Microsoft.PolicyInsights attestations

ARM template resource definition

The attestations resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.

Valid deployment scopes for the attestations resource are:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.PolicyInsights/attestations resource, add the following JSON to your template.

{
  "type": "Microsoft.PolicyInsights/attestations",
  "apiVersion": "2022-09-01",
  "name": "string",
  "scope": "string",
  "properties": {
    "assessmentDate": "string",
    "comments": "string",
    "complianceState": "string",
    "evidence": [
      {
        "description": "string",
        "sourceUri": "string"
      }
    ],
    "expiresOn": "string",
    "metadata": {},
    "owner": "string",
    "policyAssignmentId": "string",
    "policyDefinitionReferenceId": "string"
  }
}

Property values

attestations

Name Description Value
type The resource type 'Microsoft.PolicyInsights/attestations'
apiVersion The resource api version '2022-09-01'
name The resource name string (required)
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For JSON, set the value to the full name of the resource to apply the extension resource to.
properties Properties for the attestation. AttestationProperties (required)

AttestationProperties

Name Description Value
assessmentDate The time the evidence was assessed string
comments Comments describing why this attestation was created. string
complianceState The compliance state that should be set on the resource. 'Compliant'
'NonCompliant'
'Unknown'
evidence The evidence supporting the compliance state set in this attestation. AttestationEvidence[]
expiresOn The time the compliance state should expire. string
metadata Additional metadata for this attestation
owner The person responsible for setting the state of the resource. This value is typically an Azure Active Directory object ID. string
policyAssignmentId The resource ID of the policy assignment that the attestation is setting the state for. string (required)
policyDefinitionReferenceId The policy definition reference ID from a policy set definition that the attestation is setting the state for. If the policy assignment assigns a policy set definition the attestation can choose a definition within the set definition with this property or omit this and set the state for the entire set definition. string

AttestationEvidence

Name Description Value
description The description for this piece of evidence. string
sourceUri The URI location of the evidence. string