Microsoft.Authorization policyDefinitions

ARM template resource definition

The policyDefinitions resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.

Valid deployment scopes for the policyDefinitions resource are:

You can reference this resource type as a read-only resource at level of: Tenants

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Authorization/policyDefinitions resource, add the following JSON to your template.

{
  "type": "Microsoft.Authorization/policyDefinitions",
  "apiVersion": "2021-06-01",
  "name": "string",
  "scope": "string",
  "properties": {
    "description": "string",
    "displayName": "string",
    "metadata": {},
    "mode": "string",
    "parameters": {},
    "policyRule": {},
    "policyType": "string"
  }
}

Property values

policyDefinitions

Name Description Value
type The resource type 'Microsoft.Authorization/policyDefinitions'
apiVersion The resource api version '2021-06-01'
name The resource name string (required)

Character limit: 1-128 display name

1-64 resource name

Valid characters:
Display name can contain any characters.

Resource name can't use:
<>*%&:\?.+/ or control characters.

Can't end with period or space.
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For JSON, set the value to the full name of the resource to apply the extension resource to.

properties The policy definition properties. PolicyDefinitionProperties

PolicyDefinitionProperties

Name Description Value
description The policy definition description. string
displayName The display name of the policy definition. string
metadata The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
mode The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. string
parameters The parameter definitions for parameters used in the policy rule. The keys are the parameter names. object
policyRule The policy rule.
policyType The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. 'BuiltIn'
'Custom'
'NotSpecified'
'Static'


Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Deploy a policy definition and assign to a management group

Deploy to Azure
This template is a management group level template that will create a policy definition and assign that policy to the target management group. Currently, this template cannot be deployed via the Azure Portal.
Deploy a Policy Def and Assign to Multiple Mgmt Groups

Deploy to Azure
This template is a management group level template that will create a policy definition and assign that policy to multiple management groups.
Create an Azure Virtual Network Manager and sample VNETs

Deploy to Azure
This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types.