az policy remediation
Manage resource policy remediations.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az policy remediation cancel |
Cancel a resource policy remediation. |
Core | GA |
| az policy remediation create |
Create a resource policy remediation. |
Core | GA |
| az policy remediation delete |
Delete a resource policy remediation. |
Core | GA |
| az policy remediation deployment |
Manage resource policy remediation deployments. |
Core | GA |
| az policy remediation deployment list |
Lists deployments for a resource policy remediation. |
Core | GA |
| az policy remediation list |
List resource policy remediations. |
Core | GA |
| az policy remediation show |
Show a resource policy remediation. |
Core | GA |
az policy remediation cancel
Cancel a resource policy remediation.
az policy remediation cancel --name
[--management-group]
[--namespace]
[--parent]
[--resource]
[--resource-group]
[--resource-type]Required Parameters
Name of the remediation.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of management group.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Provider namespace (Ex: Microsoft.Provider).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Resource type (Ex: resourceTypeC).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az policy remediation create
Create a resource policy remediation.
az policy remediation create --name
--policy-assignment
[--definition-reference-id]
[--location-filters]
[--management-group]
[--namespace]
[--parent]
[--resource]
[--resource-discovery-mode {ExistingNonCompliant, ReEvaluateCompliance}]
[--resource-group]
[--resource-type]Examples
Create a remediation at resource group scope for a policy assignment
az policy remediation create -g myRg -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eabCreate a remediation at resource group scope for a policy assignment using the policy assignment resource ID
az policy remediation create -g myRg -n myRemediation --policy-assignment "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyAssignments/myPa"Create a remediation at subscription scope for a policy set assignment
az policy remediation create -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab --definition-reference-id auditVMPolicyReferenceCreate a remediation at management group scope for specific resource locations
az policy remediation create -m myMg -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab --location-filters eastus westeuropeCreate a remediation for a specific resource using the resource ID
az policy remediation create --resource "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/myVm" -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eabCreate a remediation that will re-evaluate compliance before remediating
az policy remediation create -g myRg -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab --resource-discovery-mode ReEvaluateComplianceRequired Parameters
Name of the remediation.
Name or resource ID of the policy assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Policy definition reference ID inside the policy set definition. Only required when the policy assignment is assigning a policy set definition.
Space separated list of resource locations that should be remediated (Ex: centralus westeurope).
Name of management group.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Provider namespace (Ex: Microsoft.Provider).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.
| Property | Value |
|---|---|
| Accepted values: | ExistingNonCompliant, ReEvaluateCompliance |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Resource type (Ex: resourceTypeC).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az policy remediation delete
Delete a resource policy remediation.
az policy remediation delete --name
[--management-group]
[--namespace]
[--parent]
[--resource]
[--resource-group]
[--resource-type]Required Parameters
Name of the remediation.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of management group.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Provider namespace (Ex: Microsoft.Provider).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Resource type (Ex: resourceTypeC).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az policy remediation list
List resource policy remediations.
az policy remediation list [--management-group]
[--namespace]
[--parent]
[--resource]
[--resource-group]
[--resource-type]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of management group.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Provider namespace (Ex: Microsoft.Provider).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Resource type (Ex: resourceTypeC).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az policy remediation show
Show a resource policy remediation.
az policy remediation show --name
[--management-group]
[--namespace]
[--parent]
[--resource]
[--resource-group]
[--resource-type]Required Parameters
Name of the remediation.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of management group.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Provider namespace (Ex: Microsoft.Provider).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Resource type (Ex: resourceTypeC).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
