Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The registrationDefinitions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedServices/registrationDefinitions resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ManagedServices/registrationDefinitions@2022-10-01' = {
scope: resourceSymbolicName or scope
name: 'string'
plan: {
name: 'string'
product: 'string'
publisher: 'string'
version: 'string'
}
properties: {
authorizations: [
{
delegatedRoleDefinitionIds: [
'string'
]
principalId: 'string'
principalIdDisplayName: 'string'
roleDefinitionId: 'string'
}
]
description: 'string'
eligibleAuthorizations: [
{
justInTimeAccessPolicy: {
managedByTenantApprovers: [
{
principalId: 'string'
principalIdDisplayName: 'string'
}
]
maximumActivationDuration: 'string'
multiFactorAuthProvider: 'string'
}
principalId: 'string'
principalIdDisplayName: 'string'
roleDefinitionId: 'string'
}
]
managedByTenantId: 'string'
registrationDefinitionName: 'string'
}
}
Property Values
Microsoft.ManagedServices/registrationDefinitions
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| plan | The details for the Managed Services offer’s plan in Azure Marketplace. | Plan |
| properties | The properties of a registration definition. | RegistrationDefinitionProperties |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
Authorization
| Name | Description | Value |
|---|---|---|
| delegatedRoleDefinitionIds | The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other principals. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$[] |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
EligibleApprover
| Name | Description | Value |
|---|---|---|
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
EligibleAuthorization
| Name | Description | Value |
|---|---|---|
| justInTimeAccessPolicy | The just-in-time access policy setting. | JustInTimeAccessPolicy |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
JustInTimeAccessPolicy
| Name | Description | Value |
|---|---|---|
| managedByTenantApprovers | The list of managedByTenant approvers for the eligible authorization. | EligibleApprover[] |
| maximumActivationDuration | The maximum access duration in ISO 8601 format for just-in-time access requests. | string |
| multiFactorAuthProvider | The multi-factor authorization provider to be used for just-in-time access requests. | 'Azure' 'None' (required) |
Plan
| Name | Description | Value |
|---|---|---|
| name | Azure Marketplace plan name. | string (required) |
| product | Azure Marketplace product code. | string (required) |
| publisher | Azure Marketplace publisher ID. | string (required) |
| version | Azure Marketplace plan's version. | string (required) |
RegistrationDefinitionProperties
| Name | Description | Value |
|---|---|---|
| authorizations | The collection of authorization objects describing the access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | Authorization[] (required) |
| description | The description of the registration definition. | string |
| eligibleAuthorizations | The collection of eligible authorization objects describing the just-in-time access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | EligibleAuthorization[] |
| managedByTenantId | The identifier of the managedBy tenant. | string (required) |
| registrationDefinitionName | The name of the registration definition. | string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| Registration Definition (Lighthouse) | AVM Resource Module for Registration Definition (Lighthouse) |
ARM template resource definition
The registrationDefinitions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedServices/registrationDefinitions resource, add the following JSON to your template.
{
"type": "Microsoft.ManagedServices/registrationDefinitions",
"apiVersion": "2022-10-01",
"name": "string",
"plan": {
"name": "string",
"product": "string",
"publisher": "string",
"version": "string"
},
"properties": {
"authorizations": [
{
"delegatedRoleDefinitionIds": [ "string" ],
"principalId": "string",
"principalIdDisplayName": "string",
"roleDefinitionId": "string"
}
],
"description": "string",
"eligibleAuthorizations": [
{
"justInTimeAccessPolicy": {
"managedByTenantApprovers": [
{
"principalId": "string",
"principalIdDisplayName": "string"
}
],
"maximumActivationDuration": "string",
"multiFactorAuthProvider": "string"
},
"principalId": "string",
"principalIdDisplayName": "string",
"roleDefinitionId": "string"
}
],
"managedByTenantId": "string",
"registrationDefinitionName": "string"
}
}
Property Values
Microsoft.ManagedServices/registrationDefinitions
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2022-10-01' |
| name | The resource name | string (required) |
| plan | The details for the Managed Services offer’s plan in Azure Marketplace. | Plan |
| properties | The properties of a registration definition. | RegistrationDefinitionProperties |
| type | The resource type | 'Microsoft.ManagedServices/registrationDefinitions' |
Authorization
| Name | Description | Value |
|---|---|---|
| delegatedRoleDefinitionIds | The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other principals. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$[] |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
EligibleApprover
| Name | Description | Value |
|---|---|---|
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
EligibleAuthorization
| Name | Description | Value |
|---|---|---|
| justInTimeAccessPolicy | The just-in-time access policy setting. | JustInTimeAccessPolicy |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
JustInTimeAccessPolicy
| Name | Description | Value |
|---|---|---|
| managedByTenantApprovers | The list of managedByTenant approvers for the eligible authorization. | EligibleApprover[] |
| maximumActivationDuration | The maximum access duration in ISO 8601 format for just-in-time access requests. | string |
| multiFactorAuthProvider | The multi-factor authorization provider to be used for just-in-time access requests. | 'Azure' 'None' (required) |
Plan
| Name | Description | Value |
|---|---|---|
| name | Azure Marketplace plan name. | string (required) |
| product | Azure Marketplace product code. | string (required) |
| publisher | Azure Marketplace publisher ID. | string (required) |
| version | Azure Marketplace plan's version. | string (required) |
RegistrationDefinitionProperties
| Name | Description | Value |
|---|---|---|
| authorizations | The collection of authorization objects describing the access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | Authorization[] (required) |
| description | The description of the registration definition. | string |
| eligibleAuthorizations | The collection of eligible authorization objects describing the just-in-time access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | EligibleAuthorization[] |
| managedByTenantId | The identifier of the managedBy tenant. | string (required) |
| registrationDefinitionName | The name of the registration definition. | string |
Usage Examples
Terraform (AzAPI provider) resource definition
The registrationDefinitions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedServices/registrationDefinitions resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.ManagedServices/registrationDefinitions@2022-10-01"
name = "string"
parent_id = "string"
body = {
plan = {
name = "string"
product = "string"
publisher = "string"
version = "string"
}
properties = {
authorizations = [
{
delegatedRoleDefinitionIds = [
"string"
]
principalId = "string"
principalIdDisplayName = "string"
roleDefinitionId = "string"
}
]
description = "string"
eligibleAuthorizations = [
{
justInTimeAccessPolicy = {
managedByTenantApprovers = [
{
principalId = "string"
principalIdDisplayName = "string"
}
]
maximumActivationDuration = "string"
multiFactorAuthProvider = "string"
}
principalId = "string"
principalIdDisplayName = "string"
roleDefinitionId = "string"
}
]
managedByTenantId = "string"
registrationDefinitionName = "string"
}
}
}
Property Values
Microsoft.ManagedServices/registrationDefinitions
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| plan | The details for the Managed Services offer’s plan in Azure Marketplace. | Plan |
| properties | The properties of a registration definition. | RegistrationDefinitionProperties |
| type | The resource type | "Microsoft.ManagedServices/registrationDefinitions@2022-10-01" |
Authorization
| Name | Description | Value |
|---|---|---|
| delegatedRoleDefinitionIds | The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other principals. | string Constraints: Min length = 36 Max length = 36 Pattern = ^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$[] |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
EligibleApprover
| Name | Description | Value |
|---|---|---|
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
EligibleAuthorization
| Name | Description | Value |
|---|---|---|
| justInTimeAccessPolicy | The just-in-time access policy setting. | JustInTimeAccessPolicy |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
JustInTimeAccessPolicy
| Name | Description | Value |
|---|---|---|
| managedByTenantApprovers | The list of managedByTenant approvers for the eligible authorization. | EligibleApprover[] |
| maximumActivationDuration | The maximum access duration in ISO 8601 format for just-in-time access requests. | string |
| multiFactorAuthProvider | The multi-factor authorization provider to be used for just-in-time access requests. | 'Azure' 'None' (required) |
Plan
| Name | Description | Value |
|---|---|---|
| name | Azure Marketplace plan name. | string (required) |
| product | Azure Marketplace product code. | string (required) |
| publisher | Azure Marketplace publisher ID. | string (required) |
| version | Azure Marketplace plan's version. | string (required) |
RegistrationDefinitionProperties
| Name | Description | Value |
|---|---|---|
| authorizations | The collection of authorization objects describing the access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | Authorization[] (required) |
| description | The description of the registration definition. | string |
| eligibleAuthorizations | The collection of eligible authorization objects describing the just-in-time access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | EligibleAuthorization[] |
| managedByTenantId | The identifier of the managedBy tenant. | string (required) |
| registrationDefinitionName | The name of the registration definition. | string |