diff --git a/profiles/preview/preview/authorization/mgmt/authorization/models.go b/profiles/preview/preview/authorization/mgmt/authorization/models.go
index 757cfb90eb44..48c21bb20e5f 100644
--- a/profiles/preview/preview/authorization/mgmt/authorization/models.go
+++ b/profiles/preview/preview/authorization/mgmt/authorization/models.go
@@ -28,6 +28,7 @@ const (
 )
 
 type BaseClient = original.BaseClient
+type DenyAssignmentsClient = original.DenyAssignmentsClient
 type PrincipalType = original.PrincipalType
 
 const (
@@ -48,10 +49,18 @@ type ClassicAdministratorListResult = original.ClassicAdministratorListResult
 type ClassicAdministratorListResultIterator = original.ClassicAdministratorListResultIterator
 type ClassicAdministratorListResultPage = original.ClassicAdministratorListResultPage
 type ClassicAdministratorProperties = original.ClassicAdministratorProperties
+type DenyAssignment = original.DenyAssignment
+type DenyAssignmentFilter = original.DenyAssignmentFilter
+type DenyAssignmentListResult = original.DenyAssignmentListResult
+type DenyAssignmentListResultIterator = original.DenyAssignmentListResultIterator
+type DenyAssignmentListResultPage = original.DenyAssignmentListResultPage
+type DenyAssignmentPermission = original.DenyAssignmentPermission
+type DenyAssignmentProperties = original.DenyAssignmentProperties
 type Permission = original.Permission
 type PermissionGetResult = original.PermissionGetResult
 type PermissionGetResultIterator = original.PermissionGetResultIterator
 type PermissionGetResultPage = original.PermissionGetResultPage
+type Principal = original.Principal
 type ProviderOperation = original.ProviderOperation
 type ProviderOperationsMetadata = original.ProviderOperationsMetadata
 type ProviderOperationsMetadataListResult = original.ProviderOperationsMetadataListResult
@@ -89,6 +98,12 @@ func New(subscriptionID string) BaseClient {
 func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient {
 	return original.NewWithBaseURI(baseURI, subscriptionID)
 }
+func NewDenyAssignmentsClient(subscriptionID string) DenyAssignmentsClient {
+	return original.NewDenyAssignmentsClient(subscriptionID)
+}
+func NewDenyAssignmentsClientWithBaseURI(baseURI string, subscriptionID string) DenyAssignmentsClient {
+	return original.NewDenyAssignmentsClientWithBaseURI(baseURI, subscriptionID)
+}
 func PossiblePrincipalTypeValues() []PrincipalType {
 	return original.PossiblePrincipalTypeValues()
 }
diff --git a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/classicadministrators.go b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/classicadministrators.go
index 5e46de7a5bf1..2b3efb510b4e 100644
--- a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/classicadministrators.go
+++ b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/classicadministrators.go
@@ -24,10 +24,7 @@ import (
 	"net/http"
 )
 
-// ClassicAdministratorsClient is the role based access control provides you a way to apply granular level policy
-// administration down to individual resources or resource groups. These operations enable you to manage role
-// definitions and role assignments. A role definition describes the set of actions that can be performed on resources.
-// A role assignment grants access to Azure Active Directory users.
+// ClassicAdministratorsClient is the client for the ClassicAdministrators methods of the Authorization service.
 type ClassicAdministratorsClient struct {
 	BaseClient
 }
diff --git a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/client.go b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/client.go
index 6b6f6de95ef0..362420bdfa36 100644
--- a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/client.go
+++ b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/client.go
@@ -1,9 +1,6 @@
 // Package authorization implements the Azure ARM Authorization service API version .
 //
-// Role based access control provides you a way to apply granular level policy administration down to individual
-// resources or resource groups. These operations enable you to manage role definitions and role assignments. A role
-// definition describes the set of actions that can be performed on resources. A role assignment grants access to Azure
-// Active Directory users.
+//
 package authorization
 
 // Copyright (c) Microsoft and contributors.  All rights reserved.
diff --git a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/denyassignments.go b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/denyassignments.go
new file mode 100644
index 000000000000..ef9e235226e9
--- /dev/null
+++ b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/denyassignments.go
@@ -0,0 +1,598 @@
+package authorization
+
+// Copyright (c) Microsoft and contributors.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+import (
+	"context"
+	"github.com/Azure/go-autorest/autorest"
+	"github.com/Azure/go-autorest/autorest/azure"
+	"net/http"
+)
+
+// DenyAssignmentsClient is the client for the DenyAssignments methods of the Authorization service.
+type DenyAssignmentsClient struct {
+	BaseClient
+}
+
+// NewDenyAssignmentsClient creates an instance of the DenyAssignmentsClient client.
+func NewDenyAssignmentsClient(subscriptionID string) DenyAssignmentsClient {
+	return NewDenyAssignmentsClientWithBaseURI(DefaultBaseURI, subscriptionID)
+}
+
+// NewDenyAssignmentsClientWithBaseURI creates an instance of the DenyAssignmentsClient client.
+func NewDenyAssignmentsClientWithBaseURI(baseURI string, subscriptionID string) DenyAssignmentsClient {
+	return DenyAssignmentsClient{NewWithBaseURI(baseURI, subscriptionID)}
+}
+
+// Get get the specified deny assignment.
+// Parameters:
+// scope - the scope of the deny assignment.
+// denyAssignmentID - the ID of the deny assignment to get.
+func (client DenyAssignmentsClient) Get(ctx context.Context, scope string, denyAssignmentID string) (result DenyAssignment, err error) {
+	req, err := client.GetPreparer(ctx, scope, denyAssignmentID)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "Get", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.GetSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "Get", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.GetResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "Get", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// GetPreparer prepares the Get request.
+func (client DenyAssignmentsClient) GetPreparer(ctx context.Context, scope string, denyAssignmentID string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"denyAssignmentId": autorest.Encode("path", denyAssignmentID),
+		"scope":            scope,
+	}
+
+	const APIVersion = "2018-07-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/{scope}/providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId}", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// GetSender sends the Get request. The method will close the
+// http.Response Body if it receives an error.
+func (client DenyAssignmentsClient) GetSender(req *http.Request) (*http.Response, error) {
+	return autorest.SendWithSender(client, req,
+		autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...))
+}
+
+// GetResponder handles the response to the Get request. The method always
+// closes the http.Response Body.
+func (client DenyAssignmentsClient) GetResponder(resp *http.Response) (result DenyAssignment, err error) {
+	err = autorest.Respond(
+		resp,
+		client.ByInspecting(),
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// GetByID gets a deny assignment by ID.
+// Parameters:
+// denyAssignmentID - the fully qualified deny assignment ID. For example, use the format,
+// /subscriptions/{guid}/providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId} for subscription
+// level deny assignments, or /providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId} for tenant
+// level deny assignments.
+func (client DenyAssignmentsClient) GetByID(ctx context.Context, denyAssignmentID string) (result DenyAssignment, err error) {
+	req, err := client.GetByIDPreparer(ctx, denyAssignmentID)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "GetByID", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.GetByIDSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "GetByID", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.GetByIDResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "GetByID", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// GetByIDPreparer prepares the GetByID request.
+func (client DenyAssignmentsClient) GetByIDPreparer(ctx context.Context, denyAssignmentID string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"denyAssignmentId": denyAssignmentID,
+	}
+
+	const APIVersion = "2018-07-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/{denyAssignmentId}", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// GetByIDSender sends the GetByID request. The method will close the
+// http.Response Body if it receives an error.
+func (client DenyAssignmentsClient) GetByIDSender(req *http.Request) (*http.Response, error) {
+	return autorest.SendWithSender(client, req,
+		autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...))
+}
+
+// GetByIDResponder handles the response to the GetByID request. The method always
+// closes the http.Response Body.
+func (client DenyAssignmentsClient) GetByIDResponder(resp *http.Response) (result DenyAssignment, err error) {
+	err = autorest.Respond(
+		resp,
+		client.ByInspecting(),
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// List gets all deny assignments for the subscription.
+// Parameters:
+// filter - the filter to apply on the operation. Use $filter=atScope() to return all deny assignments at or
+// above the scope. Use $filter=denyAssignmentName eq '{name}' to search deny assignments by name at specified
+// scope. Use $filter=principalId eq '{id}' to return all deny assignments at, above and below the scope for
+// the specified principal. Use $filter=gdprExportPrincipalId eq '{id}' to return all deny assignments at,
+// above and below the scope for the specified principal. This filter is different from the principalId filter
+// as it returns not only those deny assignments that contain the specified principal is the Principals list
+// but also those deny assignments that contain the specified principal is the ExcludePrincipals list.
+// Additionally, when gdprExportPrincipalId filter is used, only the deny assignment name and description
+// properties are returned.
+func (client DenyAssignmentsClient) List(ctx context.Context, filter string) (result DenyAssignmentListResultPage, err error) {
+	result.fn = client.listNextResults
+	req, err := client.ListPreparer(ctx, filter)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "List", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.ListSender(req)
+	if err != nil {
+		result.dalr.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "List", resp, "Failure sending request")
+		return
+	}
+
+	result.dalr, err = client.ListResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "List", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// ListPreparer prepares the List request.
+func (client DenyAssignmentsClient) ListPreparer(ctx context.Context, filter string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"subscriptionId": autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2018-07-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+	if len(filter) > 0 {
+		queryParameters["$filter"] = autorest.Encode("query", filter)
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/denyAssignments", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// ListSender sends the List request. The method will close the
+// http.Response Body if it receives an error.
+func (client DenyAssignmentsClient) ListSender(req *http.Request) (*http.Response, error) {
+	return autorest.SendWithSender(client, req,
+		azure.DoRetryWithRegistration(client.Client))
+}
+
+// ListResponder handles the response to the List request. The method always
+// closes the http.Response Body.
+func (client DenyAssignmentsClient) ListResponder(resp *http.Response) (result DenyAssignmentListResult, err error) {
+	err = autorest.Respond(
+		resp,
+		client.ByInspecting(),
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// listNextResults retrieves the next set of results, if any.
+func (client DenyAssignmentsClient) listNextResults(lastResults DenyAssignmentListResult) (result DenyAssignmentListResult, err error) {
+	req, err := lastResults.denyAssignmentListResultPreparer()
+	if err != nil {
+		return result, autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listNextResults", nil, "Failure preparing next results request")
+	}
+	if req == nil {
+		return
+	}
+	resp, err := client.ListSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		return result, autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listNextResults", resp, "Failure sending next results request")
+	}
+	result, err = client.ListResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listNextResults", resp, "Failure responding to next results request")
+	}
+	return
+}
+
+// ListComplete enumerates all values, automatically crossing page boundaries as required.
+func (client DenyAssignmentsClient) ListComplete(ctx context.Context, filter string) (result DenyAssignmentListResultIterator, err error) {
+	result.page, err = client.List(ctx, filter)
+	return
+}
+
+// ListForResource gets deny assignments for a resource.
+// Parameters:
+// resourceGroupName - the name of the resource group.
+// resourceProviderNamespace - the namespace of the resource provider.
+// parentResourcePath - the parent resource identity.
+// resourceType - the resource type of the resource.
+// resourceName - the name of the resource to get deny assignments for.
+// filter - the filter to apply on the operation. Use $filter=atScope() to return all deny assignments at or
+// above the scope. Use $filter=denyAssignmentName eq '{name}' to search deny assignments by name at specified
+// scope. Use $filter=principalId eq '{id}' to return all deny assignments at, above and below the scope for
+// the specified principal. Use $filter=gdprExportPrincipalId eq '{id}' to return all deny assignments at,
+// above and below the scope for the specified principal. This filter is different from the principalId filter
+// as it returns not only those deny assignments that contain the specified principal is the Principals list
+// but also those deny assignments that contain the specified principal is the ExcludePrincipals list.
+// Additionally, when gdprExportPrincipalId filter is used, only the deny assignment name and description
+// properties are returned.
+func (client DenyAssignmentsClient) ListForResource(ctx context.Context, resourceGroupName string, resourceProviderNamespace string, parentResourcePath string, resourceType string, resourceName string, filter string) (result DenyAssignmentListResultPage, err error) {
+	result.fn = client.listForResourceNextResults
+	req, err := client.ListForResourcePreparer(ctx, resourceGroupName, resourceProviderNamespace, parentResourcePath, resourceType, resourceName, filter)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "ListForResource", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.ListForResourceSender(req)
+	if err != nil {
+		result.dalr.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "ListForResource", resp, "Failure sending request")
+		return
+	}
+
+	result.dalr, err = client.ListForResourceResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "ListForResource", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// ListForResourcePreparer prepares the ListForResource request.
+func (client DenyAssignmentsClient) ListForResourcePreparer(ctx context.Context, resourceGroupName string, resourceProviderNamespace string, parentResourcePath string, resourceType string, resourceName string, filter string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"parentResourcePath":        parentResourcePath,
+		"resourceGroupName":         autorest.Encode("path", resourceGroupName),
+		"resourceName":              autorest.Encode("path", resourceName),
+		"resourceProviderNamespace": autorest.Encode("path", resourceProviderNamespace),
+		"resourceType":              resourceType,
+		"subscriptionId":            autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2018-07-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+	if len(filter) > 0 {
+		queryParameters["$filter"] = autorest.Encode("query", filter)
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/denyAssignments", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// ListForResourceSender sends the ListForResource request. The method will close the
+// http.Response Body if it receives an error.
+func (client DenyAssignmentsClient) ListForResourceSender(req *http.Request) (*http.Response, error) {
+	return autorest.SendWithSender(client, req,
+		azure.DoRetryWithRegistration(client.Client))
+}
+
+// ListForResourceResponder handles the response to the ListForResource request. The method always
+// closes the http.Response Body.
+func (client DenyAssignmentsClient) ListForResourceResponder(resp *http.Response) (result DenyAssignmentListResult, err error) {
+	err = autorest.Respond(
+		resp,
+		client.ByInspecting(),
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// listForResourceNextResults retrieves the next set of results, if any.
+func (client DenyAssignmentsClient) listForResourceNextResults(lastResults DenyAssignmentListResult) (result DenyAssignmentListResult, err error) {
+	req, err := lastResults.denyAssignmentListResultPreparer()
+	if err != nil {
+		return result, autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listForResourceNextResults", nil, "Failure preparing next results request")
+	}
+	if req == nil {
+		return
+	}
+	resp, err := client.ListForResourceSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		return result, autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listForResourceNextResults", resp, "Failure sending next results request")
+	}
+	result, err = client.ListForResourceResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listForResourceNextResults", resp, "Failure responding to next results request")
+	}
+	return
+}
+
+// ListForResourceComplete enumerates all values, automatically crossing page boundaries as required.
+func (client DenyAssignmentsClient) ListForResourceComplete(ctx context.Context, resourceGroupName string, resourceProviderNamespace string, parentResourcePath string, resourceType string, resourceName string, filter string) (result DenyAssignmentListResultIterator, err error) {
+	result.page, err = client.ListForResource(ctx, resourceGroupName, resourceProviderNamespace, parentResourcePath, resourceType, resourceName, filter)
+	return
+}
+
+// ListForResourceGroup gets deny assignments for a resource group.
+// Parameters:
+// resourceGroupName - the name of the resource group.
+// filter - the filter to apply on the operation. Use $filter=atScope() to return all deny assignments at or
+// above the scope. Use $filter=denyAssignmentName eq '{name}' to search deny assignments by name at specified
+// scope. Use $filter=principalId eq '{id}' to return all deny assignments at, above and below the scope for
+// the specified principal. Use $filter=gdprExportPrincipalId eq '{id}' to return all deny assignments at,
+// above and below the scope for the specified principal. This filter is different from the principalId filter
+// as it returns not only those deny assignments that contain the specified principal is the Principals list
+// but also those deny assignments that contain the specified principal is the ExcludePrincipals list.
+// Additionally, when gdprExportPrincipalId filter is used, only the deny assignment name and description
+// properties are returned.
+func (client DenyAssignmentsClient) ListForResourceGroup(ctx context.Context, resourceGroupName string, filter string) (result DenyAssignmentListResultPage, err error) {
+	result.fn = client.listForResourceGroupNextResults
+	req, err := client.ListForResourceGroupPreparer(ctx, resourceGroupName, filter)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "ListForResourceGroup", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.ListForResourceGroupSender(req)
+	if err != nil {
+		result.dalr.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "ListForResourceGroup", resp, "Failure sending request")
+		return
+	}
+
+	result.dalr, err = client.ListForResourceGroupResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "ListForResourceGroup", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// ListForResourceGroupPreparer prepares the ListForResourceGroup request.
+func (client DenyAssignmentsClient) ListForResourceGroupPreparer(ctx context.Context, resourceGroupName string, filter string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"resourceGroupName": autorest.Encode("path", resourceGroupName),
+		"subscriptionId":    autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2018-07-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+	if len(filter) > 0 {
+		queryParameters["$filter"] = autorest.Encode("query", filter)
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/denyAssignments", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// ListForResourceGroupSender sends the ListForResourceGroup request. The method will close the
+// http.Response Body if it receives an error.
+func (client DenyAssignmentsClient) ListForResourceGroupSender(req *http.Request) (*http.Response, error) {
+	return autorest.SendWithSender(client, req,
+		azure.DoRetryWithRegistration(client.Client))
+}
+
+// ListForResourceGroupResponder handles the response to the ListForResourceGroup request. The method always
+// closes the http.Response Body.
+func (client DenyAssignmentsClient) ListForResourceGroupResponder(resp *http.Response) (result DenyAssignmentListResult, err error) {
+	err = autorest.Respond(
+		resp,
+		client.ByInspecting(),
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// listForResourceGroupNextResults retrieves the next set of results, if any.
+func (client DenyAssignmentsClient) listForResourceGroupNextResults(lastResults DenyAssignmentListResult) (result DenyAssignmentListResult, err error) {
+	req, err := lastResults.denyAssignmentListResultPreparer()
+	if err != nil {
+		return result, autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listForResourceGroupNextResults", nil, "Failure preparing next results request")
+	}
+	if req == nil {
+		return
+	}
+	resp, err := client.ListForResourceGroupSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		return result, autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listForResourceGroupNextResults", resp, "Failure sending next results request")
+	}
+	result, err = client.ListForResourceGroupResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listForResourceGroupNextResults", resp, "Failure responding to next results request")
+	}
+	return
+}
+
+// ListForResourceGroupComplete enumerates all values, automatically crossing page boundaries as required.
+func (client DenyAssignmentsClient) ListForResourceGroupComplete(ctx context.Context, resourceGroupName string, filter string) (result DenyAssignmentListResultIterator, err error) {
+	result.page, err = client.ListForResourceGroup(ctx, resourceGroupName, filter)
+	return
+}
+
+// ListForScope gets deny assignments for a scope.
+// Parameters:
+// scope - the scope of the deny assignments.
+// filter - the filter to apply on the operation. Use $filter=atScope() to return all deny assignments at or
+// above the scope. Use $filter=denyAssignmentName eq '{name}' to search deny assignments by name at specified
+// scope. Use $filter=principalId eq '{id}' to return all deny assignments at, above and below the scope for
+// the specified principal. Use $filter=gdprExportPrincipalId eq '{id}' to return all deny assignments at,
+// above and below the scope for the specified principal. This filter is different from the principalId filter
+// as it returns not only those deny assignments that contain the specified principal is the Principals list
+// but also those deny assignments that contain the specified principal is the ExcludePrincipals list.
+// Additionally, when gdprExportPrincipalId filter is used, only the deny assignment name and description
+// properties are returned.
+func (client DenyAssignmentsClient) ListForScope(ctx context.Context, scope string, filter string) (result DenyAssignmentListResultPage, err error) {
+	result.fn = client.listForScopeNextResults
+	req, err := client.ListForScopePreparer(ctx, scope, filter)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "ListForScope", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.ListForScopeSender(req)
+	if err != nil {
+		result.dalr.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "ListForScope", resp, "Failure sending request")
+		return
+	}
+
+	result.dalr, err = client.ListForScopeResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "ListForScope", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// ListForScopePreparer prepares the ListForScope request.
+func (client DenyAssignmentsClient) ListForScopePreparer(ctx context.Context, scope string, filter string) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"scope": scope,
+	}
+
+	const APIVersion = "2018-07-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+	if len(filter) > 0 {
+		queryParameters["$filter"] = autorest.Encode("query", filter)
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/{scope}/providers/Microsoft.Authorization/denyAssignments", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// ListForScopeSender sends the ListForScope request. The method will close the
+// http.Response Body if it receives an error.
+func (client DenyAssignmentsClient) ListForScopeSender(req *http.Request) (*http.Response, error) {
+	return autorest.SendWithSender(client, req,
+		autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...))
+}
+
+// ListForScopeResponder handles the response to the ListForScope request. The method always
+// closes the http.Response Body.
+func (client DenyAssignmentsClient) ListForScopeResponder(resp *http.Response) (result DenyAssignmentListResult, err error) {
+	err = autorest.Respond(
+		resp,
+		client.ByInspecting(),
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// listForScopeNextResults retrieves the next set of results, if any.
+func (client DenyAssignmentsClient) listForScopeNextResults(lastResults DenyAssignmentListResult) (result DenyAssignmentListResult, err error) {
+	req, err := lastResults.denyAssignmentListResultPreparer()
+	if err != nil {
+		return result, autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listForScopeNextResults", nil, "Failure preparing next results request")
+	}
+	if req == nil {
+		return
+	}
+	resp, err := client.ListForScopeSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		return result, autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listForScopeNextResults", resp, "Failure sending next results request")
+	}
+	result, err = client.ListForScopeResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "authorization.DenyAssignmentsClient", "listForScopeNextResults", resp, "Failure responding to next results request")
+	}
+	return
+}
+
+// ListForScopeComplete enumerates all values, automatically crossing page boundaries as required.
+func (client DenyAssignmentsClient) ListForScopeComplete(ctx context.Context, scope string, filter string) (result DenyAssignmentListResultIterator, err error) {
+	result.page, err = client.ListForScope(ctx, scope, filter)
+	return
+}
diff --git a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/models.go b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/models.go
index 880664e3824a..7f4058c72b86 100644
--- a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/models.go
+++ b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/models.go
@@ -246,6 +246,232 @@ type ClassicAdministratorProperties struct {
 	Role *string `json:"role,omitempty"`
 }
 
+// DenyAssignment deny Assignment
+type DenyAssignment struct {
+	autorest.Response `json:"-"`
+	// ID - The deny assignment ID.
+	ID *string `json:"id,omitempty"`
+	// Name - The deny assignment name.
+	Name *string `json:"name,omitempty"`
+	// Type - The deny assignment type.
+	Type *string `json:"type,omitempty"`
+	// DenyAssignmentProperties - Deny assignment properties.
+	*DenyAssignmentProperties `json:"properties,omitempty"`
+}
+
+// MarshalJSON is the custom marshaler for DenyAssignment.
+func (da DenyAssignment) MarshalJSON() ([]byte, error) {
+	objectMap := make(map[string]interface{})
+	if da.ID != nil {
+		objectMap["id"] = da.ID
+	}
+	if da.Name != nil {
+		objectMap["name"] = da.Name
+	}
+	if da.Type != nil {
+		objectMap["type"] = da.Type
+	}
+	if da.DenyAssignmentProperties != nil {
+		objectMap["properties"] = da.DenyAssignmentProperties
+	}
+	return json.Marshal(objectMap)
+}
+
+// UnmarshalJSON is the custom unmarshaler for DenyAssignment struct.
+func (da *DenyAssignment) UnmarshalJSON(body []byte) error {
+	var m map[string]*json.RawMessage
+	err := json.Unmarshal(body, &m)
+	if err != nil {
+		return err
+	}
+	for k, v := range m {
+		switch k {
+		case "id":
+			if v != nil {
+				var ID string
+				err = json.Unmarshal(*v, &ID)
+				if err != nil {
+					return err
+				}
+				da.ID = &ID
+			}
+		case "name":
+			if v != nil {
+				var name string
+				err = json.Unmarshal(*v, &name)
+				if err != nil {
+					return err
+				}
+				da.Name = &name
+			}
+		case "type":
+			if v != nil {
+				var typeVar string
+				err = json.Unmarshal(*v, &typeVar)
+				if err != nil {
+					return err
+				}
+				da.Type = &typeVar
+			}
+		case "properties":
+			if v != nil {
+				var denyAssignmentProperties DenyAssignmentProperties
+				err = json.Unmarshal(*v, &denyAssignmentProperties)
+				if err != nil {
+					return err
+				}
+				da.DenyAssignmentProperties = &denyAssignmentProperties
+			}
+		}
+	}
+
+	return nil
+}
+
+// DenyAssignmentFilter deny Assignments filter
+type DenyAssignmentFilter struct {
+	// DenyAssignmentName - Return deny assignment with specified name.
+	DenyAssignmentName *string `json:"denyAssignmentName,omitempty"`
+	// PrincipalID - Return all deny assignments where the specified principal is listed in the principals list of deny assignments.
+	PrincipalID *string `json:"principalId,omitempty"`
+	// GdprExportPrincipalID - Return all deny assignments where the specified principal is listed either in the principals list or exclude principals list of deny assignments.
+	GdprExportPrincipalID *string `json:"gdprExportPrincipalId,omitempty"`
+}
+
+// DenyAssignmentListResult deny assignment list operation result.
+type DenyAssignmentListResult struct {
+	autorest.Response `json:"-"`
+	// Value - Deny assignment list.
+	Value *[]DenyAssignment `json:"value,omitempty"`
+	// NextLink - The URL to use for getting the next set of results.
+	NextLink *string `json:"nextLink,omitempty"`
+}
+
+// DenyAssignmentListResultIterator provides access to a complete listing of DenyAssignment values.
+type DenyAssignmentListResultIterator struct {
+	i    int
+	page DenyAssignmentListResultPage
+}
+
+// Next advances to the next value.  If there was an error making
+// the request the iterator does not advance and the error is returned.
+func (iter *DenyAssignmentListResultIterator) Next() error {
+	iter.i++
+	if iter.i < len(iter.page.Values()) {
+		return nil
+	}
+	err := iter.page.Next()
+	if err != nil {
+		iter.i--
+		return err
+	}
+	iter.i = 0
+	return nil
+}
+
+// NotDone returns true if the enumeration should be started or is not yet complete.
+func (iter DenyAssignmentListResultIterator) NotDone() bool {
+	return iter.page.NotDone() && iter.i < len(iter.page.Values())
+}
+
+// Response returns the raw server response from the last page request.
+func (iter DenyAssignmentListResultIterator) Response() DenyAssignmentListResult {
+	return iter.page.Response()
+}
+
+// Value returns the current value or a zero-initialized value if the
+// iterator has advanced beyond the end of the collection.
+func (iter DenyAssignmentListResultIterator) Value() DenyAssignment {
+	if !iter.page.NotDone() {
+		return DenyAssignment{}
+	}
+	return iter.page.Values()[iter.i]
+}
+
+// IsEmpty returns true if the ListResult contains no values.
+func (dalr DenyAssignmentListResult) IsEmpty() bool {
+	return dalr.Value == nil || len(*dalr.Value) == 0
+}
+
+// denyAssignmentListResultPreparer prepares a request to retrieve the next set of results.
+// It returns nil if no more results exist.
+func (dalr DenyAssignmentListResult) denyAssignmentListResultPreparer() (*http.Request, error) {
+	if dalr.NextLink == nil || len(to.String(dalr.NextLink)) < 1 {
+		return nil, nil
+	}
+	return autorest.Prepare(&http.Request{},
+		autorest.AsJSON(),
+		autorest.AsGet(),
+		autorest.WithBaseURL(to.String(dalr.NextLink)))
+}
+
+// DenyAssignmentListResultPage contains a page of DenyAssignment values.
+type DenyAssignmentListResultPage struct {
+	fn   func(DenyAssignmentListResult) (DenyAssignmentListResult, error)
+	dalr DenyAssignmentListResult
+}
+
+// Next advances to the next page of values.  If there was an error making
+// the request the page does not advance and the error is returned.
+func (page *DenyAssignmentListResultPage) Next() error {
+	next, err := page.fn(page.dalr)
+	if err != nil {
+		return err
+	}
+	page.dalr = next
+	return nil
+}
+
+// NotDone returns true if the page enumeration should be started or is not yet complete.
+func (page DenyAssignmentListResultPage) NotDone() bool {
+	return !page.dalr.IsEmpty()
+}
+
+// Response returns the raw server response from the last page request.
+func (page DenyAssignmentListResultPage) Response() DenyAssignmentListResult {
+	return page.dalr
+}
+
+// Values returns the slice of values for the current page or nil if there are no values.
+func (page DenyAssignmentListResultPage) Values() []DenyAssignment {
+	if page.dalr.IsEmpty() {
+		return nil
+	}
+	return *page.dalr.Value
+}
+
+// DenyAssignmentPermission deny assignment permissions.
+type DenyAssignmentPermission struct {
+	// Actions - Actions to which the deny assignment does not grant access.
+	Actions *[]string `json:"actions,omitempty"`
+	// NotActions - Actions to exclude from that the deny assignment does not grant access.
+	NotActions *[]string `json:"notActions,omitempty"`
+	// DataActions - Data actions to which the deny assignment does not grant access.
+	DataActions *[]string `json:"dataActions,omitempty"`
+	// NotDataActions - Data actions to exclude from that the deny assignment does not grant access.
+	NotDataActions *[]string `json:"notDataActions,omitempty"`
+}
+
+// DenyAssignmentProperties deny assignment properties.
+type DenyAssignmentProperties struct {
+	// DenyAssignmentName - The display name of the deny assignment.
+	DenyAssignmentName *string `json:"denyAssignmentName,omitempty"`
+	// Description - The description of the deny assignment.
+	Description *string `json:"description,omitempty"`
+	// Permissions - An array of permissions that are denied by the deny assignment.
+	Permissions *[]DenyAssignmentPermission `json:"permissions,omitempty"`
+	// Scope - The deny assignment scope.
+	Scope *string `json:"scope,omitempty"`
+	// DoNotApplyToChildScopes - Determines if the deny assignment applies to child scopes. Default value is false.
+	DoNotApplyToChildScopes *bool `json:"doNotApplyToChildScopes,omitempty"`
+	// Principals - Array of principals to which the deny assignment applies.
+	Principals *[]Principal `json:"principals,omitempty"`
+	// ExcludePrincipals - Array of principals to which the deny assignment does not apply.
+	ExcludePrincipals *[]Principal `json:"excludePrincipals,omitempty"`
+	// IsSystemProtected - Specifies whether this deny assignment was created by Azure and cannot be edited or deleted.
+	IsSystemProtected *bool `json:"isSystemProtected,omitempty"`
+}
+
 // Permission role definition permissions.
 type Permission struct {
 	// Actions - Allowed actions.
@@ -360,6 +586,14 @@ func (page PermissionGetResultPage) Values() []Permission {
 	return *page.pgr.Value
 }
 
+// Principal deny assignment principal.
+type Principal struct {
+	// ID - Object ID of the Azure AD principal (user, group, or service principal) to which the deny assignment applies. An empty guid '00000000-0000-0000-0000-000000000000' as principal id and principal type as 'Everyone' represents all users, groups and service principals.
+	ID *string `json:"id,omitempty"`
+	// Type - Type of object represented by principal id (user, group, or service principal). An empty guid '00000000-0000-0000-0000-000000000000' as principal id and principal type as 'Everyone' represents all users, groups and service principals.
+	Type *string `json:"type,omitempty"`
+}
+
 // ProviderOperation operation
 type ProviderOperation struct {
 	// Name - The operation name.
diff --git a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/permissions.go b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/permissions.go
index 64fc6fe7c1b2..25165902180b 100644
--- a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/permissions.go
+++ b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/permissions.go
@@ -24,10 +24,7 @@ import (
 	"net/http"
 )
 
-// PermissionsClient is the role based access control provides you a way to apply granular level policy administration
-// down to individual resources or resource groups. These operations enable you to manage role definitions and role
-// assignments. A role definition describes the set of actions that can be performed on resources. A role assignment
-// grants access to Azure Active Directory users.
+// PermissionsClient is the client for the Permissions methods of the Authorization service.
 type PermissionsClient struct {
 	BaseClient
 }
diff --git a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/provideroperationsmetadata.go b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/provideroperationsmetadata.go
index fe6990059497..53b37d2d8f1d 100644
--- a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/provideroperationsmetadata.go
+++ b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/provideroperationsmetadata.go
@@ -24,10 +24,8 @@ import (
 	"net/http"
 )
 
-// ProviderOperationsMetadataClient is the role based access control provides you a way to apply granular level policy
-// administration down to individual resources or resource groups. These operations enable you to manage role
-// definitions and role assignments. A role definition describes the set of actions that can be performed on resources.
-// A role assignment grants access to Azure Active Directory users.
+// ProviderOperationsMetadataClient is the client for the ProviderOperationsMetadata methods of the Authorization
+// service.
 type ProviderOperationsMetadataClient struct {
 	BaseClient
 }
diff --git a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/roleassignments.go b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/roleassignments.go
index de06fc581bdc..a255a0f10fbf 100644
--- a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/roleassignments.go
+++ b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/roleassignments.go
@@ -25,10 +25,7 @@ import (
 	"net/http"
 )
 
-// RoleAssignmentsClient is the role based access control provides you a way to apply granular level policy
-// administration down to individual resources or resource groups. These operations enable you to manage role
-// definitions and role assignments. A role definition describes the set of actions that can be performed on resources.
-// A role assignment grants access to Azure Active Directory users.
+// RoleAssignmentsClient is the client for the RoleAssignments methods of the Authorization service.
 type RoleAssignmentsClient struct {
 	BaseClient
 }
diff --git a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/roledefinitions.go b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/roledefinitions.go
index 14f0eada1838..f67afd02afe7 100644
--- a/services/preview/authorization/mgmt/2018-09-01-preview/authorization/roledefinitions.go
+++ b/services/preview/authorization/mgmt/2018-09-01-preview/authorization/roledefinitions.go
@@ -24,10 +24,7 @@ import (
 	"net/http"
 )
 
-// RoleDefinitionsClient is the role based access control provides you a way to apply granular level policy
-// administration down to individual resources or resource groups. These operations enable you to manage role
-// definitions and role assignments. A role definition describes the set of actions that can be performed on resources.
-// A role assignment grants access to Azure Active Directory users.
+// RoleDefinitionsClient is the client for the RoleDefinitions methods of the Authorization service.
 type RoleDefinitionsClient struct {
 	BaseClient
 }