The policyDefinitions resource type is an extension resource, which means you can apply it to another resource.
Use the scope
property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
Valid deployment scopes for the policyDefinitions resource are:
You can reference this resource type as a read-only resource at level of: Tenants
For a list of changed properties in each API version, see change log.
To create a Microsoft.Authorization/policyDefinitions resource, add the following JSON to your template.
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "string",
"scope": "string",
"properties": {
"description": "string",
"displayName": "string",
"metadata": {},
"mode": "string",
"parameters": {},
"policyRule": {},
"policyType": "string"
}
}
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Authorization/policyDefinitions' |
apiVersion | The resource api version | '2021-06-01' |
name | The resource name | string (required) Character limit: 1-128 display name 1-64 resource name Valid characters: Display name can contain any characters. Resource name can't use: <>*%&:\?.+/ or control characters. Can't end with period or space. |
scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
properties | The policy definition properties. | PolicyDefinitionProperties |
Name | Description | Value |
---|---|---|
description | The policy definition description. | string |
displayName | The display name of the policy definition. | string |
metadata | The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. | |
mode | The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. | string |
parameters | The parameter definitions for parameters used in the policy rule. The keys are the parameter names. | object |
policyRule | The policy rule. | |
policyType | The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. | 'BuiltIn' 'Custom' 'NotSpecified' 'Static' |
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Deploy a policy definition and assign to a management group |
This template is a management group level template that will create a policy definition and assign that policy to the target management group. Currently, this template cannot be deployed via the Azure Portal. |
Deploy a Policy Def and Assign to Multiple Mgmt Groups |
This template is a management group level template that will create a policy definition and assign that policy to multiple management groups. |
Create an Azure Virtual Network Manager and sample VNETs |
This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. |