diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/acquirePolicyToken.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/acquirePolicyToken.json new file mode 100644 index 000000000000..88114d38c59e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/acquirePolicyToken.json @@ -0,0 +1,90 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "operation": { + "httpMethod": "delete", + "uri": "https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM?api-version=2024-01-01" + } + }, + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "result": "Succeeded", + "requestDetails": { + "uri": "https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM?api-version=2024-01-01", + "resourceId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM", + "apiVersion": "2024-01-01", + "authorizationAction": "Microsoft.Compute/virtualMachines/delete", + "httpMethod": "DELETE", + "contentHash": "0000000000000000000000000000000000000000000000000000000000000000" + }, + "results": [ + { + "policyInfo": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/3f2def86", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/5ed64d02", + "policyDefinitionEffect": "denyAction" + }, + "result": "Succeeded", + "endpointKind": "CoinFlip", + "message": "Coin flip successful (success probability: '1').", + "claims": { + "date": "2025-01-01T19:30:00.00Z", + "double": 0.99, + "int": 2, + "isValid": false, + "string": "testString", + "testArray": [ + "Apple", + "Banana", + "Cherry" + ], + "testObject": { + "name": "Complex Object", + "id": 12345, + "details": { + "createdBy": "John Doe", + "createdDate": "2024-12-13T12:00:00Z", + "metadata": { + "isActive": true, + "tags": [ + "example", + "test", + "object" + ], + "version": "1.0.0" + } + } + } + }, + "policyAction": "Allow", + "policyEvaluationDetails": { + "evaluatedExpressions": [ + { + "result": "False", + "expressionKind": "Value", + "expression": "[claims().isValid]", + "expressionValue": false, + "targetValue": "True", + "operator": "Equals" + } + ] + }, + "additionalInfo": { + "successProbability": 1.0 + }, + "expiration": "2025-01-01T21:30:00.00Z" + } + ], + "token": "PT 1.ey7zmVse52pjMKPQd5m2uiNjz5UV2pZ.LPGtRiTeuCDBomEVbzj9kIaL9odEmlNv4D9VzyrQLTAyv4HHnUR7oNytWnL.AQrZ5bSGAQZzr8eySqvugzrD-ceRVL311SL3Nn6f-4c9kgPgU_u1ArXQKW25QCxMlsAuWmaE", + "tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4", + "expiration": "2025-01-01T21:30:00.00Z" + } + } + }, + "operationId": "PolicyTokens_Acquire", + "title": "Acquire a policy token" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/acquirePolicyTokenAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/acquirePolicyTokenAtManagementGroup.json new file mode 100644 index 000000000000..aed9c824e924 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/acquirePolicyTokenAtManagementGroup.json @@ -0,0 +1,90 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "parameters": { + "operation": { + "httpMethod": "delete", + "uri": "https://management.azure.com/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000?api-version=2022-04-01" + } + } + }, + "responses": { + "200": { + "body": { + "result": "Succeeded", + "requestDetails": { + "uri": "https://management.azure.com/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000?api-version=2022-04-01", + "resourceId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000", + "apiVersion": "2022-04-01", + "authorizationAction": "Microsoft.Authorization/roleAssignments/delete", + "httpMethod": "DELETE", + "contentHash": "0000000000000000000000000000000000000000000000000000000000000000" + }, + "results": [ + { + "policyInfo": { + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/3f2def86", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/5ed64d02", + "policyDefinitionEffect": "denyAction" + }, + "result": "Succeeded", + "endpointKind": "CoinFlip", + "message": "Coin flip successful (success probability: '1').", + "claims": { + "date": "2025-01-01T19:30:00.00Z", + "double": 0.99, + "int": 2, + "isValid": false, + "string": "testString", + "testArray": [ + "Apple", + "Banana", + "Cherry" + ], + "testObject": { + "name": "Complex Object", + "id": 12345, + "details": { + "createdBy": "John Doe", + "createdDate": "2024-12-13T12:00:00Z", + "metadata": { + "isActive": true, + "tags": [ + "example", + "test", + "object" + ], + "version": "1.0.0" + } + } + } + }, + "policyAction": "Allow", + "policyEvaluationDetails": { + "evaluatedExpressions": [ + { + "result": "False", + "expressionKind": "Value", + "expression": "[claims().isValid]", + "expressionValue": false, + "targetValue": "True", + "operator": "Equals" + } + ] + }, + "additionalInfo": { + "successProbability": 1.0 + }, + "expiration": "2025-01-01T21:30:00.00Z" + } + ], + "token": "PT 1.ey7zmVse52pjMKPQd5m2uiNjz5UV2pZ.LPGtRiTeuCDBomEVbzj9kIaL9odEmlNv4D9VzyrQLTAyv4HHnUR7oNytWnL.AQrZ5bSGAQZzr8eySqvugzrD-ceRVL311SL3Nn6f-4c9kgPgU_u1ArXQKW25QCxMlsAuWmaE", + "tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4", + "expiration": "2025-01-01T21:30:00.00Z" + } + } + }, + "operationId": "PolicyTokens_AcquireAtManagementGroup", + "title": "Acquire a policy token at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinition.json new file mode 100644 index 000000000000..70982de1ffdc --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinition.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + } + } + }, + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionAdvancedParams.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionAdvancedParams.json new file mode 100644 index 000000000000..690ead21e015 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionAdvancedParams.json @@ -0,0 +1,124 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "displayName": "Event Hubs should have diagnostic logging enabled", + "metadata": { + "category": "Event Hub" + }, + "mode": "Indexed", + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "defaultValue": 365, + "metadata": { + "description": "The required diagnostic logs retention in days", + "displayName": "Required retention (days)" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.EventHub/namespaces", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "true", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled" + }, + { + "equals": "[parameters('requiredRetentionDays')]", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days" + } + ] + } + } + } + } + } + }, + "policyDefinitionName": "EventHubDiagnosticLogs", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "displayName": "Event Hubs should have diagnostic logging enabled", + "metadata": { + "category": "Event Hub" + }, + "mode": "Indexed", + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "defaultValue": 365, + "metadata": { + "description": "The required diagnostic logs retention in days", + "displayName": "Required retention (days)" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.EventHub/namespaces", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "true", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled" + }, + { + "equals": "[parameters('requiredRetentionDays')]", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days" + } + ] + } + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition with advanced parameters" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..8f9d21a8da10 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + } + } + }, + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "201": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json new file mode 100644 index 000000000000..c32e63bc10cd --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json @@ -0,0 +1,109 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Randomly disable VM allocation in eastus by having policy rule reference the outcome of invoking an external endpoint using the CoinFlip endpoint that returns random values.", + "displayName": "Randomize VM Allocation", + "externalEvaluationEnforcementSettings": { + "endpointSettings": { + "kind": "CoinFlip", + "details": { + "successProbability": 0.5 + } + }, + "missingTokenAction": "audit", + "roleDefinitionIds": [ + "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" + ] + }, + "metadata": { + "category": "VM" + }, + "mode": "Indexed", + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" + }, + { + "equals": "eastus", + "field": "location" + }, + { + "equals": "false", + "value": "[claims().isValid]" + } + ] + }, + "then": { + "effect": "deny" + } + } + } + }, + "policyDefinitionName": "RandomizeVMAllocation", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "RandomizeVMAllocation", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/RandomizeVMAllocation", + "properties": { + "description": "Randomly disable VM allocation in eastus by having policy rule reference the outcome of invoking an external endpoint using the CoinFlip endpoint that returns random values.", + "displayName": "Randomize VM Allocation", + "externalEvaluationEnforcementSettings": { + "endpointSettings": { + "kind": "CoinFlip", + "details": { + "successProbability": 0.5 + } + }, + "missingTokenAction": "audit", + "roleDefinitionIds": [ + "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" + ] + }, + "metadata": { + "category": "VM" + }, + "mode": "Indexed", + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" + }, + { + "equals": "eastus", + "field": "location" + }, + { + "equals": "false", + "value": "[claims().isValid]" + } + ] + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition with external evaluation enforcement settings" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionVersion.json new file mode 100644 index 000000000000..5469292f896d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionVersion.json @@ -0,0 +1,140 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "version": "1.2.1" + } + }, + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_CreateOrUpdate", + "title": "Create or update a policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..593bf06727f6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,140 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "version": "1.2.1" + } + }, + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinition.json new file mode 100644 index 000000000000..51df1450f7f1 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinition.json @@ -0,0 +1,162 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "title": "Create or update a policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..6f88bfea24db --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,137 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionVersion.json new file mode 100644 index 000000000000..d7e5f24bae18 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionVersion.json @@ -0,0 +1,163 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_CreateOrUpdate", + "title": "Create or update a policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..5384d3a6bbe5 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,135 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionWithGroups.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionWithGroups.json new file mode 100644 index 000000000000..10820f3cefae --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionWithGroups.json @@ -0,0 +1,198 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "title": "Create or update a policy set definition with groups" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json new file mode 100644 index 000000000000..d4568f34b58c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json @@ -0,0 +1,196 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition with groups at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignment.json new file mode 100644 index 000000000000..0836034d23cc --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignment.json @@ -0,0 +1,68 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "metadata": { + "assignedBy": "Special Someone" + }, + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ], + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentNonComplianceMessages.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentNonComplianceMessages.json new file mode 100644 index 000000000000..fdf25115b683 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentNonComplianceMessages.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "displayName": "Enforce security policies", + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative" + } + }, + "policyAssignmentName": "securityInitAssignment", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "securityInitAssignment", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment", + "properties": { + "definitionVersion": "1.*.*", + "displayName": "Enforce security policies", + "enforcementMode": "Default", + "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c", + "metadata": { + "assignedBy": "User 1" + }, + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ], + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with multiple non-compliance messages" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithEnrollEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithEnrollEnforcement.json new file mode 100644 index 000000000000..ad306d4370d0 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithEnrollEnforcement.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Enroll", + "metadata": { + "assignedBy": "Special Someone" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNamingEnroll", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNamingEnroll", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNamingEnroll", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Enroll", + "instanceId": "f2b3c4d5-e6f7-8a9b-0c1d-2e3f4a5b6c7d", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment to enforce policy effect only on enrolled resources during resource creation or update." +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..b41f8579133d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithIdentity.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "metadata": { + "assignedBy": "Foo Bar" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with a system assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..37e5096762b2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithOverrides.json @@ -0,0 +1,86 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + }, + { + "kind": "definitionVersion", + "selectors": [ + { + "in": [ + "eastUSEuap", + "centralUSEuap" + ], + "kind": "resourceLocation" + } + ], + "value": "2.*.*" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement" + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with overrides" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..ca5928095f81 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,70 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Limit the resource location and resource SKU", + "displayName": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ] + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ], + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with resource selectors" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithSelfserveExemptionSettings.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithSelfserveExemptionSettings.json new file mode 100644 index 000000000000..4b892d70b68e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithSelfserveExemptionSettings.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "location": "eastus", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "metadata": { + "assignedBy": "Foo Bar" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "selfServeExemptionSettings": { + "enabled": true, + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ] + } + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "location": "eastus", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Foo Bar" + }, + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "selfServeExemptionSettings": { + "enabled": true, + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ] + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with self-serve exemption settings" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..93016816abb5 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "metadata": { + "assignedBy": "Foo Bar" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with a user assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithoutEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithoutEnforcement.json new file mode 100644 index 000000000000..cc68426d29d6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/createPolicyAssignmentWithoutEnforcement.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "DoNotEnforce", + "metadata": { + "assignedBy": "Special Someone" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "DoNotEnforce", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment without enforcing policy effect during resource creation or update." +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyAssignment.json new file mode 100644 index 000000000000..1541a4797638 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyAssignment.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyAssignments_Delete", + "title": "Delete a policy assignment" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinition.json new file mode 100644 index 000000000000..97d68b1c5184 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinition.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitions_Delete", + "title": "Delete a policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..49503644bb67 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitions_DeleteAtManagementGroup", + "title": "Delete a policy definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinitionVersion.json new file mode 100644 index 000000000000..499086a7dbf9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinitionVersion.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_Delete", + "title": "Delete a policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..01a01281f91c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_DeleteAtManagementGroup", + "title": "Delete a policy definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinition.json new file mode 100644 index 000000000000..1a02f359d1ca --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinition.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_Delete", + "title": "Delete a policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..37860ad56bf6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_DeleteAtManagementGroup", + "title": "Delete a policy set definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinitionVersion.json new file mode 100644 index 000000000000..560097117d57 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinitionVersion.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_Delete", + "title": "Delete a policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..a4a5ae9af753 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/deletePolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_DeleteAtManagementGroup", + "title": "Delete a policy set definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltInPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltInPolicySetDefinition.json new file mode 100644 index 000000000000..dc84f951f9d9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltInPolicySetDefinition.json @@ -0,0 +1,84 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_GetBuiltIn", + "title": "Retrieve a built-in policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltInPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltInPolicySetDefinitionVersion.json new file mode 100644 index 000000000000..9dc7340e78ff --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltInPolicySetDefinitionVersion.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_GetBuiltIn", + "title": "Retrieve a built-in policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltinPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltinPolicyDefinition.json new file mode 100644 index 000000000000..0d994a3758c5 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltinPolicyDefinition.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_GetBuiltIn", + "title": "Retrieve a built-in policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltinPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltinPolicyDefinitionVersion.json new file mode 100644 index 000000000000..6655712797da --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getBuiltinPolicyDefinitionVersion.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1/versions/1.2.1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_GetBuiltIn", + "title": "Retrieve a built-in policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignment.json new file mode 100644 index 000000000000..77402df0de20 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignment.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..af56c0f1d697 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithIdentity.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with a system assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..fa593172e81a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithOverrides.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "d2f3a4b5-c6d7-8e9f-0a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with overrides" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..c6248a0ad95e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ], + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with resource selectors" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..4616f32721ca --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "westus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with a user assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinition.json new file mode 100644 index 000000000000..24f4adcbb230 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinition.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_Get", + "title": "Retrieve a policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..3d78c492ff1e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinitionAtManagementGroup.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "200": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_GetAtManagementGroup", + "title": "Retrieve a policy definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinitionVersion.json new file mode 100644 index 000000000000..9713319b0e8d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinitionVersion.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_Get", + "title": "Retrieve a policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..8826441d387e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_GetAtManagementGroup", + "title": "Retrieve a policy definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinition.json new file mode 100644 index 000000000000..f3fc595f5ace --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinition.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_Get", + "title": "Retrieve a policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..aa02de504bfe --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_GetAtManagementGroup", + "title": "Retrieve a policy set definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinitionVersion.json new file mode 100644 index 000000000000..ffdffa569da1 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinitionVersion.json @@ -0,0 +1,74 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_Get", + "title": "Retrieve a policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..35992ed054fb --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/getPolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_GetAtManagementGroup", + "title": "Retrieve a policy set definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllBuiltInPolicyDefinitionVersions.json new file mode 100644 index 000000000000..37c0641708e3 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllBuiltInPolicyDefinitionVersions.json @@ -0,0 +1,107 @@ +{ + "parameters": { + "api-version": "2025-11-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled", + "default" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListAllBuiltins", + "title": "List all built-in policy definition versions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllBuiltInPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..891bfa226911 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllBuiltInPolicySetDefinitionVersions.json @@ -0,0 +1,83 @@ +{ + "parameters": { + "api-version": "2025-11-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListAllBuiltins", + "title": "List all built-in policy definition versions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicyDefinitionVersions.json new file mode 100644 index 000000000000..54416a5f41ff --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicyDefinitionVersions.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListAll", + "title": "List all policy definition versions at subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicyDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..96ce3c814576 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicyDefinitionVersionsByManagementGroup.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListAllAtManagementGroup", + "title": "List all policy definition versions at management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..4891b3415cc6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicySetDefinitionVersions.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListAll", + "title": "List all policy definition versions at subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicySetDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..b653093bd662 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listAllPolicySetDefinitionVersionsByManagementGroup.json @@ -0,0 +1,125 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versoins/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListAllAtManagementGroup", + "title": "List all policy definition versions at management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicyDefinitionVersions.json new file mode 100644 index 000000000000..56d53888c34b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicyDefinitionVersions.json @@ -0,0 +1,108 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "06a78e20-9358-41c9-923c-fb736d382a12" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled", + "default" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListBuiltIn", + "title": "List built-in policy definition versions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicyDefinitions.json new file mode 100644 index 000000000000..6c8382886ff8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicyDefinitions.json @@ -0,0 +1,147 @@ +{ + "parameters": { + "api-version": "2025-11-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "06a78e20-9358-41c9-923c-fb736d382a12", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "Static", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "abeed54a-73c5-441d-8a8c-6b5e7a0c299e", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/abeed54a-73c5-441d-8a8c-6b5e7a0c299e", + "properties": { + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "metadata": { + "category": "KeyVault DataPlane" + }, + "mode": "Microsoft.KeyVault.Data", + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "description": "The number of days for a certificate to expire.", + "displayName": "Days to expire" + } + } + }, + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_ListBuiltIn", + "title": "List built-in policy definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..bcce3f1fa250 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicySetDefinitionVersions.json @@ -0,0 +1,84 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListBuiltIn", + "title": "List built-in policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicySetDefinitions.json new file mode 100644 index 000000000000..fd37be2440f2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listBuiltInPolicySetDefinitions.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2025-11-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_ListBuiltIn", + "title": "List built-in policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignments.json new file mode 100644 index 000000000000..2e15b40c408d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignments.json @@ -0,0 +1,65 @@ +{ + "operationId": "PolicyAssignments_List", + "title": "List policy assignments that apply to a subscription", + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-11-01", + "$filter": "atScope()", + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [], + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/TagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [], + "instanceId": "b6d7e8f9-a0b1-2c3d-4e5f-6a7b8c9d0e1f" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignmentsForManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignmentsForManagementGroup.json new file mode 100644 index 000000000000..056f44a2c675 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignmentsForManagementGroup.json @@ -0,0 +1,65 @@ +{ + "operationId": "PolicyAssignments_ListForManagementGroup", + "title": "List policy assignments that apply to a management group", + "parameters": { + "managementGroupId": "TestManagementGroup", + "api-version": "2025-11-01", + "$filter": "atScope()", + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [], + "instanceId": "c7e8f9a0-b1c2-3d4e-5f6a-7b8c9d0e1f2a" + } + }, + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [], + "instanceId": "d8f9a0b1-c2d3-4e5f-6a7b-8c9d0e1f2a3b" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignmentsForResource.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignmentsForResource.json new file mode 100644 index 000000000000..909f63e035d4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignmentsForResource.json @@ -0,0 +1,64 @@ +{ + "operationId": "PolicyAssignments_ListForResource", + "title": "List policy assignments that apply to a resource group", + "parameters": { + "resourceGroupName": "TestResourceGroup", + "resourceProviderNamespace": "Microsoft.Compute", + "parentResourcePath": "virtualMachines/MyTestVm", + "resourceType": "domainNames", + "resourceName": "MyTestComputer.cloudapp.net", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-11-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "VM Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/vmSkus", + "definitionVersion": "1.*.*", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [], + "instanceId": "e9a0b1c2-d3e4-5f6a-7b8c-9d0e1f2a3b4c" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [], + "instanceId": "f0b1c2d3-e4f5-6a7b-8c9d-0e1f2a3b4c5d" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignmentsForResourceGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignmentsForResourceGroup.json new file mode 100644 index 000000000000..81029f579909 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyAssignmentsForResourceGroup.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion", + "$filter": "atScope()", + "api-version": "2025-11-01", + "resourceGroupName": "TestResourceGroup", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "properties": { + "description": "Minimize the risk of accidental cost overruns", + "definitionVersion": "1.*.*", + "displayName": "Storage Cost Management", + "effectiveDefinitionVersion": "1.0.0", + "instanceId": "a1b2c3d4-e5f6-7a8b-9c0d-1e2f3a4b5c6d", + "latestDefinitionVersion": "1.0.0", + "metadata": { + "category": "Cost Management" + }, + "notScopes": [], + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" + } + }, + { + "name": "TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "properties": { + "description": "Ensure a given tag key and value are present on all resources", + "definitionVersion": "1.*.*", + "displayName": "Enforces a tag key and value", + "effectiveDefinitionVersion": "1.0.0", + "instanceId": "f0b1c2d3-e4f5-6a7b-8c9d-0e1f2a3b4c5d", + "latestDefinitionVersion": "1.0.0", + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_ListForResourceGroup", + "title": "List policy assignments that apply to a resource group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitionVersions.json new file mode 100644 index 000000000000..39b5133cd245 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitionVersions.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_List", + "title": "List policy definition versions by subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..15485cc7502c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitionVersionsByManagementGroup.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListByManagementGroup", + "title": "List policy definition versions by management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitions.json new file mode 100644 index 000000000000..1e8ed51ec7ef --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitions.json @@ -0,0 +1,145 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "AuditSoonToExpireCerts", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/AuditSoonToExpireCerts", + "properties": { + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "metadata": { + "category": "KeyVault DataPlane" + }, + "mode": "Microsoft.KeyVault.Data", + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "description": "The number of days for a certificate to expire.", + "displayName": "Days to expire" + } + } + }, + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_List", + "title": "List policy definitions by subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..23cf9a7d3fd7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicyDefinitionsByManagementGroup.json @@ -0,0 +1,108 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_ListByManagementGroup", + "title": "List policy definitions by management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..0f182f1b4145 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitionVersions.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_List", + "title": "List policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..4bd3e92b3a3e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitionVersionsByManagementGroup.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListByManagementGroup", + "title": "List policy set definitions at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitions.json new file mode 100644 index 000000000000..743b2291f56d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitions.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_List", + "title": "List policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..0e7d85cff4b2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/listPolicySetDefinitionsByManagementGroup.json @@ -0,0 +1,131 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_ListByManagementGroup", + "title": "List policy set definitions at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..84b1381e0569 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithIdentity.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus" + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with a system assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..2972193dd041 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithOverrides.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ] + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with overrides" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..251f0d0ca23a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ] + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ], + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with resource selectors" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithSelfserveExemptionSettings.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithSelfserveExemptionSettings.json new file mode 100644 index 000000000000..5c6073bc5826 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithSelfserveExemptionSettings.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "selfServeExemptionSettings": { + "enabled": true, + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ] + } + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "selfServeExemptionSettings": { + "enabled": true, + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ] + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with self-serve exemption settings" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..edc589b829d7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-11-01/updatePolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + }, + "location": "eastus" + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with a user assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/main.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/main.tsp index a77bcb30e725..eea4f36b8869 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/main.tsp +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/main.tsp @@ -45,4 +45,9 @@ enum Versions { * The 2025-03-01 API version. */ v2025_03_01: "2025-03-01", + + /** + * The 2025-11-01 API version. + */ + v2025_11_01: "2025-11-01", } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/models.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/models.tsp index d3c68971f29d..56fb780a38fd 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/models.tsp +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/models.tsp @@ -1,9 +1,11 @@ import "@typespec/rest"; +import "@typespec/versioning"; import "@typespec/http"; import "@azure-tools/typespec-azure-resource-manager"; using TypeSpec.Rest; using TypeSpec.Http; +using TypeSpec.Versioning; using Azure.ResourceManager; using Azure.ResourceManager.Foundations; @@ -82,22 +84,22 @@ union AssignmentType { string, /** - * NotSpecified + * The not specified assignment type. */ NotSpecified: "NotSpecified", /** - * System + * The system assignment type. */ System: "System", /** - * SystemHidden + * The system hidden assignment type. */ SystemHidden: "SystemHidden", /** - * Custom + * The custom assignment type. */ Custom: "Custom", } @@ -136,22 +138,22 @@ union PolicyType { string, /** - * NotSpecified + * The not specified policy definition type. */ NotSpecified: "NotSpecified", /** - * BuiltIn + * The built in policy definition type. */ BuiltIn: "BuiltIn", /** - * Custom + * The custom policy definition type. */ Custom: "Custom", /** - * Static + * The static policy definition type. */ Static: "Static", } @@ -163,37 +165,37 @@ union ParameterType { string, /** - * String + * The string parameter type. */ String: "String", /** - * Array + * The array parameter type. */ Array: "Array", /** - * Object + * The object parameter type. */ Object: "Object", /** - * Boolean + * The boolean parameter type. */ Boolean: "Boolean", /** - * Integer + * The integer parameter type. */ Integer: "Integer", /** - * Float + * The float parameter type. */ Float: "Float", /** - * DateTime + * The date-time parameter type. */ DateTime: "DateTime", } @@ -205,12 +207,12 @@ union PolicyTokenResult { string, /** - * Succeeded + * The token acquisition succeeded. */ Succeeded: "Succeeded", /** - * Failed + * The token acquisition failed. */ Failed: "Failed", } @@ -222,16 +224,48 @@ union ExternalEndpointResult { string, /** - * Succeeded + * The external endpoint succeeded. */ Succeeded: "Succeeded", /** - * Failed + * The external endpoint failed. */ Failed: "Failed", } +/** + * The effective outcome of the policy evaluation based on both the policy effect and evaluation result. Possible values are Unknown, Allow, Audit, Deny, Error. + */ +@added(Versions.v2025_11_01) +union PolicyAction { + string, + + /** + * The effective outcome of policy evaluation is unknown. + */ + Unknown: "Unknown", + + /** + * The effective outcome of policy evaluation is to allow the request. + Allow: "Allow", + + /** + * The effective outcome of policy evaluation is to audit the request. + */ + Audit: "Audit", + + /** + * The effective outcome of policy evaluation is to deny the request. + */ + Deny: "Deny", + + /** + * The policy evaluation resulted in an error. + */ + Error: "Error", +} + /** * The identity type. This is the only required field when adding a system or user assigned identity to a resource. */ @@ -346,6 +380,28 @@ model PolicyAssignmentProperties { */ @visibility(Lifecycle.Read) instanceId?: string; + + /** + * The self-serve exemption settings for the policy assignment. + */ + @added(Versions.v2025_11_01) + selfServeExemptionSettings?: SelfServeExemptionSettings; +} + +/** + * The self-serve exemption settings for a policy assignment. + */ +@added(Versions.v2025_11_01) +model SelfServeExemptionSettings { + /** + * Indicates whether self-serve exemption is enabled. + */ + enabled?: boolean; + + /** + * The policy definition reference IDs for self-serve exemption. + */ + policyDefinitionReferenceIds?: string[]; } /** @@ -509,6 +565,12 @@ model PolicyAssignmentUpdateProperties { */ @identifiers(#[]) overrides?: Override[]; + + /** + * The self-serve exemption settings for the policy assignment. + */ + @added(Versions.v2025_11_01) + selfServeExemptionSettings?: SelfServeExemptionSettings; } /** @@ -947,6 +1009,12 @@ model PolicyTokenResponse { */ result?: PolicyTokenResult; + /** + * The external evaluation request details. + */ + @added(Versions.v2025_11_01) + requestDetails?: PolicyTokenEvaluatedRequestDetails; + /** * Status message with additional details about the token acquisition operation result. */ @@ -955,7 +1023,6 @@ model PolicyTokenResponse { /** * The date and time after which the client can try to acquire a token again in the case of retry-able failures. */ - // FIXME: (utcDateTime) Please double check that this is the correct type for your scenario. retryAfter?: utcDateTime; /** @@ -983,7 +1050,6 @@ model PolicyTokenResponse { /** * The expiration of the policy token. */ - // FIXME: (utcDateTime) Please double check that this is the correct type for your scenario. expiration?: utcDateTime; } @@ -1001,6 +1067,12 @@ model ExternalEvaluationEndpointInvocationResult { */ result?: ExternalEndpointResult; + /** + * The external evaluation endpoint kind. + */ + @added(Versions.v2025_11_01) + endpointKind?: string; + /** * The status message with additional details about the invocation result. */ @@ -1009,7 +1081,6 @@ model ExternalEvaluationEndpointInvocationResult { /** * The date and time after which a failed endpoint invocation can be retried. */ - // FIXME: (utcDateTime) Please double check that this is the correct type for your scenario. retryAfter?: utcDateTime; /** @@ -1018,13 +1089,68 @@ model ExternalEvaluationEndpointInvocationResult { #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" claims?: unknown; + /** + * The effective outcome of the policy evaluation based on both the policy effect and evaluation result. Possible values are Unknown, Allow, Audit, Deny, Error. + */ + @added(Versions.v2025_11_01) + policyAction?: PolicyAction; + + /** + * The evaluation details returned by the policy evaluation engine. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + @added(Versions.v2025_11_01) + policyEvaluationDetails?: unknown; + + /** + * The endpoint specific metadata. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + @added(Versions.v2025_11_01) + additionalInfo?: unknown; + /** * The expiration of the results. */ - // FIXME: (utcDateTime) Please double check that this is the correct type for your scenario. expiration?: utcDateTime; } +/** + * The policy token evaluated request details. + */ +@added(Versions.v2025_11_01) +model PolicyTokenEvaluatedRequestDetails { + /** + * The request URI of the resource operation that is targeted by the issued token. + */ + uri: string; + + /** + * The resource Id of the resource operation that is targeted by the issued token. + */ + resourceId: string; + + /** + * The api-version of the resource operation that is targeted by the issued token. + */ + apiVersion: string; + + /** + * The authorization action of the resource operation that is targeted by the issued token. + */ + authorizationAction: string; + + /** + * The http method of the resource operation that is targeted by the issued token. + */ + httpMethod: string; + + /** + * The hashed payload of the resource operation that is targeted by the issued token. + */ + contentHash: string; +} + /** * The policy log info. */ diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/readme.md b/specification/resources/resource-manager/Microsoft.Authorization/policy/readme.md index 6e0b35f106bf..d6326b99af25 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/readme.md +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/readme.md @@ -26,7 +26,20 @@ These are the global settings for the Resource API. title: PolicyClient description: Policy Client openapi-type: arm -tag: package-policy-2025-03-stable +tag: package-policy-2025-11-stable +``` + +### Tag: package-policy-2025-11-stable + +These settings apply only when `--tag=package-policy-2025-11-stable` is specified on the command line. + +```yaml $(tag) == 'package-policy-2025-11-stable' +input-file: + - stable/2025-11-01/openapi.json + +# Needed when there is more than one input file +override-info: + title: PolicyClient ``` ### Tag: package-policy-2025-03-stable diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/openapi.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/openapi.json index 6ce8aa44bd78..6eec92efa74b 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/openapi.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/openapi.json @@ -3117,22 +3117,22 @@ { "name": "NotSpecified", "value": "NotSpecified", - "description": "NotSpecified" + "description": "The not specified assignment type." }, { "name": "System", "value": "System", - "description": "System" + "description": "The system assignment type." }, { "name": "SystemHidden", "value": "SystemHidden", - "description": "SystemHidden" + "description": "The system hidden assignment type." }, { "name": "Custom", "value": "Custom", - "description": "Custom" + "description": "The custom assignment type." } ] } @@ -3151,12 +3151,12 @@ { "name": "Succeeded", "value": "Succeeded", - "description": "Succeeded" + "description": "The external endpoint succeeded." }, { "name": "Failed", "value": "Failed", - "description": "Failed" + "description": "The external endpoint failed." } ] } @@ -3387,37 +3387,37 @@ { "name": "String", "value": "String", - "description": "String" + "description": "The string parameter type." }, { "name": "Array", "value": "Array", - "description": "Array" + "description": "The array parameter type." }, { "name": "Object", "value": "Object", - "description": "Object" + "description": "The object parameter type." }, { "name": "Boolean", "value": "Boolean", - "description": "Boolean" + "description": "The boolean parameter type." }, { "name": "Integer", "value": "Integer", - "description": "Integer" + "description": "The integer parameter type." }, { "name": "Float", "value": "Float", - "description": "Float" + "description": "The float parameter type." }, { "name": "DateTime", "value": "DateTime", - "description": "DateTime" + "description": "The date-time parameter type." } ] } @@ -4264,12 +4264,12 @@ { "name": "Succeeded", "value": "Succeeded", - "description": "Succeeded" + "description": "The token acquisition succeeded." }, { "name": "Failed", "value": "Failed", - "description": "Failed" + "description": "The token acquisition failed." } ] } @@ -4290,22 +4290,22 @@ { "name": "NotSpecified", "value": "NotSpecified", - "description": "NotSpecified" + "description": "The not specified policy definition type." }, { "name": "BuiltIn", "value": "BuiltIn", - "description": "BuiltIn" + "description": "The built in policy definition type." }, { "name": "Custom", "value": "Custom", - "description": "Custom" + "description": "The custom policy definition type." }, { "name": "Static", "value": "Static", - "description": "Static" + "description": "The static policy definition type." } ] } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/acquirePolicyToken.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/acquirePolicyToken.json new file mode 100644 index 000000000000..88114d38c59e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/acquirePolicyToken.json @@ -0,0 +1,90 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "operation": { + "httpMethod": "delete", + "uri": "https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM?api-version=2024-01-01" + } + }, + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "result": "Succeeded", + "requestDetails": { + "uri": "https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM?api-version=2024-01-01", + "resourceId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM", + "apiVersion": "2024-01-01", + "authorizationAction": "Microsoft.Compute/virtualMachines/delete", + "httpMethod": "DELETE", + "contentHash": "0000000000000000000000000000000000000000000000000000000000000000" + }, + "results": [ + { + "policyInfo": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/3f2def86", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/5ed64d02", + "policyDefinitionEffect": "denyAction" + }, + "result": "Succeeded", + "endpointKind": "CoinFlip", + "message": "Coin flip successful (success probability: '1').", + "claims": { + "date": "2025-01-01T19:30:00.00Z", + "double": 0.99, + "int": 2, + "isValid": false, + "string": "testString", + "testArray": [ + "Apple", + "Banana", + "Cherry" + ], + "testObject": { + "name": "Complex Object", + "id": 12345, + "details": { + "createdBy": "John Doe", + "createdDate": "2024-12-13T12:00:00Z", + "metadata": { + "isActive": true, + "tags": [ + "example", + "test", + "object" + ], + "version": "1.0.0" + } + } + } + }, + "policyAction": "Allow", + "policyEvaluationDetails": { + "evaluatedExpressions": [ + { + "result": "False", + "expressionKind": "Value", + "expression": "[claims().isValid]", + "expressionValue": false, + "targetValue": "True", + "operator": "Equals" + } + ] + }, + "additionalInfo": { + "successProbability": 1.0 + }, + "expiration": "2025-01-01T21:30:00.00Z" + } + ], + "token": "PT 1.ey7zmVse52pjMKPQd5m2uiNjz5UV2pZ.LPGtRiTeuCDBomEVbzj9kIaL9odEmlNv4D9VzyrQLTAyv4HHnUR7oNytWnL.AQrZ5bSGAQZzr8eySqvugzrD-ceRVL311SL3Nn6f-4c9kgPgU_u1ArXQKW25QCxMlsAuWmaE", + "tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4", + "expiration": "2025-01-01T21:30:00.00Z" + } + } + }, + "operationId": "PolicyTokens_Acquire", + "title": "Acquire a policy token" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/acquirePolicyTokenAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/acquirePolicyTokenAtManagementGroup.json new file mode 100644 index 000000000000..aed9c824e924 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/acquirePolicyTokenAtManagementGroup.json @@ -0,0 +1,90 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "parameters": { + "operation": { + "httpMethod": "delete", + "uri": "https://management.azure.com/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000?api-version=2022-04-01" + } + } + }, + "responses": { + "200": { + "body": { + "result": "Succeeded", + "requestDetails": { + "uri": "https://management.azure.com/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000?api-version=2022-04-01", + "resourceId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000", + "apiVersion": "2022-04-01", + "authorizationAction": "Microsoft.Authorization/roleAssignments/delete", + "httpMethod": "DELETE", + "contentHash": "0000000000000000000000000000000000000000000000000000000000000000" + }, + "results": [ + { + "policyInfo": { + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/3f2def86", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/5ed64d02", + "policyDefinitionEffect": "denyAction" + }, + "result": "Succeeded", + "endpointKind": "CoinFlip", + "message": "Coin flip successful (success probability: '1').", + "claims": { + "date": "2025-01-01T19:30:00.00Z", + "double": 0.99, + "int": 2, + "isValid": false, + "string": "testString", + "testArray": [ + "Apple", + "Banana", + "Cherry" + ], + "testObject": { + "name": "Complex Object", + "id": 12345, + "details": { + "createdBy": "John Doe", + "createdDate": "2024-12-13T12:00:00Z", + "metadata": { + "isActive": true, + "tags": [ + "example", + "test", + "object" + ], + "version": "1.0.0" + } + } + } + }, + "policyAction": "Allow", + "policyEvaluationDetails": { + "evaluatedExpressions": [ + { + "result": "False", + "expressionKind": "Value", + "expression": "[claims().isValid]", + "expressionValue": false, + "targetValue": "True", + "operator": "Equals" + } + ] + }, + "additionalInfo": { + "successProbability": 1.0 + }, + "expiration": "2025-01-01T21:30:00.00Z" + } + ], + "token": "PT 1.ey7zmVse52pjMKPQd5m2uiNjz5UV2pZ.LPGtRiTeuCDBomEVbzj9kIaL9odEmlNv4D9VzyrQLTAyv4HHnUR7oNytWnL.AQrZ5bSGAQZzr8eySqvugzrD-ceRVL311SL3Nn6f-4c9kgPgU_u1ArXQKW25QCxMlsAuWmaE", + "tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4", + "expiration": "2025-01-01T21:30:00.00Z" + } + } + }, + "operationId": "PolicyTokens_AcquireAtManagementGroup", + "title": "Acquire a policy token at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinition.json new file mode 100644 index 000000000000..70982de1ffdc --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinition.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + } + } + }, + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json new file mode 100644 index 000000000000..690ead21e015 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json @@ -0,0 +1,124 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "displayName": "Event Hubs should have diagnostic logging enabled", + "metadata": { + "category": "Event Hub" + }, + "mode": "Indexed", + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "defaultValue": 365, + "metadata": { + "description": "The required diagnostic logs retention in days", + "displayName": "Required retention (days)" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.EventHub/namespaces", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "true", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled" + }, + { + "equals": "[parameters('requiredRetentionDays')]", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days" + } + ] + } + } + } + } + } + }, + "policyDefinitionName": "EventHubDiagnosticLogs", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "displayName": "Event Hubs should have diagnostic logging enabled", + "metadata": { + "category": "Event Hub" + }, + "mode": "Indexed", + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "defaultValue": 365, + "metadata": { + "description": "The required diagnostic logs retention in days", + "displayName": "Required retention (days)" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.EventHub/namespaces", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "true", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled" + }, + { + "equals": "[parameters('requiredRetentionDays')]", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days" + } + ] + } + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition with advanced parameters" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..8f9d21a8da10 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + } + } + }, + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "201": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json new file mode 100644 index 000000000000..c32e63bc10cd --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json @@ -0,0 +1,109 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Randomly disable VM allocation in eastus by having policy rule reference the outcome of invoking an external endpoint using the CoinFlip endpoint that returns random values.", + "displayName": "Randomize VM Allocation", + "externalEvaluationEnforcementSettings": { + "endpointSettings": { + "kind": "CoinFlip", + "details": { + "successProbability": 0.5 + } + }, + "missingTokenAction": "audit", + "roleDefinitionIds": [ + "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" + ] + }, + "metadata": { + "category": "VM" + }, + "mode": "Indexed", + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" + }, + { + "equals": "eastus", + "field": "location" + }, + { + "equals": "false", + "value": "[claims().isValid]" + } + ] + }, + "then": { + "effect": "deny" + } + } + } + }, + "policyDefinitionName": "RandomizeVMAllocation", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "RandomizeVMAllocation", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/RandomizeVMAllocation", + "properties": { + "description": "Randomly disable VM allocation in eastus by having policy rule reference the outcome of invoking an external endpoint using the CoinFlip endpoint that returns random values.", + "displayName": "Randomize VM Allocation", + "externalEvaluationEnforcementSettings": { + "endpointSettings": { + "kind": "CoinFlip", + "details": { + "successProbability": 0.5 + } + }, + "missingTokenAction": "audit", + "roleDefinitionIds": [ + "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" + ] + }, + "metadata": { + "category": "VM" + }, + "mode": "Indexed", + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" + }, + { + "equals": "eastus", + "field": "location" + }, + { + "equals": "false", + "value": "[claims().isValid]" + } + ] + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition with external evaluation enforcement settings" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionVersion.json new file mode 100644 index 000000000000..5469292f896d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionVersion.json @@ -0,0 +1,140 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "version": "1.2.1" + } + }, + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_CreateOrUpdate", + "title": "Create or update a policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..593bf06727f6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,140 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "version": "1.2.1" + } + }, + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinition.json new file mode 100644 index 000000000000..51df1450f7f1 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinition.json @@ -0,0 +1,162 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "title": "Create or update a policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..6f88bfea24db --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,137 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionVersion.json new file mode 100644 index 000000000000..d7e5f24bae18 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionVersion.json @@ -0,0 +1,163 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_CreateOrUpdate", + "title": "Create or update a policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..5384d3a6bbe5 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,135 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json new file mode 100644 index 000000000000..10820f3cefae --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json @@ -0,0 +1,198 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "title": "Create or update a policy set definition with groups" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json new file mode 100644 index 000000000000..d4568f34b58c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json @@ -0,0 +1,196 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition with groups at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignment.json new file mode 100644 index 000000000000..0836034d23cc --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignment.json @@ -0,0 +1,68 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "metadata": { + "assignedBy": "Special Someone" + }, + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ], + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentNonComplianceMessages.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentNonComplianceMessages.json new file mode 100644 index 000000000000..fdf25115b683 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentNonComplianceMessages.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "displayName": "Enforce security policies", + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative" + } + }, + "policyAssignmentName": "securityInitAssignment", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "securityInitAssignment", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment", + "properties": { + "definitionVersion": "1.*.*", + "displayName": "Enforce security policies", + "enforcementMode": "Default", + "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c", + "metadata": { + "assignedBy": "User 1" + }, + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ], + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with multiple non-compliance messages" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithEnrollEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithEnrollEnforcement.json new file mode 100644 index 000000000000..ad306d4370d0 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithEnrollEnforcement.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Enroll", + "metadata": { + "assignedBy": "Special Someone" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNamingEnroll", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNamingEnroll", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNamingEnroll", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Enroll", + "instanceId": "f2b3c4d5-e6f7-8a9b-0c1d-2e3f4a5b6c7d", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment to enforce policy effect only on enrolled resources during resource creation or update." +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..b41f8579133d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithIdentity.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "metadata": { + "assignedBy": "Foo Bar" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with a system assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..37e5096762b2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithOverrides.json @@ -0,0 +1,86 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + }, + { + "kind": "definitionVersion", + "selectors": [ + { + "in": [ + "eastUSEuap", + "centralUSEuap" + ], + "kind": "resourceLocation" + } + ], + "value": "2.*.*" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement" + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with overrides" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..ca5928095f81 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,70 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Limit the resource location and resource SKU", + "displayName": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ] + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ], + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with resource selectors" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithSelfserveExemptionSettings.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithSelfserveExemptionSettings.json new file mode 100644 index 000000000000..4b892d70b68e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithSelfserveExemptionSettings.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "location": "eastus", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "metadata": { + "assignedBy": "Foo Bar" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "selfServeExemptionSettings": { + "enabled": true, + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ] + } + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "location": "eastus", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Foo Bar" + }, + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "selfServeExemptionSettings": { + "enabled": true, + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ] + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with self-serve exemption settings" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..93016816abb5 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "metadata": { + "assignedBy": "Foo Bar" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with a user assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithoutEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithoutEnforcement.json new file mode 100644 index 000000000000..cc68426d29d6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/createPolicyAssignmentWithoutEnforcement.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "DoNotEnforce", + "metadata": { + "assignedBy": "Special Someone" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "DoNotEnforce", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment without enforcing policy effect during resource creation or update." +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyAssignment.json new file mode 100644 index 000000000000..1541a4797638 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyAssignment.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyAssignments_Delete", + "title": "Delete a policy assignment" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinition.json new file mode 100644 index 000000000000..97d68b1c5184 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinition.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitions_Delete", + "title": "Delete a policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..49503644bb67 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitions_DeleteAtManagementGroup", + "title": "Delete a policy definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinitionVersion.json new file mode 100644 index 000000000000..499086a7dbf9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinitionVersion.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_Delete", + "title": "Delete a policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..01a01281f91c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_DeleteAtManagementGroup", + "title": "Delete a policy definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinition.json new file mode 100644 index 000000000000..1a02f359d1ca --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinition.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_Delete", + "title": "Delete a policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..37860ad56bf6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_DeleteAtManagementGroup", + "title": "Delete a policy set definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinitionVersion.json new file mode 100644 index 000000000000..560097117d57 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinitionVersion.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_Delete", + "title": "Delete a policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..a4a5ae9af753 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_DeleteAtManagementGroup", + "title": "Delete a policy set definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltInPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltInPolicySetDefinition.json new file mode 100644 index 000000000000..dc84f951f9d9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltInPolicySetDefinition.json @@ -0,0 +1,84 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_GetBuiltIn", + "title": "Retrieve a built-in policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltInPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltInPolicySetDefinitionVersion.json new file mode 100644 index 000000000000..9dc7340e78ff --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltInPolicySetDefinitionVersion.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_GetBuiltIn", + "title": "Retrieve a built-in policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltinPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltinPolicyDefinition.json new file mode 100644 index 000000000000..0d994a3758c5 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltinPolicyDefinition.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_GetBuiltIn", + "title": "Retrieve a built-in policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltinPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltinPolicyDefinitionVersion.json new file mode 100644 index 000000000000..6655712797da --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getBuiltinPolicyDefinitionVersion.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1/versions/1.2.1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_GetBuiltIn", + "title": "Retrieve a built-in policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignment.json new file mode 100644 index 000000000000..77402df0de20 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignment.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..af56c0f1d697 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithIdentity.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with a system assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..fa593172e81a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithOverrides.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "d2f3a4b5-c6d7-8e9f-0a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with overrides" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..c6248a0ad95e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ], + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with resource selectors" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..4616f32721ca --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "westus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with a user assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinition.json new file mode 100644 index 000000000000..24f4adcbb230 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinition.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_Get", + "title": "Retrieve a policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..3d78c492ff1e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinitionAtManagementGroup.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "200": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_GetAtManagementGroup", + "title": "Retrieve a policy definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinitionVersion.json new file mode 100644 index 000000000000..9713319b0e8d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinitionVersion.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_Get", + "title": "Retrieve a policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..8826441d387e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_GetAtManagementGroup", + "title": "Retrieve a policy definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinition.json new file mode 100644 index 000000000000..f3fc595f5ace --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinition.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_Get", + "title": "Retrieve a policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..aa02de504bfe --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_GetAtManagementGroup", + "title": "Retrieve a policy set definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinitionVersion.json new file mode 100644 index 000000000000..ffdffa569da1 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinitionVersion.json @@ -0,0 +1,74 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_Get", + "title": "Retrieve a policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..35992ed054fb --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_GetAtManagementGroup", + "title": "Retrieve a policy set definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllBuiltInPolicyDefinitionVersions.json new file mode 100644 index 000000000000..37c0641708e3 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllBuiltInPolicyDefinitionVersions.json @@ -0,0 +1,107 @@ +{ + "parameters": { + "api-version": "2025-11-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled", + "default" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListAllBuiltins", + "title": "List all built-in policy definition versions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllBuiltInPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..891bfa226911 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllBuiltInPolicySetDefinitionVersions.json @@ -0,0 +1,83 @@ +{ + "parameters": { + "api-version": "2025-11-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListAllBuiltins", + "title": "List all built-in policy definition versions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicyDefinitionVersions.json new file mode 100644 index 000000000000..54416a5f41ff --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicyDefinitionVersions.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListAll", + "title": "List all policy definition versions at subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..96ce3c814576 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListAllAtManagementGroup", + "title": "List all policy definition versions at management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..4891b3415cc6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicySetDefinitionVersions.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListAll", + "title": "List all policy definition versions at subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..b653093bd662 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json @@ -0,0 +1,125 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versoins/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListAllAtManagementGroup", + "title": "List all policy definition versions at management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicyDefinitionVersions.json new file mode 100644 index 000000000000..56d53888c34b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicyDefinitionVersions.json @@ -0,0 +1,108 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "06a78e20-9358-41c9-923c-fb736d382a12" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled", + "default" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListBuiltIn", + "title": "List built-in policy definition versions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicyDefinitions.json new file mode 100644 index 000000000000..6c8382886ff8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicyDefinitions.json @@ -0,0 +1,147 @@ +{ + "parameters": { + "api-version": "2025-11-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "06a78e20-9358-41c9-923c-fb736d382a12", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "Static", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "abeed54a-73c5-441d-8a8c-6b5e7a0c299e", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/abeed54a-73c5-441d-8a8c-6b5e7a0c299e", + "properties": { + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "metadata": { + "category": "KeyVault DataPlane" + }, + "mode": "Microsoft.KeyVault.Data", + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "description": "The number of days for a certificate to expire.", + "displayName": "Days to expire" + } + } + }, + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_ListBuiltIn", + "title": "List built-in policy definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..bcce3f1fa250 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicySetDefinitionVersions.json @@ -0,0 +1,84 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListBuiltIn", + "title": "List built-in policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicySetDefinitions.json new file mode 100644 index 000000000000..fd37be2440f2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listBuiltInPolicySetDefinitions.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2025-11-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_ListBuiltIn", + "title": "List built-in policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignments.json new file mode 100644 index 000000000000..2e15b40c408d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignments.json @@ -0,0 +1,65 @@ +{ + "operationId": "PolicyAssignments_List", + "title": "List policy assignments that apply to a subscription", + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-11-01", + "$filter": "atScope()", + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [], + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/TagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [], + "instanceId": "b6d7e8f9-a0b1-2c3d-4e5f-6a7b8c9d0e1f" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignmentsForManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignmentsForManagementGroup.json new file mode 100644 index 000000000000..056f44a2c675 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignmentsForManagementGroup.json @@ -0,0 +1,65 @@ +{ + "operationId": "PolicyAssignments_ListForManagementGroup", + "title": "List policy assignments that apply to a management group", + "parameters": { + "managementGroupId": "TestManagementGroup", + "api-version": "2025-11-01", + "$filter": "atScope()", + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [], + "instanceId": "c7e8f9a0-b1c2-3d4e-5f6a-7b8c9d0e1f2a" + } + }, + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [], + "instanceId": "d8f9a0b1-c2d3-4e5f-6a7b-8c9d0e1f2a3b" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignmentsForResource.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignmentsForResource.json new file mode 100644 index 000000000000..909f63e035d4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignmentsForResource.json @@ -0,0 +1,64 @@ +{ + "operationId": "PolicyAssignments_ListForResource", + "title": "List policy assignments that apply to a resource group", + "parameters": { + "resourceGroupName": "TestResourceGroup", + "resourceProviderNamespace": "Microsoft.Compute", + "parentResourcePath": "virtualMachines/MyTestVm", + "resourceType": "domainNames", + "resourceName": "MyTestComputer.cloudapp.net", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-11-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "VM Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/vmSkus", + "definitionVersion": "1.*.*", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [], + "instanceId": "e9a0b1c2-d3e4-5f6a-7b8c-9d0e1f2a3b4c" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [], + "instanceId": "f0b1c2d3-e4f5-6a7b-8c9d-0e1f2a3b4c5d" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignmentsForResourceGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignmentsForResourceGroup.json new file mode 100644 index 000000000000..81029f579909 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyAssignmentsForResourceGroup.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion", + "$filter": "atScope()", + "api-version": "2025-11-01", + "resourceGroupName": "TestResourceGroup", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "properties": { + "description": "Minimize the risk of accidental cost overruns", + "definitionVersion": "1.*.*", + "displayName": "Storage Cost Management", + "effectiveDefinitionVersion": "1.0.0", + "instanceId": "a1b2c3d4-e5f6-7a8b-9c0d-1e2f3a4b5c6d", + "latestDefinitionVersion": "1.0.0", + "metadata": { + "category": "Cost Management" + }, + "notScopes": [], + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" + } + }, + { + "name": "TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "properties": { + "description": "Ensure a given tag key and value are present on all resources", + "definitionVersion": "1.*.*", + "displayName": "Enforces a tag key and value", + "effectiveDefinitionVersion": "1.0.0", + "instanceId": "f0b1c2d3-e4f5-6a7b-8c9d-0e1f2a3b4c5d", + "latestDefinitionVersion": "1.0.0", + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_ListForResourceGroup", + "title": "List policy assignments that apply to a resource group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitionVersions.json new file mode 100644 index 000000000000..39b5133cd245 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitionVersions.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_List", + "title": "List policy definition versions by subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..15485cc7502c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitionVersionsByManagementGroup.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListByManagementGroup", + "title": "List policy definition versions by management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitions.json new file mode 100644 index 000000000000..1e8ed51ec7ef --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitions.json @@ -0,0 +1,145 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "AuditSoonToExpireCerts", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/AuditSoonToExpireCerts", + "properties": { + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "metadata": { + "category": "KeyVault DataPlane" + }, + "mode": "Microsoft.KeyVault.Data", + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "description": "The number of days for a certificate to expire.", + "displayName": "Days to expire" + } + } + }, + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_List", + "title": "List policy definitions by subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..23cf9a7d3fd7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicyDefinitionsByManagementGroup.json @@ -0,0 +1,108 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_ListByManagementGroup", + "title": "List policy definitions by management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..0f182f1b4145 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitionVersions.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_List", + "title": "List policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..4bd3e92b3a3e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupName": "MyManagementGroup", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListByManagementGroup", + "title": "List policy set definitions at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitions.json new file mode 100644 index 000000000000..743b2291f56d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitions.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_List", + "title": "List policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..0e7d85cff4b2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/listPolicySetDefinitionsByManagementGroup.json @@ -0,0 +1,131 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "managementGroupId": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_ListByManagementGroup", + "title": "List policy set definitions at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..84b1381e0569 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithIdentity.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus" + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with a system assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..2972193dd041 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithOverrides.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ] + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with overrides" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..251f0d0ca23a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ] + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ], + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with resource selectors" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithSelfserveExemptionSettings.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithSelfserveExemptionSettings.json new file mode 100644 index 000000000000..5c6073bc5826 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithSelfserveExemptionSettings.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "properties": { + "selfServeExemptionSettings": { + "enabled": true, + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ] + } + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "selfServeExemptionSettings": { + "enabled": true, + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ] + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with self-serve exemption settings" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..edc589b829d7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-11-01", + "parameters": { + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + }, + "location": "eastus" + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with a user assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/openapi.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/openapi.json new file mode 100644 index 000000000000..811859f36169 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-11-01/openapi.json @@ -0,0 +1,4561 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2025-11-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope.", + "x-typespec-generated": [ + { + "emitter": "@azure-tools/typespec-autorest" + } + ] + }, + "schemes": [ + "https" + ], + "host": "management.azure.com", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "description": "Azure Active Directory OAuth2 Flow.", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "tags": [ + { + "name": "PolicyAssignments" + }, + { + "name": "PolicyDefinitions" + }, + { + "name": "PolicyDefinitionVersions" + }, + { + "name": "PolicySetDefinitions" + }, + { + "name": "PolicySetDefinitionVersions" + } + ], + "paths": { + "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}": { + "get": { + "operationId": "PolicyAssignments_Get", + "tags": [ + "PolicyAssignments" + ], + "description": "This operation retrieves a single policy assignment, given its name and the scope it was created at.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "scope", + "in": "path", + "description": "The fully qualified Azure Resource manager identifier of the resource.", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "description": "The name of the policy assignment to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy assignment": { + "$ref": "./examples/getPolicyAssignment.json" + }, + "Retrieve a policy assignment with a system assigned identity": { + "$ref": "./examples/getPolicyAssignmentWithIdentity.json" + }, + "Retrieve a policy assignment with a user assigned identity": { + "$ref": "./examples/getPolicyAssignmentWithUserAssignedIdentity.json" + }, + "Retrieve a policy assignment with overrides": { + "$ref": "./examples/getPolicyAssignmentWithOverrides.json" + }, + "Retrieve a policy assignment with resource selectors": { + "$ref": "./examples/getPolicyAssignmentWithResourceSelectors.json" + } + } + }, + "put": { + "operationId": "PolicyAssignments_Create", + "tags": [ + "PolicyAssignments" + ], + "description": "This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "scope", + "in": "path", + "description": "The fully qualified Azure Resource manager identifier of the resource.", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "description": "The name of the policy assignment to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "Parameters for the policy assignment.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + } + ], + "responses": { + "201": { + "description": "Resource 'PolicyAssignment' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy assignment": { + "$ref": "./examples/createPolicyAssignment.json" + }, + "Create or update a policy assignment to enforce policy effect only on enrolled resources during resource creation or update.": { + "$ref": "./examples/createPolicyAssignmentWithEnrollEnforcement.json" + }, + "Create or update a policy assignment with a system assigned identity": { + "$ref": "./examples/createPolicyAssignmentWithIdentity.json" + }, + "Create or update a policy assignment with a user assigned identity": { + "$ref": "./examples/createPolicyAssignmentWithUserAssignedIdentity.json" + }, + "Create or update a policy assignment with multiple non-compliance messages": { + "$ref": "./examples/createPolicyAssignmentNonComplianceMessages.json" + }, + "Create or update a policy assignment with overrides": { + "$ref": "./examples/createPolicyAssignmentWithOverrides.json" + }, + "Create or update a policy assignment with resource selectors": { + "$ref": "./examples/createPolicyAssignmentWithResourceSelectors.json" + }, + "Create or update a policy assignment with self-serve exemption settings": { + "$ref": "./examples/createPolicyAssignmentWithSelfserveExemptionSettings.json" + }, + "Create or update a policy assignment without enforcing policy effect during resource creation or update.": { + "$ref": "./examples/createPolicyAssignmentWithoutEnforcement.json" + } + } + }, + "patch": { + "operationId": "PolicyAssignments_Update", + "tags": [ + "PolicyAssignments" + ], + "description": "This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "scope", + "in": "path", + "description": "The fully qualified Azure Resource manager identifier of the resource.", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "description": "The name of the policy assignment to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "Parameters for policy assignment patch request.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignmentUpdate" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Update a policy assignment with a system assigned identity": { + "$ref": "./examples/updatePolicyAssignmentWithIdentity.json" + }, + "Update a policy assignment with a user assigned identity": { + "$ref": "./examples/updatePolicyAssignmentWithUserAssignedIdentity.json" + }, + "Update a policy assignment with overrides": { + "$ref": "./examples/updatePolicyAssignmentWithOverrides.json" + }, + "Update a policy assignment with resource selectors": { + "$ref": "./examples/updatePolicyAssignmentWithResourceSelectors.json" + }, + "Update a policy assignment with self-serve exemption settings": { + "$ref": "./examples/updatePolicyAssignmentWithSelfserveExemptionSettings.json" + } + } + }, + "delete": { + "operationId": "PolicyAssignments_Delete", + "tags": [ + "PolicyAssignments" + ], + "description": "This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "scope", + "in": "path", + "description": "The fully qualified Azure Resource manager identifier of the resource.", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "description": "The name of the policy assignment to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy assignment": { + "$ref": "./examples/deletePolicyAssignment.json" + } + } + } + }, + "/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "operationId": "PolicyDefinitionVersions_ListAllBuiltins", + "summary": "Lists all built-in policy definition versions.", + "description": "This operation lists all the built-in policy definition versions for all built-in policy definitions.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all built-in policy definition versions": { + "$ref": "./examples/listAllBuiltInPolicyDefinitionVersions.json" + } + } + } + }, + "/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "operationId": "PolicySetDefinitionVersions_ListAllBuiltins", + "summary": "Lists all built-in policy set definition versions.", + "description": "This operation lists all the built-in policy set definition versions for all built-in policy set definitions.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all built-in policy definition versions": { + "$ref": "./examples/listAllBuiltInPolicySetDefinitionVersions.json" + } + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "operationId": "PolicyDefinitions_ListBuiltIn", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves a list of all the built-in policy definitions that match the optional given $filter. If $filter='policyType -eq {value}' is provided, the returned list only includes all built-in policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List built-in policy definitions": { + "$ref": "./examples/listBuiltInPolicyDefinitions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "get": { + "operationId": "PolicyDefinitions_GetBuiltIn", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves the built-in policy definition with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the built-in policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a built-in policy definition": { + "$ref": "./examples/getBuiltinPolicyDefinition.json" + } + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "operationId": "PolicyDefinitionVersions_ListBuiltIn", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves a list of all the built-in policy definition versions for the given policy definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List built-in policy definition versions": { + "$ref": "./examples/listBuiltInPolicyDefinitionVersions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicyDefinitionVersions_GetBuiltIn", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves the built-in policy definition version with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a built-in policy definition version": { + "$ref": "./examples/getBuiltinPolicyDefinitionVersion.json" + } + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "operationId": "PolicySetDefinitions_ListBuiltIn", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves a list of all the built-in policy set definitions that match the optional given $filter. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy set definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List built-in policy set definitions": { + "$ref": "./examples/listBuiltInPolicySetDefinitions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "get": { + "operationId": "PolicySetDefinitions_GetBuiltIn", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves the built-in policy set definition with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a built-in policy set definition": { + "$ref": "./examples/getBuiltInPolicySetDefinition.json" + } + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "operationId": "PolicySetDefinitionVersions_ListBuiltIn", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves a list of all the built-in policy set definition versions for the given built-in policy set definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List built-in policy set definitions": { + "$ref": "./examples/listBuiltInPolicySetDefinitionVersions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicySetDefinitionVersions_GetBuiltIn", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves the built-in policy set definition version with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a built-in policy set definition version": { + "$ref": "./examples/getBuiltInPolicySetDefinitionVersion.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/acquirePolicyToken": { + "post": { + "operationId": "PolicyTokens_AcquireAtManagementGroup", + "summary": "Acquires a policy token at management group level.", + "description": "This operation acquires a policy token in the given management group for the given request body.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy token properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyTokenRequest" + } + } + ], + "responses": { + "200": { + "description": "The request has succeeded.", + "schema": { + "$ref": "#/definitions/PolicyTokenResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Acquire a policy token at management group level": { + "$ref": "./examples/acquirePolicyTokenAtManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "operationId": "PolicyDefinitionVersions_ListAllAtManagementGroup", + "summary": "Lists all policy definition versions at management group scope.", + "description": "This operation lists all the policy definition versions for all policy definitions at the management group scope.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all policy definition versions at management group": { + "$ref": "./examples/listAllPolicyDefinitionVersionsByManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "operationId": "PolicySetDefinitionVersions_ListAllAtManagementGroup", + "summary": "Lists all policy set definition versions at management group scope.", + "description": "This operation lists all the policy set definition versions for all policy set definitions at the management group scope.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all policy definition versions at management group": { + "$ref": "./examples/listAllPolicySetDefinitionVersionsByManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "operationId": "PolicyAssignments_ListForManagementGroup", + "tags": [ + "PolicyAssignments" + ], + "summary": "Retrieves all policy assignments that apply to a management group.", + "description": "This operation retrieves the list of all policy assignments applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter=atScope() is provided, the returned list includes all policy assignments that are assigned to the management group or the management group's ancestors. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the management group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the management group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The management group ID.", + "required": true, + "type": "string", + "minLength": 1 + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy assignments that apply to a management group": { + "$ref": "./examples/listPolicyAssignmentsForManagementGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "operationId": "PolicyDefinitions_ListByManagementGroup", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves a list of all the policy definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy definitions by management group": { + "$ref": "./examples/listPolicyDefinitionsByManagementGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "get": { + "operationId": "PolicyDefinitions_GetAtManagementGroup", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves the policy definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy definition at management group level": { + "$ref": "./examples/getPolicyDefinitionAtManagementGroup.json" + } + } + }, + "put": { + "operationId": "PolicyDefinitions_CreateOrUpdateAtManagementGroup", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation creates or updates a policy definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + } + ], + "responses": { + "201": { + "description": "Resource 'PolicyDefinition' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy definition at management group level": { + "$ref": "./examples/createOrUpdatePolicyDefinitionAtManagementGroup.json" + } + } + }, + "delete": { + "operationId": "PolicyDefinitions_DeleteAtManagementGroup", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation deletes the policy definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy definition at management group level": { + "$ref": "./examples/deletePolicyDefinitionAtManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "operationId": "PolicyDefinitionVersions_ListByManagementGroup", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves a list of all the policy definition versions for the given policy definition in the given management group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy definition versions by management group": { + "$ref": "./examples/listPolicyDefinitionVersionsByManagementGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicyDefinitionVersions_GetAtManagementGroup", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves the policy definition version in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy definition version at management group level": { + "$ref": "./examples/getPolicyDefinitionVersionAtManagementGroup.json" + } + } + }, + "put": { + "operationId": "PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation creates or updates a policy definition version in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicyDefinitionVersion' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "201": { + "description": "Resource 'PolicyDefinitionVersion' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy definition version at management group level": { + "$ref": "./examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json" + } + } + }, + "delete": { + "operationId": "PolicyDefinitionVersions_DeleteAtManagementGroup", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation deletes the policy definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy definition version at management group level": { + "$ref": "./examples/deletePolicyDefinitionVersionAtManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "operationId": "PolicySetDefinitions_ListByManagementGroup", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves a list of all the policy set definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy set definitions at management group level": { + "$ref": "./examples/listPolicySetDefinitionsByManagementGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "get": { + "operationId": "PolicySetDefinitions_GetAtManagementGroup", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves the policy set definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy set definition at management group level": { + "$ref": "./examples/getPolicySetDefinitionAtManagementGroup.json" + } + } + }, + "put": { + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation creates or updates a policy set definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy set definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicySetDefinition' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "201": { + "description": "Resource 'PolicySetDefinition' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy set definition at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json" + }, + "Create or update a policy set definition with groups at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json" + } + } + }, + "delete": { + "operationId": "PolicySetDefinitions_DeleteAtManagementGroup", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation deletes the policy set definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy set definition at management group level": { + "$ref": "./examples/deletePolicySetDefinitionAtManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "operationId": "PolicySetDefinitionVersions_ListByManagementGroup", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves a list of all the policy set definition versions for the given policy set definition in a given management group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy set definitions at management group level": { + "$ref": "./examples/listPolicySetDefinitionVersionsByManagementGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicySetDefinitionVersions_GetAtManagementGroup", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves the policy set definition version in the given management group with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy set definition version at management group level": { + "$ref": "./examples/getPolicySetDefinitionVersionAtManagementGroup.json" + } + } + }, + "put": { + "operationId": "PolicySetDefinitionVersions_CreateOrUpdateAtManagementGroup", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation creates or updates a policy set definition version in the given management group with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy set definition version properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicySetDefinitionVersion' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "201": { + "description": "Resource 'PolicySetDefinitionVersion' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy set definition version at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json" + } + } + }, + "delete": { + "operationId": "PolicySetDefinitionVersions_DeleteAtManagementGroup", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation deletes the policy set definition version in the given management group with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy set definition version at management group level": { + "$ref": "./examples/deletePolicySetDefinitionVersionAtManagementGroup.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/acquirePolicyToken": { + "post": { + "operationId": "PolicyTokens_Acquire", + "summary": "Acquires a policy token.", + "description": "This operation acquires a policy token in the given subscription for the given request body.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "The request body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyTokenRequest" + } + } + ], + "responses": { + "200": { + "description": "The request has succeeded.", + "schema": { + "$ref": "#/definitions/PolicyTokenResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Acquire a policy token": { + "$ref": "./examples/acquirePolicyToken.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "operationId": "PolicyDefinitionVersions_ListAll", + "summary": "Lists all policy definition versions within a subscription.", + "description": "This operation lists all the policy definition versions for all policy definitions within a subscription.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all policy definition versions at subscription": { + "$ref": "./examples/listAllPolicyDefinitionVersions.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "operationId": "PolicySetDefinitionVersions_ListAll", + "summary": "Lists all policy set definition versions within a subscription.", + "description": "This operation lists all the policy set definition versions for all policy set definitions within a subscription.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all policy definition versions at subscription": { + "$ref": "./examples/listAllPolicySetDefinitionVersions.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "operationId": "PolicyAssignments_List", + "tags": [ + "PolicyAssignments" + ], + "summary": "Retrieves all policy assignments that apply to a subscription.", + "description": "This operation retrieves the list of all policy assignments associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the subscription, which is everything in the unfiltered list except those applied to objects contained within the subscription. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the subscription. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy assignments that apply to a subscription": { + "$ref": "./examples/listPolicyAssignments.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "operationId": "PolicyDefinitions_List", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves a list of all the policy definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy definitions by subscription": { + "$ref": "./examples/listPolicyDefinitions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "get": { + "operationId": "PolicyDefinitions_Get", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves the policy definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy definition": { + "$ref": "./examples/getPolicyDefinition.json" + } + } + }, + "put": { + "operationId": "PolicyDefinitions_CreateOrUpdate", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation creates or updates a policy definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + } + ], + "responses": { + "201": { + "description": "Resource 'PolicyDefinition' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy definition": { + "$ref": "./examples/createOrUpdatePolicyDefinition.json" + }, + "Create or update a policy definition with advanced parameters": { + "$ref": "./examples/createOrUpdatePolicyDefinitionAdvancedParams.json" + }, + "Create or update a policy definition with external evaluation enforcement settings": { + "$ref": "./examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json" + } + } + }, + "delete": { + "operationId": "PolicyDefinitions_Delete", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation deletes the policy definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy definition": { + "$ref": "./examples/deletePolicyDefinition.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "operationId": "PolicyDefinitionVersions_List", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves a list of all the policy definition versions for the given policy definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy definition versions by subscription": { + "$ref": "./examples/listPolicyDefinitionVersions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicyDefinitionVersions_Get", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves the policy definition version in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy definition version": { + "$ref": "./examples/getPolicyDefinitionVersion.json" + } + } + }, + "put": { + "operationId": "PolicyDefinitionVersions_CreateOrUpdate", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation creates or updates a policy definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicyDefinitionVersion' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "201": { + "description": "Resource 'PolicyDefinitionVersion' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy definition version": { + "$ref": "./examples/createOrUpdatePolicyDefinitionVersion.json" + } + } + }, + "delete": { + "operationId": "PolicyDefinitionVersions_Delete", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation deletes the policy definition version in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy definition version": { + "$ref": "./examples/deletePolicyDefinitionVersion.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "operationId": "PolicySetDefinitions_List", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves a list of all the policy set definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy set definitions": { + "$ref": "./examples/listPolicySetDefinitions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "get": { + "operationId": "PolicySetDefinitions_Get", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves the policy set definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy set definition": { + "$ref": "./examples/getPolicySetDefinition.json" + } + } + }, + "put": { + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation creates or updates a policy set definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy set definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicySetDefinition' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "201": { + "description": "Resource 'PolicySetDefinition' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy set definition": { + "$ref": "./examples/createOrUpdatePolicySetDefinition.json" + }, + "Create or update a policy set definition with groups": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionWithGroups.json" + } + } + }, + "delete": { + "operationId": "PolicySetDefinitions_Delete", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation deletes the policy set definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy set definition": { + "$ref": "./examples/deletePolicySetDefinition.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "operationId": "PolicySetDefinitionVersions_List", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves a list of all the policy set definition versions for the given policy set definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy set definitions": { + "$ref": "./examples/listPolicySetDefinitionVersions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicySetDefinitionVersions_Get", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves the policy set definition version in the given subscription with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy set definition version": { + "$ref": "./examples/getPolicySetDefinitionVersion.json" + } + } + }, + "put": { + "operationId": "PolicySetDefinitionVersions_CreateOrUpdate", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation creates or updates a policy set definition version in the given subscription with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy set definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicySetDefinitionVersion' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "201": { + "description": "Resource 'PolicySetDefinitionVersion' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy set definition version": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionVersion.json" + } + } + }, + "delete": { + "operationId": "PolicySetDefinitionVersions_Delete", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation deletes the policy set definition version in the given subscription with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy set definition version": { + "$ref": "./examples/deletePolicySetDefinitionVersion.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "operationId": "PolicyAssignments_ListForResource", + "tags": [ + "PolicyAssignments" + ], + "summary": "Retrieves all policy assignments that apply to a resource.", + "description": "This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource level. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "resourceProviderNamespace", + "in": "path", + "description": "The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)", + "required": true, + "type": "string" + }, + { + "name": "parentResourcePath", + "in": "path", + "description": "The parent resource path. Use empty string if there is none.", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceType", + "in": "path", + "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceName", + "in": "path", + "description": "The name of the resource.", + "required": true, + "type": "string", + "pattern": "^.+$" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy assignments that apply to a resource group": { + "$ref": "./examples/listPolicyAssignmentsForResource.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "operationId": "PolicyAssignments_ListForResourceGroup", + "tags": [ + "PolicyAssignments" + ], + "description": "This operation retrieves the list of all policy assignments associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource group, which is everything in the unfiltered list except those applied to resources contained within the resource group. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy assignments that apply to a resource group": { + "$ref": "./examples/listPolicyAssignmentsForResourceGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "AssignmentType": { + "type": "string", + "description": "The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable.", + "enum": [ + "NotSpecified", + "System", + "SystemHidden", + "Custom" + ], + "x-ms-enum": { + "name": "AssignmentType", + "modelAsString": true, + "values": [ + { + "name": "NotSpecified", + "value": "NotSpecified", + "description": "The not specified assignment type." + }, + { + "name": "System", + "value": "System", + "description": "The system assignment type." + }, + { + "name": "SystemHidden", + "value": "SystemHidden", + "description": "The system hidden assignment type." + }, + { + "name": "Custom", + "value": "Custom", + "description": "The custom assignment type." + } + ] + } + }, + "ExternalEndpointResult": { + "type": "string", + "description": "The result of the external endpoint. Possible values are Succeeded and Failed.", + "enum": [ + "Succeeded", + "Failed" + ], + "x-ms-enum": { + "name": "ExternalEndpointResult", + "modelAsString": true, + "values": [ + { + "name": "Succeeded", + "value": "Succeeded", + "description": "The external endpoint succeeded." + }, + { + "name": "Failed", + "value": "Failed", + "description": "The external endpoint failed." + } + ] + } + }, + "ExternalEvaluationEndpointInvocationResult": { + "type": "object", + "description": "The external evaluation endpoint invocation results.", + "properties": { + "policyInfo": { + "$ref": "#/definitions/PolicyLogInfo", + "description": "The details of the policy requiring the external endpoint invocation." + }, + "result": { + "$ref": "#/definitions/ExternalEndpointResult", + "description": "The result of the external endpoint. Possible values are Succeeded and Failed." + }, + "endpointKind": { + "type": "string", + "description": "The external evaluation endpoint kind." + }, + "message": { + "type": "string", + "description": "The status message with additional details about the invocation result." + }, + "retryAfter": { + "type": "string", + "format": "date-time", + "description": "The date and time after which a failed endpoint invocation can be retried." + }, + "claims": { + "description": "The set of claims that will be attached to the policy token as an attestation for the result of the endpoint invocation." + }, + "policyAction": { + "$ref": "#/definitions/PolicyAction", + "description": "The effective outcome of the policy evaluation based on both the policy effect and evaluation result. Possible values are Unknown, Allow, Audit, Deny, Error." + }, + "policyEvaluationDetails": { + "description": "The evaluation details returned by the policy evaluation engine." + }, + "additionalInfo": { + "description": "The endpoint specific metadata." + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "The expiration of the results." + } + } + }, + "ExternalEvaluationEndpointSettings": { + "type": "object", + "description": "The settings of an external endpoint providing evaluation results.", + "properties": { + "kind": { + "type": "string", + "description": "The kind of the endpoint." + }, + "details": { + "description": "The details of the endpoint." + } + } + }, + "ExternalEvaluationEnforcementSettings": { + "type": "object", + "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation.", + "properties": { + "missingTokenAction": { + "type": "string", + "description": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported." + }, + "resultLifespan": { + "type": "string", + "description": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported." + }, + "endpointSettings": { + "$ref": "#/definitions/ExternalEvaluationEndpointSettings", + "description": "The settings of an external endpoint providing evaluation results." + }, + "roleDefinitionIds": { + "type": "array", + "description": "An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint.", + "items": { + "type": "string" + } + } + } + }, + "Identity": { + "type": "object", + "description": "Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity.", + "properties": { + "principalId": { + "type": "string", + "description": "The principal ID of the resource identity. This property will only be provided for a system assigned identity", + "readOnly": true + }, + "tenantId": { + "type": "string", + "description": "The tenant ID of the resource identity. This property will only be provided for a system assigned identity", + "readOnly": true + }, + "type": { + "$ref": "#/definitions/ResourceIdentityType", + "description": "The identity type. This is the only required field when adding a system or user assigned identity to a resource." + }, + "userAssignedIdentities": { + "type": "object", + "description": "The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.", + "additionalProperties": { + "$ref": "#/definitions/UserAssignedIdentitiesValue" + } + } + } + }, + "NonComplianceMessage": { + "type": "object", + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.", + "properties": { + "message": { + "type": "string", + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment." + } + }, + "required": [ + "message" + ] + }, + "Override": { + "type": "object", + "description": "The policy property value override.", + "properties": { + "kind": { + "$ref": "#/definitions/OverrideKind", + "description": "The override kind." + }, + "value": { + "type": "string", + "description": "The value to override the policy property." + }, + "selectors": { + "type": "array", + "description": "The list of the selector expressions.", + "items": { + "$ref": "#/definitions/Selector" + }, + "x-ms-identifiers": [] + } + } + }, + "OverrideKind": { + "type": "string", + "description": "The override kind.", + "enum": [ + "policyEffect", + "definitionVersion" + ], + "x-ms-enum": { + "name": "OverrideKind", + "modelAsString": true, + "values": [ + { + "name": "policyEffect", + "value": "policyEffect", + "description": "It will override the policy effect type." + }, + { + "name": "definitionVersion", + "value": "definitionVersion", + "description": "It will override the definition version property value of the policy assignment." + } + ] + } + }, + "ParameterDefinitionsValue": { + "type": "object", + "description": "The definition of a parameter that can be provided to the policy.", + "properties": { + "type": { + "$ref": "#/definitions/ParameterType", + "description": "The data type of the parameter." + }, + "allowedValues": { + "type": "array", + "description": "The allowed values for the parameter.", + "items": {} + }, + "defaultValue": { + "description": "The default value for the parameter if no value is provided." + }, + "schema": { + "description": "Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/." + }, + "metadata": { + "$ref": "#/definitions/ParameterDefinitionsValueMetadata", + "description": "General metadata for the parameter." + } + } + }, + "ParameterDefinitionsValueMetadata": { + "type": "object", + "description": "General metadata for the parameter.", + "properties": { + "displayName": { + "type": "string", + "description": "The display name for the parameter." + }, + "description": { + "type": "string", + "description": "The description of the parameter." + }, + "strongType": { + "type": "string", + "description": "Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from." + }, + "assignPermissions": { + "type": "boolean", + "description": "Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope." + } + }, + "additionalProperties": {} + }, + "ParameterType": { + "type": "string", + "description": "The data type of the parameter.", + "enum": [ + "String", + "Array", + "Object", + "Boolean", + "Integer", + "Float", + "DateTime" + ], + "x-ms-enum": { + "name": "ParameterType", + "modelAsString": true, + "values": [ + { + "name": "String", + "value": "String", + "description": "The string parameter type." + }, + { + "name": "Array", + "value": "Array", + "description": "The array parameter type." + }, + { + "name": "Object", + "value": "Object", + "description": "The object parameter type." + }, + { + "name": "Boolean", + "value": "Boolean", + "description": "The boolean parameter type." + }, + { + "name": "Integer", + "value": "Integer", + "description": "The integer parameter type." + }, + { + "name": "Float", + "value": "Float", + "description": "The float parameter type." + }, + { + "name": "DateTime", + "value": "DateTime", + "description": "The date-time parameter type." + } + ] + } + }, + "ParameterValuesValue": { + "type": "object", + "description": "The value of a parameter.", + "properties": { + "value": { + "description": "The value of the parameter." + } + } + }, + "PolicyAction": { + "type": "string", + "description": "The effective outcome of the policy evaluation based on both the policy effect and evaluation result. Possible values are Unknown, Allow, Audit, Deny, Error.", + "enum": [ + "Unknown", + "Audit", + "Deny", + "Error" + ], + "x-ms-enum": { + "name": "PolicyAction", + "modelAsString": true, + "values": [ + { + "name": "Unknown", + "value": "Unknown", + "description": "The effective outcome of policy evaluation is unknown." + }, + { + "name": "Audit", + "value": "Audit", + "description": "The effective outcome of policy evaluation is to allow the request.\n Allow: \"Allow\",\n\n /**\nThe effective outcome of policy evaluation is to audit the request." + }, + { + "name": "Deny", + "value": "Deny", + "description": "The effective outcome of policy evaluation is to deny the request." + }, + { + "name": "Error", + "value": "Error", + "description": "The policy evaluation resulted in an error." + } + ] + } + }, + "PolicyAssignment": { + "type": "object", + "description": "The policy assignment.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicyAssignmentProperties", + "description": "Properties for the policy assignment.", + "x-ms-client-flatten": true + }, + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "The managed identity associated with the policy assignment." + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "PolicyAssignmentListResult": { + "type": "object", + "description": "The response of a PolicyAssignment list operation.", + "properties": { + "value": { + "type": "array", + "description": "The PolicyAssignment items on this page", + "items": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "PolicyAssignmentProperties": { + "type": "object", + "description": "The policy assignment properties.", + "properties": { + "displayName": { + "type": "string", + "description": "The display name of the policy assignment." + }, + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition being assigned." + }, + "definitionVersion": { + "type": "string", + "description": "The version of the policy definition to use." + }, + "latestDefinitionVersion": { + "type": "string", + "description": "The latest version of the policy definition available. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "effectiveDefinitionVersion": { + "type": "string", + "description": "The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "scope": { + "type": "string", + "description": "The scope for the policy assignment.", + "readOnly": true + }, + "notScopes": { + "type": "array", + "description": "The policy's excluded scopes.", + "items": { + "type": "string" + } + }, + "parameters": { + "type": "object", + "description": "The parameter values for the assigned policy rule. The keys are the parameter names.", + "additionalProperties": { + "$ref": "#/definitions/ParameterValuesValue" + } + }, + "description": { + "type": "string", + "description": "This message will be part of response in case of policy violation." + }, + "metadata": { + "description": "The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "enforcementMode": { + "type": "string", + "description": "The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll", + "default": "Default", + "enum": [ + "Default", + "DoNotEnforce", + "Enroll" + ], + "x-ms-enum": { + "name": "EnforcementMode", + "modelAsString": true, + "values": [ + { + "name": "Default", + "value": "Default", + "description": "The policy effect is enforced during resource creation or update." + }, + { + "name": "DoNotEnforce", + "value": "DoNotEnforce", + "description": "The policy effect is not enforced during resource creation or update." + }, + { + "name": "Enroll", + "value": "Enroll", + "description": "The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource." + } + ] + } + }, + "nonComplianceMessages": { + "type": "array", + "description": "The messages that describe why a resource is non-compliant with the policy.", + "items": { + "$ref": "#/definitions/NonComplianceMessage" + }, + "x-ms-identifiers": [ + "message", + "policyDefinitionReferenceId" + ] + }, + "resourceSelectors": { + "type": "array", + "description": "The resource selector list to filter policies by resource properties.", + "items": { + "$ref": "#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [] + }, + "overrides": { + "type": "array", + "description": "The policy property value override.", + "items": { + "$ref": "#/definitions/Override" + }, + "x-ms-identifiers": [] + }, + "assignmentType": { + "$ref": "#/definitions/AssignmentType", + "description": "The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable." + }, + "instanceId": { + "type": "string", + "description": "The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated.", + "readOnly": true + }, + "selfServeExemptionSettings": { + "$ref": "#/definitions/SelfServeExemptionSettings", + "description": "The self-serve exemption settings for the policy assignment." + } + } + }, + "PolicyAssignmentUpdate": { + "type": "object", + "description": "The policy assignment for Patch request.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicyAssignmentUpdateProperties", + "description": "The policy assignment properties for Patch request.", + "x-ms-client-flatten": true + }, + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "The managed identity associated with the policy assignment." + } + } + }, + "PolicyAssignmentUpdateProperties": { + "type": "object", + "description": "The policy assignment properties for Patch request.", + "properties": { + "resourceSelectors": { + "type": "array", + "description": "The resource selector list to filter policies by resource properties.", + "items": { + "$ref": "#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [] + }, + "overrides": { + "type": "array", + "description": "The policy property value override.", + "items": { + "$ref": "#/definitions/Override" + }, + "x-ms-identifiers": [] + }, + "selfServeExemptionSettings": { + "$ref": "#/definitions/SelfServeExemptionSettings", + "description": "The self-serve exemption settings for the policy assignment." + } + } + }, + "PolicyDefinition": { + "type": "object", + "description": "The policy definition.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicyDefinitionProperties", + "description": "The policy definition properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "PolicyDefinitionGroup": { + "type": "object", + "description": "The policy definition group.", + "properties": { + "name": { + "type": "string", + "description": "The name of the group." + }, + "displayName": { + "type": "string", + "description": "The group's display name." + }, + "category": { + "type": "string", + "description": "The group's category." + }, + "description": { + "type": "string", + "description": "The group's description." + }, + "additionalMetadataId": { + "type": "string", + "description": "A resource ID of a resource that contains additional metadata about the group." + } + }, + "required": [ + "name" + ] + }, + "PolicyDefinitionListResult": { + "type": "object", + "description": "The response of a PolicyDefinition list operation.", + "properties": { + "value": { + "type": "array", + "description": "The PolicyDefinition items on this page", + "items": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "PolicyDefinitionProperties": { + "type": "object", + "description": "The policy definition properties.", + "properties": { + "policyType": { + "$ref": "#/definitions/PolicyType", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static." + }, + "mode": { + "type": "string", + "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.", + "default": "Indexed" + }, + "displayName": { + "type": "string", + "description": "The display name of the policy definition." + }, + "description": { + "type": "string", + "description": "The policy definition description." + }, + "policyRule": { + "description": "The policy rule." + }, + "metadata": { + "description": "The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "type": "object", + "description": "The parameter definitions for parameters used in the policy rule. The keys are the parameter names.", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "version": { + "type": "string", + "description": "The policy definition version in #.#.# format." + }, + "versions": { + "type": "array", + "description": "A list of available versions for this policy definition.", + "items": { + "type": "string" + } + }, + "externalEvaluationEnforcementSettings": { + "$ref": "#/definitions/ExternalEvaluationEnforcementSettings", + "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation." + } + } + }, + "PolicyDefinitionReference": { + "type": "object", + "description": "The policy definition reference.", + "properties": { + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition." + }, + "definitionVersion": { + "type": "string", + "description": "The version of the policy definition to use." + }, + "latestDefinitionVersion": { + "type": "string", + "description": "The latest version of the policy definition available. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "effectiveDefinitionVersion": { + "type": "string", + "description": "The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "parameters": { + "type": "object", + "description": "The parameter values for the referenced policy rule. The keys are the parameter names.", + "additionalProperties": { + "$ref": "#/definitions/ParameterValuesValue" + } + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "A unique id (within the policy set definition) for this policy definition reference." + }, + "groupNames": { + "type": "array", + "description": "The name of the groups that this policy definition reference belongs to.", + "items": { + "type": "string" + } + } + }, + "required": [ + "policyDefinitionId" + ] + }, + "PolicyDefinitionVersion": { + "type": "object", + "description": "The ID of the policy definition version.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicyDefinitionVersionProperties", + "description": "The policy definition version properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "PolicyDefinitionVersionListResult": { + "type": "object", + "description": "The response of a PolicyDefinitionVersion list operation.", + "properties": { + "value": { + "type": "array", + "description": "The PolicyDefinitionVersion items on this page", + "items": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "PolicyDefinitionVersionProperties": { + "type": "object", + "description": "The policy definition properties.", + "properties": { + "policyType": { + "$ref": "#/definitions/PolicyType", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static." + }, + "mode": { + "type": "string", + "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.", + "default": "Indexed" + }, + "displayName": { + "type": "string", + "description": "The display name of the policy definition." + }, + "description": { + "type": "string", + "description": "The policy definition description." + }, + "policyRule": { + "description": "The policy rule." + }, + "metadata": { + "description": "The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "type": "object", + "description": "The parameter definitions for parameters used in the policy rule. The keys are the parameter names.", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "version": { + "type": "string", + "description": "The policy definition version in #.#.# format." + }, + "externalEvaluationEnforcementSettings": { + "$ref": "#/definitions/ExternalEvaluationEnforcementSettings", + "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation." + } + } + }, + "PolicyLogInfo": { + "type": "object", + "description": "The policy log info.", + "properties": { + "policyDefinitionId": { + "type": "string", + "description": "The policy definition Id." + }, + "policySetDefinitionId": { + "type": "string", + "description": "The policy set definition Id." + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "The policy definition instance Id inside a policy set." + }, + "policySetDefinitionName": { + "type": "string", + "description": "The policy set definition name." + }, + "policySetDefinitionDisplayName": { + "type": "string", + "description": "The policy set definition display name." + }, + "policySetDefinitionVersion": { + "type": "string", + "description": "The policy set definition version." + }, + "policySetDefinitionCategory": { + "type": "string", + "description": "The policy set definition category." + }, + "policyDefinitionName": { + "type": "string", + "description": "The policy definition name." + }, + "policyDefinitionDisplayName": { + "type": "string", + "description": "The policy definition display name." + }, + "policyDefinitionVersion": { + "type": "string", + "description": "The policy definition version." + }, + "policyDefinitionEffect": { + "type": "string", + "description": "The policy definition action." + }, + "policyDefinitionGroupNames": { + "type": "array", + "description": "An array of policy definition group names.", + "items": { + "type": "string" + } + }, + "policyAssignmentId": { + "type": "string", + "description": "The policy assignment Id." + }, + "policyAssignmentName": { + "type": "string", + "description": "The policy assignment name." + }, + "policyAssignmentDisplayName": { + "type": "string", + "description": "The policy assignment display name." + }, + "policyAssignmentVersion": { + "type": "string", + "description": "The policy assignment version." + }, + "policyAssignmentScope": { + "type": "string", + "description": "The policy assignment scope." + }, + "resourceLocation": { + "type": "string", + "description": "The resource location." + }, + "ancestors": { + "type": "string", + "description": "The management group ancestors." + }, + "complianceReasonCode": { + "type": "string", + "description": "The policy compliance reason code." + }, + "policyExemptionIds": { + "type": "array", + "description": "An array of policy exemption Ids.", + "items": { + "type": "string" + } + } + } + }, + "PolicySetDefinition": { + "type": "object", + "description": "The policy set definition.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicySetDefinitionProperties", + "description": "The policy set definition properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "PolicySetDefinitionListResult": { + "type": "object", + "description": "The response of a PolicySetDefinition list operation.", + "properties": { + "value": { + "type": "array", + "description": "The PolicySetDefinition items on this page", + "items": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "PolicySetDefinitionProperties": { + "type": "object", + "description": "The policy set definition properties.", + "properties": { + "policyType": { + "$ref": "#/definitions/PolicyType", + "description": "The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static." + }, + "displayName": { + "type": "string", + "description": "The display name of the policy set definition." + }, + "description": { + "type": "string", + "description": "The policy set definition description." + }, + "metadata": { + "description": "The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "type": "object", + "description": "The policy set definition parameters that can be used in policy definition references.", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "policyDefinitions": { + "type": "array", + "description": "An array of policy definition references.", + "items": { + "$ref": "#/definitions/PolicyDefinitionReference" + }, + "x-ms-identifiers": [ + "policyDefinitionReferenceId" + ] + }, + "policyDefinitionGroups": { + "type": "array", + "description": "The metadata describing groups of policy definition references within the policy set definition.", + "items": { + "$ref": "#/definitions/PolicyDefinitionGroup" + }, + "x-ms-identifiers": [ + "name" + ] + }, + "version": { + "type": "string", + "description": "The policy set definition version in #.#.# format." + }, + "versions": { + "type": "array", + "description": "A list of available versions for this policy set definition.", + "items": { + "type": "string" + } + } + }, + "required": [ + "policyDefinitions" + ] + }, + "PolicySetDefinitionVersion": { + "type": "object", + "description": "The policy set definition version.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicySetDefinitionVersionProperties", + "description": "The policy set definition version properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "PolicySetDefinitionVersionListResult": { + "type": "object", + "description": "The response of a PolicySetDefinitionVersion list operation.", + "properties": { + "value": { + "type": "array", + "description": "The PolicySetDefinitionVersion items on this page", + "items": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "PolicySetDefinitionVersionProperties": { + "type": "object", + "description": "The policy set definition properties.", + "properties": { + "policyType": { + "$ref": "#/definitions/PolicyType", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static." + }, + "displayName": { + "type": "string", + "description": "The display name of the policy set definition." + }, + "description": { + "type": "string", + "description": "The policy set definition description." + }, + "metadata": { + "description": "The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "type": "object", + "description": "The policy set definition parameters that can be used in policy definition references.", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "policyDefinitions": { + "type": "array", + "description": "An array of policy definition references.", + "items": { + "$ref": "#/definitions/PolicyDefinitionReference" + }, + "x-ms-identifiers": [ + "policyDefinitionReferenceId" + ] + }, + "policyDefinitionGroups": { + "type": "array", + "description": "The metadata describing groups of policy definition references within the policy set definition.", + "items": { + "$ref": "#/definitions/PolicyDefinitionGroup" + }, + "x-ms-identifiers": [ + "name" + ] + }, + "version": { + "type": "string", + "description": "The policy set definition version in #.#.# format." + } + }, + "required": [ + "policyDefinitions" + ] + }, + "PolicyTokenEvaluatedRequestDetails": { + "type": "object", + "description": "The policy token evaluated request details.", + "properties": { + "uri": { + "type": "string", + "description": "The request URI of the resource operation that is targeted by the issued token." + }, + "resourceId": { + "type": "string", + "description": "The resource Id of the resource operation that is targeted by the issued token." + }, + "apiVersion": { + "type": "string", + "description": "The api-version of the resource operation that is targeted by the issued token." + }, + "authorizationAction": { + "type": "string", + "description": "The authorization action of the resource operation that is targeted by the issued token." + }, + "httpMethod": { + "type": "string", + "description": "The http method of the resource operation that is targeted by the issued token." + }, + "contentHash": { + "type": "string", + "description": "The hashed payload of the resource operation that is targeted by the issued token." + } + }, + "required": [ + "uri", + "resourceId", + "apiVersion", + "authorizationAction", + "httpMethod", + "contentHash" + ] + }, + "PolicyTokenOperation": { + "type": "object", + "description": "The resource operation to acquire a token for.", + "properties": { + "uri": { + "type": "string", + "description": "The request URI of the resource operation." + }, + "httpMethod": { + "type": "string", + "description": "The http method of the resource operation." + }, + "content": { + "description": "The payload of the resource operation." + } + }, + "required": [ + "uri", + "httpMethod" + ] + }, + "PolicyTokenRequest": { + "type": "object", + "description": "The policy token request properties.", + "properties": { + "operation": { + "$ref": "#/definitions/PolicyTokenOperation", + "description": "The resource operation to acquire a token for." + }, + "changeReference": { + "type": "string", + "description": "The change reference." + } + }, + "required": [ + "operation" + ] + }, + "PolicyTokenResponse": { + "type": "object", + "description": "The policy token response properties.", + "properties": { + "result": { + "$ref": "#/definitions/PolicyTokenResult", + "description": "The result of the completed token acquisition operation. Possible values are Succeeded and Failed." + }, + "requestDetails": { + "$ref": "#/definitions/PolicyTokenEvaluatedRequestDetails", + "description": "The external evaluation request details." + }, + "message": { + "type": "string", + "description": "Status message with additional details about the token acquisition operation result." + }, + "retryAfter": { + "type": "string", + "format": "date-time", + "description": "The date and time after which the client can try to acquire a token again in the case of retry-able failures." + }, + "results": { + "type": "array", + "description": "An array of external evaluation endpoint invocation results.", + "items": { + "$ref": "#/definitions/ExternalEvaluationEndpointInvocationResult" + }, + "x-ms-identifiers": [] + }, + "changeReference": { + "type": "string", + "description": "The change reference associated with the operation for which the token is acquired." + }, + "token": { + "type": "string", + "description": "The issued policy token." + }, + "tokenId": { + "type": "string", + "description": "The unique Id assigned to the policy token." + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "The expiration of the policy token." + } + } + }, + "PolicyTokenResult": { + "type": "string", + "description": "The result of the completed token acquisition operation. Possible values are Succeeded and Failed.", + "enum": [ + "Succeeded", + "Failed" + ], + "x-ms-enum": { + "name": "PolicyTokenResult", + "modelAsString": true, + "values": [ + { + "name": "Succeeded", + "value": "Succeeded", + "description": "The token acquisition succeeded." + }, + { + "name": "Failed", + "value": "Failed", + "description": "The token acquisition failed." + } + ] + } + }, + "PolicyType": { + "type": "string", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ], + "x-ms-enum": { + "name": "PolicyType", + "modelAsString": true, + "values": [ + { + "name": "NotSpecified", + "value": "NotSpecified", + "description": "The not specified policy definition type." + }, + { + "name": "BuiltIn", + "value": "BuiltIn", + "description": "The built in policy definition type." + }, + { + "name": "Custom", + "value": "Custom", + "description": "The custom policy definition type." + }, + { + "name": "Static", + "value": "Static", + "description": "The static policy definition type." + } + ] + } + }, + "ResourceIdentityType": { + "type": "string", + "description": "The identity type. This is the only required field when adding a system or user assigned identity to a resource.", + "enum": [ + "SystemAssigned", + "UserAssigned", + "None" + ], + "x-ms-enum": { + "name": "ResourceIdentityType", + "modelAsString": false, + "values": [ + { + "name": "SystemAssigned", + "value": "SystemAssigned", + "description": "Indicates that a system assigned identity is associated with the resource." + }, + { + "name": "UserAssigned", + "value": "UserAssigned", + "description": "Indicates that a system assigned identity is associated with the resource." + }, + { + "name": "None", + "value": "None", + "description": "Indicates that no identity is associated with the resource or that the existing identity should be removed." + } + ] + } + }, + "ResourceSelector": { + "type": "object", + "description": "The resource selector to filter policies by resource properties.", + "properties": { + "name": { + "type": "string", + "description": "The name of the resource selector." + }, + "selectors": { + "type": "array", + "description": "The list of the selector expressions.", + "items": { + "$ref": "#/definitions/Selector" + }, + "x-ms-identifiers": [] + } + } + }, + "Selector": { + "type": "object", + "description": "The selector expression.", + "properties": { + "kind": { + "$ref": "#/definitions/SelectorKind", + "description": "The selector kind." + }, + "in": { + "type": "array", + "description": "The list of values to filter in.", + "items": { + "type": "string" + } + }, + "notIn": { + "type": "array", + "description": "The list of values to filter out.", + "items": { + "type": "string" + } + } + } + }, + "SelectorKind": { + "type": "string", + "description": "The selector kind.", + "enum": [ + "resourceLocation", + "resourceType", + "resourceWithoutLocation", + "policyDefinitionReferenceId" + ], + "x-ms-enum": { + "name": "SelectorKind", + "modelAsString": true, + "values": [ + { + "name": "resourceLocation", + "value": "resourceLocation", + "description": "The selector kind to filter policies by the resource location." + }, + { + "name": "resourceType", + "value": "resourceType", + "description": "The selector kind to filter policies by the resource type." + }, + { + "name": "resourceWithoutLocation", + "value": "resourceWithoutLocation", + "description": "The selector kind to filter policies by the resource without location." + }, + { + "name": "policyDefinitionReferenceId", + "value": "policyDefinitionReferenceId", + "description": "The selector kind to filter policies by the policy definition reference ID." + } + ] + } + }, + "SelfServeExemptionSettings": { + "type": "object", + "description": "The self-serve exemption settings for a policy assignment.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Indicates whether self-serve exemption is enabled." + }, + "policyDefinitionReferenceIds": { + "type": "array", + "description": "The policy definition reference IDs for self-serve exemption.", + "items": { + "type": "string" + } + } + } + }, + "UserAssignedIdentitiesValue": { + "type": "object", + "properties": { + "principalId": { + "type": "string", + "description": "The principal id of user assigned identity.", + "readOnly": true + }, + "clientId": { + "type": "string", + "description": "The client id of user assigned identity.", + "readOnly": true + } + } + } + }, + "parameters": {} +}