Required: False ,

}

{

principalId:

{

Description: The principal ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant ID of the resource identity. This property will only be provided for a system assigned identity ,

Required: False ,

}

string ,

type:

{

Description: The identity type. This is the only required field when adding a system or user assigned identity to a resource. ,

Enum:

{

SystemAssigned: Indicates that a system assigned identity is associated with the resource. ,

UserAssigned: Indicates that a system assigned identity is associated with the resource. ,

None: Indicates that no identity is associated with the resource or that the existing identity should be removed. ,

}

,

Required: False ,

}

enum ,

userAssignedIdentities:

{

Description: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ,

Required: False ,

}

object ,

}

,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_ListAllBuiltins (new)

Description	:  This operation lists all the built-in policy definition versions for all built-in policy definitions.
Reference	:  Link ¶

---

⚼ Request

POST:  /providers/Microsoft.Authorization/listPolicyDefinitionVersions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_ListAllAtManagementGroup (new)

Description	:  This operation lists all the policy definition versions for all policy definitions at the management group scope.
Reference	:  Link ¶

---

⚼ Request

POST:  /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicyDefinitionVersions

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_ListAll (new)

Description	:  This operation lists all the policy definition versions for all policy definitions within a subscription.
Reference	:  Link ¶

---

⚼ Request

POST:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicyDefinitionVersions

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_CreateOrUpdate (new)

Description	:  This operation creates or updates a policy definition in the given subscription with the given name.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

parameters:

{

Description: The policy definition properties. ,

Required: True ,

}

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_Delete (new)

Description	:  This operation deletes the policy definition version in the given subscription with the given name.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (200)

{}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_Get (new)

Description	:  This operation retrieves the policy definition version in the given subscription with the given name.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_GetBuiltIn (new)

Description	:  This operation retrieves the built-in policy definition version with the given name.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup (new)

Description	:  This operation creates or updates a policy definition version in the given management group with the given name.
Reference	:  Link ¶

---

⚼ Request

PUT:  /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

parameters:

{

Description: The policy definition properties. ,

Required: True ,

}

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_DeleteAtManagementGroup (new)

Description	:  This operation deletes the policy definition in the given management group with the given name.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (200)

{}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_GetAtManagementGroup (new)

Description	:  This operation retrieves the policy definition version in the given management group with the given name.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_List (new)

Description	:  This operation retrieves a list of all the policy definition versions for the given policy definition.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_ListBuiltIn (new)

Description	:  This operation retrieves a list of all the built-in policy definition versions for the given policy definition.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions

{

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitionVersions_ListByManagementGroup (new)

Description	:  This operation retrieves a list of all the policy definition versions for the given policy definition in the given management group.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy definitions versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitions_CreateOrUpdate (new)

Description	:  This operation creates or updates a policy definition in the given subscription with the given name.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition to create. ,

Required: True ,

}

string ,

parameters:

{

Description: The policy definition properties. ,

Required: True ,

}

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitions_Delete (new)

Description	:  This operation deletes the policy definition in the given subscription with the given name.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition to delete. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (200)

{}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitions_Get (new)

Description	:  This operation retrieves the policy definition in the given subscription with the given name.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition to get. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitions_GetBuiltIn (new)

Description	:  This operation retrieves the built-in policy definition with the given name.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

policyDefinitionName:

{

Description: The name of the built-in policy definition to get. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitions_CreateOrUpdateAtManagementGroup (new)

Description	:  This operation creates or updates a policy definition in the given management group with the given name.
Reference	:  Link ¶

---

⚼ Request

PUT:  /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition to create. ,

Required: True ,

}

string ,

parameters:

{

Description: The policy definition properties. ,

Required: True ,

}

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitions_DeleteAtManagementGroup (new)

Description	:  This operation deletes the policy definition in the given management group with the given name.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition to delete. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (200)

{}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitions_GetAtManagementGroup (new)

Description	:  This operation retrieves the policy definition in the given management group with the given name.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

{

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

policyDefinitionName:

{

Description: The name of the policy definition to get. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitions_List (new)

Description

:  This operation retrieves a list of all the policy definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.

Reference

:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

$filter:

{

Description: The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy definitions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitions_ListBuiltIn (new)

Description

:  This operation retrieves a list of all the built-in policy definitions that match the optional given $filter. If $filter='policyType -eq {value}' is provided, the returned list only includes all built-in policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy definitions whose category match the {value}.

Reference

:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Authorization/policyDefinitions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$filter:

{

Description: The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy definitions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyDefinitions_ListByManagementGroup (new)

Description

:  This operation retrieves a list of all the policy definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.

Reference

:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

$filter:

{

Description: The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy definitions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

mode:

{

Description: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the policy definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy definition description. ,

Required: False ,

}

string ,

policyRule:

{

Description: The policy rule. ,

Required: False ,

}

object ,

metadata:

{

Description: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

version:

{

Description: The policy definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy definition. ,

Required: False ,

}

[

string ,

]

,

externalEvaluationEnforcementSettings:

{

Description: The details of the source of external evaluation results required by the policy during enforcement evaluation. ,

Required: False ,

}

{

missingTokenAction:

{

Description: What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny. ,

Required: False ,

}

string ,

resultLifespan:

{

Description: The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format. ,

Required: False ,

}

string ,

endpointSettings:

{

Description: The settings of an external endpoint providing evaluation results. ,

Required: False ,

}

{

kind:

{

Description: The kind of the endpoint. ,

Required: False ,

}

string ,

details:

{

Description: The details of the endpoint. ,

Required: False ,

}

object ,

}

,

roleDefinitionIds:

{

Description: An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. ,

Required: False ,

}

[

string ,

]

,

}

,

}

,

id:

{

Description: The ID of the policy definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policyDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_ListAllBuiltins (new)

Description	:  This operation lists all the built-in policy set definition versions for all built-in policy set definitions.
Reference	:  Link ¶

---

⚼ Request

POST:  /providers/Microsoft.Authorization/listPolicySetDefinitionVersions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy set definition versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_ListAllAtManagementGroup (new)

Description	:  This operation lists all the policy set definition versions for all policy set definitions at the management group scope.
Reference	:  Link ¶

---

⚼ Request

POST:  /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy set definition versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_ListAll (new)

Description	:  This operation lists all the policy set definition versions for all policy set definitions within a subscription.
Reference	:  Link ¶

---

⚼ Request

POST:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy set definition versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_CreateOrUpdate (new)

Description	:  This operation creates or updates a policy set definition version in the given subscription with the given name and version.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

parameters:

{

Description: The policy set definition properties. ,

Required: True ,

}

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_Delete (new)

Description	:  This operation deletes the policy set definition version in the given subscription with the given name and version.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (200)

{}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_Get (new)

Description	:  This operation retrieves the policy set definition version in the given subscription with the given name and version.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_GetBuiltIn (new)

Description	:  This operation retrieves the built-in policy set definition version with the given name and version.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}

{

policySetDefinitionName:

{

Description: The name of the policy set definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_List (new)

Description	:  This operation retrieves a list of all the policy set definition versions for the given policy set definition.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy set definition versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_ListBuiltIn (new)

Description	:  This operation retrieves a list of all the built-in policy set definition versions for the given built-in policy set definition.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions

{

policySetDefinitionName:

{

Description: The name of the policy set definition. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy set definition versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_CreateOrUpdateAtManagementGroup (new)

Description	:  This operation creates or updates a policy set definition version in the given management group with the given name and version.
Reference	:  Link ¶

---

⚼ Request

PUT:  /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

parameters:

{

Description: The policy set definition version properties. ,

Required: True ,

}

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_DeleteAtManagementGroup (new)

Description	:  This operation deletes the policy set definition version in the given management group with the given name and version.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (200)

{}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_GetAtManagementGroup (new)

Description	:  This operation retrieves the policy set definition version in the given management group with the given name and version.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition. ,

Required: True ,

}

string ,

policyDefinitionVersion:

{

Description: The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ,

Required: True ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitionVersions_ListByManagementGroup (new)

Description	:  This operation retrieves a list of all the policy set definition versions for the given policy set definition in a given management group.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions

{

managementGroupName:

{

Description: The name of the management group. The name is case insensitive. ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy set definition versions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy set definition version properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

}

,

id:

{

Description: The ID of the policy set definition version. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition version. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions/versions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitions_CreateOrUpdate (new)

Description	:  This operation creates or updates a policy set definition in the given subscription with the given name.
Reference	:  Link ¶

---

⚼ Request

PUT:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition to create. ,

Required: True ,

}

string ,

parameters:

{

Description: The policy set definition properties. ,

Required: True ,

}

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitions_Delete (new)

Description	:  This operation deletes the policy set definition in the given subscription with the given name.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition to delete. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (200)

{}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitions_Get (new)

Description	:  This operation retrieves the policy set definition in the given subscription with the given name.
Reference	:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition to get. ,

Required: True ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitions_GetBuiltIn (new)

Description	:  This operation retrieves the built-in policy set definition with the given name.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}

{

policySetDefinitionName:

{

Description: The name of the policy set definition to get. ,

Required: True ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitions_List (new)

Description

:  This operation retrieves a list of all the policy set definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.

Reference

:  Link ¶

---

⚼ Request

GET:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$filter:

{

Description: The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}. ,

Required: False ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy set definitions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitions_ListBuiltIn (new)

Description	:  This operation retrieves a list of all the built-in policy set definitions that match the optional given $filter. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy set definitions whose category match the {value}.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Authorization/policySetDefinitions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$filter:

{

Description: The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}. ,

Required: False ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy set definitions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitions_CreateOrUpdateAtManagementGroup (new)

Description	:  This operation creates or updates a policy set definition in the given management group with the given name.
Reference	:  Link ¶

---

⚼ Request

PUT:  /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}

{

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition to create. ,

Required: True ,

}

string ,

parameters:

{

Description: The policy set definition properties. ,

Required: True ,

}

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (201)

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitions_DeleteAtManagementGroup (new)

Description	:  This operation deletes the policy set definition in the given management group with the given name.
Reference	:  Link ¶

---

⚼ Request

DELETE:  /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}

{

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition to delete. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (204)

{}

---

⚐ Response (200)

{}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitions_GetAtManagementGroup (new)

Description	:  This operation retrieves the policy set definition in the given management group with the given name.
Reference	:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}

{

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

policySetDefinitionName:

{

Description: The name of the policy set definition to get. ,

Required: True ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

---

⚐ Response (200)

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicySetDefinitions_ListByManagementGroup (new)

Description

:  This operation retrieves a list of all the policy set definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.

Reference

:  Link ¶

---

⚼ Request

GET:  /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions

{

managementGroupId:

{

Description: The ID of the management group. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

$filter:

{

Description: The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}. ,

Required: False ,

}

string ,

$expand:

{

Description: Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. ,

Required: False ,

}

string ,

$top:

{

Description: Maximum number of records to return. When the $top filter is not provided, it will return 500 records. ,

Format: int32 ,

Required: False ,

}

integer ,

}

---

⚐ Response (200)

{

value:

{

Description: An array of policy set definitions. ,

Required: False ,

}

[

{

properties:

{

Description: The policy set definition properties. ,

Required: False ,

}

{

policyType:

{

Description: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. ,

Enum:

{

NotSpecified: No description available. ,

BuiltIn: No description available. ,

Custom: No description available. ,

Static: No description available. ,

}

,

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the policy set definition. ,

Required: False ,

}

string ,

description:

{

Description: The policy set definition description. ,

Required: False ,

}

string ,

metadata:

{

Description: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. ,

Required: False ,

}

object ,

parameters:

{

Description: The policy set definition parameters that can be used in policy definition references. ,

Required: False ,

}

object ,

policyDefinitions:

{

Description: An array of policy definition references. ,

Required: True ,

}

[

{

policyDefinitionId:

{

Description: The ID of the policy definition or policy set definition. ,

Required: True ,

}

string ,

definitionVersion:

{

Description: The version of the policy definition to use. ,

Required: False ,

}

string ,

latestDefinitionVersion:

{

Description: The latest version of the policy definition available. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

effectiveDefinitionVersion:

{

Description: The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. ,

Required: False ,

}

string ,

parameters:

{

Description: The parameter values for the referenced policy rule. The keys are the parameter names. ,

Required: False ,

}

object ,

policyDefinitionReferenceId:

{

Description: A unique id (within the policy set definition) for this policy definition reference. ,

Required: False ,

}

string ,

groupNames:

{

Description: The name of the groups that this policy definition reference belongs to. ,

Required: False ,

}

[

string ,

]

,

}

,

]

,

policyDefinitionGroups:

{

Description: The metadata describing groups of policy definition references within the policy set definition. ,

Required: False ,

}

[

{

name:

{

Description: The name of the group. ,

Required: True ,

}

string ,

displayName:

{

Description: The group's display name. ,

Required: False ,

}

string ,

category:

{

Description: The group's category. ,

Required: False ,

}

string ,

description:

{

Description: The group's description. ,

Required: False ,

}

string ,

additionalMetadataId:

{

Description: A resource ID of a resource that contains additional metadata about the group. ,

Required: False ,

}

string ,

}

,

]

,

version:

{

Description: The policy set definition version in #.#.# format. ,

Required: False ,

}

string ,

versions:

{

Description: A list of available versions for this policy set definition. ,

Required: False ,

}

[

string ,

]

,

}

,

id:

{

Description: The ID of the policy set definition. ,

Required: False ,

}

string ,

name:

{

Description: The name of the policy set definition. ,

Required: False ,

}

string ,

type:

{

Description: The type of the resource (Microsoft.Authorization/policySetDefinitions). ,

Required: False ,

}

string ,

systemData:

{

Description: The system metadata relating to this resource. ,

Required: False ,

}

{

createdBy:

{

Description: The identity that created the resource. ,

Required: False ,

}

string ,

createdByType:

{

Description: The type of identity that created the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

createdAt:

{

Description: The timestamp of resource creation (UTC). ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: The identity that last modified the resource. ,

Required: False ,

}

string ,

lastModifiedByType:

{

Description: The type of identity that last modified the resource. ,

Enum:

{

User: No description available. ,

Application: No description available. ,

ManagedIdentity: No description available. ,

Key: No description available. ,

}

,

Required: False ,

}

enum ,

lastModifiedAt:

{

Description: The timestamp of resource last modification (UTC) ,

Format: date-time ,

Required: False ,

}

string ,

}

,

}

,

]

,

nextLink:

{

Description: The URL to use for getting the next set of results. ,

Required: False ,

}

string ,

}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}

PolicyTokens_Acquire (new)

Description	:  This operation acquires a policy token in the given subscription for the given request body.
Reference	:  Link ¶

---

⚼ Request

POST:  /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/acquirePolicyToken

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

parameters:

{

Description: The policy token properties. ,

Required: True ,

}

{

operation:

{

Description: The resource operation to acquire a token for. ,

Required: False ,

}

{

uri:

{

Description: The request URI of the resource operation. ,

Required: False ,

}

string ,

httpMethod:

{

Description: The http method of the resource operation. ,

Required: False ,

}

string ,

content:

{

Description: The payload of the resource operation. ,

Required: False ,

}

object ,

}

,

changeReference:

{

Description: The change reference. ,

Required: False ,

}

string ,

}

,

}

---

⚐ Response (200)

{

result:

{

Description: The result of the completed token acquisition operation. Possible values are Succeeded and Failed. ,

Enum:

{

Succeeded: No description available. ,

Failed: No description available. ,

}

,

Required: False ,

}

enum ,

message:

{

Description: Status message with additional details about the token acquisition operation result. ,

Required: False ,

}

string ,

retryAfter:

{

Description: The date and time after which the client can try to acquire a token again in the case of retry-able failures. ,

Format: date-time ,

Required: False ,

}

string ,

results:

{

Description: An array of external evaluation endpoint invocation results. ,

Required: False ,

}

[

{

policyInfo:

{

Description: The details of the policy requiring the external endpoint invocation. ,

Required: False ,

}

{

policyDefinitionId:

{

Description: The policy definition Id. ,

Required: False ,

}

string ,

policySetDefinitionId:

{

Description: The policy set definition Id. ,

Required: False ,

}

string ,

policyDefinitionReferenceId:

{

Description: The policy definition instance Id inside a policy set. ,

Required: False ,

}

string ,

policySetDefinitionName:

{

Description: The policy set definition name. ,

Required: False ,

}

string ,

policySetDefinitionDisplayName:

{

Description: The policy set definition display name. ,

Required: False ,

}

string ,

policySetDefinitionVersion:

{

Description: The policy set definition version. ,

Required: False ,

}

string ,

policySetDefinitionCategory:

{

Description: The policy set definition category. ,

Required: False ,

}

string ,

policyDefinitionName:

{

Description: The policy definition name. ,

Required: False ,

}

string ,

policyDefinitionDisplayName:

{

Description: The policy definition display name. ,

Required: False ,

}

string ,

policyDefinitionVersion:

{

Description: The policy definition version. ,

Required: False ,

}

string ,

policyDefinitionEffect:

{

Description: The policy definition action. ,

Required: False ,

}

string ,

policyDefinitionGroupNames:

{

Description: An array of policy definition group names. ,

Required: False ,

}

[

string ,

]

,

policyAssignmentId:

{

Description: The policy assignment Id. ,

Required: False ,

}

string ,

policyAssignmentName:

{

Description: The policy assignment name. ,

Required: False ,

}

string ,

policyAssignmentDisplayName:

{

Description: The policy assignment display name. ,

Required: False ,

}

string ,

policyAssignmentVersion:

{

Description: The policy assignment version. ,

Required: False ,

}

string ,

policyAssignmentScope:

{

Description: The policy assignment scope. ,

Required: False ,

}

string ,

resourceLocation:

{

Description: The resource location. ,

Required: False ,

}

string ,

ancestors:

{

Description: The management group ancestors. ,

Required: False ,

}

string ,

complianceReasonCode:

{

Description: The policy compliance reason code. ,

Required: False ,

}

string ,

policyExemptionIds:

{

Description: An array of policy exemption Ids. ,

Required: False ,

}

[

string ,

]

,

}

,

result:

{

Description: The result of the external endpoint. Possible values are Succeeded and Failed. ,

Enum:

{

Succeeded: No description available. ,

Failed: No description available. ,

}

,

Required: False ,

}

enum ,

message:

{

Description: The status message with additional details about the invocation result. ,

Required: False ,

}

string ,

retryAfter:

{

Description: The date and time after which a failed endpoint invocation can be retried. ,

Format: date-time ,

Required: False ,

}

string ,

claims:

{

Description: The set of claims that will be attached to the policy token as an attestation for the result of the endpoint invocation. ,

Required: False ,

}

object ,

expiration:

{

Description: The expiration of the results. ,

Format: date-time ,

Required: False ,

}

string ,

}

,

]

,

changeReference:

{

Description: The change reference associated with the operation for which the token is acquired. ,

Required: False ,

}

string ,

token:

{

Description: The issued policy token. ,

Required: False ,

}

string ,

tokenId:

{

Description: The unique Id assigned to the policy token. ,

Required: False ,

}

string ,

expiration:

{

Description: The expiration of the policy token. ,

Format: date-time ,

Required: False ,

}

string ,

}

---

⚐ Response (202)

{}

---

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

,

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

,

]

,

}

,

}