Policy Exemptions - Create Or Update

Reference

Service:: Policy

API Version:: 2022-07-01-preview

This operation creates or updates a policy exemption with the given scope and name. Policy exemptions apply to all resources contained within their scope. For example, when you create a policy exemption at resource group scope for a policy assignment at the same or above level, the exemption exempts to all applicable resources in the resource group.

PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}?api-version=2022-07-01-preview

URI Parameters

Name	In	Required	Type	Description
policyExemptionName	path	True	string	The name of the policy exemption to delete.
scope	path	True	string	The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
api-version	query	True	string	The API version to use for the operation.

Request Body

Name	Required	Type	Description
properties.exemptionCategory	True	exemptionCategory	The policy exemption category. Possible values are Waiver and Mitigated.
properties.policyAssignmentId	True	string	The ID of the policy assignment that is being exempted.
properties.assignmentScopeValidation		AssignmentScopeValidation	The option whether validate the exemption is at or under the assignment scope.
properties.description		string	The description of the policy exemption.
properties.displayName		string	The display name of the policy exemption.
properties.expiresOn		string	The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
properties.metadata		object	The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
properties.policyDefinitionReferenceIds		string[]	The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
properties.resourceSelectors		ResourceSelector[]	The resource selector list to filter policies by resource properties.

Responses

Name	Type	Description
200 OK	PolicyExemption	OK - Returns information about the updated policy exemption.
201 Created	PolicyExemption	Created - Returns information about the new policy exemption.
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Create or update a policy exemption

Create or update a policy exemption with resource selectors

Create or update a policy exemption

Sample request

PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM?api-version=2022-07-01-preview

{
  "properties": {
    "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
    "policyDefinitionReferenceIds": [
      "Limit_Skus"
    ],
    "exemptionCategory": "Waiver",
    "displayName": "Exempt demo cluster",
    "description": "Exempt demo cluster from limit sku",
    "metadata": {
      "reason": "Temporary exemption for a expensive VM demo"
    }
  }
}


import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyExemptionInner;
import com.azure.resourcemanager.resources.models.ExemptionCategory;
import java.io.IOException;
import java.util.Arrays;

/**
 * Samples for PolicyExemptions CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/
     * createOrUpdatePolicyExemption.json
     */
    /**
     * Sample code: Create or update a policy exemption.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateAPolicyExemption(com.azure.resourcemanager.AzureResourceManager azure)
        throws IOException {
        azure.genericResources().manager().policyClient().getPolicyExemptions().createOrUpdateWithResponse(
            "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "DemoExpensiveVM",
            new PolicyExemptionInner().withPolicyAssignmentId(
                "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
                .withPolicyDefinitionReferenceIds(Arrays.asList("Limit_Skus"))
                .withExemptionCategory(ExemptionCategory.WAIVER).withDisplayName("Exempt demo cluster")
                .withDescription("Exempt demo cluster from limit sku")
                .withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
                    "{\"reason\":\"Temporary exemption for a expensive VM demo\"}", Object.class,
                    SerializerEncoding.JSON)),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicy_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ec0fcc278aa2128c4fbb2b8a1aa93432d72cce0/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemption.json
func ExampleExemptionsClient_CreateOrUpdate_createOrUpdateAPolicyExemption() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewExemptionsClient().CreateOrUpdate(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "DemoExpensiveVM", armpolicy.Exemption{
		Properties: &armpolicy.ExemptionProperties{
			Description:       to.Ptr("Exempt demo cluster from limit sku"),
			DisplayName:       to.Ptr("Exempt demo cluster"),
			ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
			Metadata: map[string]any{
				"reason": "Temporary exemption for a expensive VM demo",
			},
			PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
			PolicyDefinitionReferenceIDs: []*string{
				to.Ptr("Limit_Skus")},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Exemption = armpolicy.Exemption{
	// 	Name: to.Ptr("DemoExpensiveVM"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM"),
	// 	Properties: &armpolicy.ExemptionProperties{
	// 		Description: to.Ptr("Exempt demo cluster from limit sku"),
	// 		DisplayName: to.Ptr("Exempt demo cluster"),
	// 		ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
	// 		Metadata: map[string]any{
	// 			"reason": "Temporary exemption for a expensive VM demo",
	// 		},
	// 		PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
	// 		PolicyDefinitionReferenceIDs: []*string{
	// 			to.Ptr("Limit_Skus")},
	// 		},
	// 		SystemData: &armpolicy.SystemData{
	// 			CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.107Z"); return t}()),
	// 			CreatedBy: to.Ptr("string"),
	// 			CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
	// 			LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.107Z"); return t}()),
	// 			LastModifiedBy: to.Ptr("string"),
	// 			LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 201

{
  "properties": {
    "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
    "policyDefinitionReferenceIds": [
      "Limit_Skus"
    ],
    "exemptionCategory": "Waiver",
    "displayName": "Exempt demo cluster",
    "description": "Exempt demo cluster from limit sku",
    "metadata": {
      "reason": "Temporary exemption for a expensive VM demo"
    }
  },
  "systemData": {
    "createdBy": "string",
    "createdByType": "User",
    "createdAt": "2020-07-01T01:01:01.1075056Z",
    "lastModifiedBy": "string",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-07-01T01:01:01.1075056Z"
  },
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM",
  "type": "Microsoft.Authorization/policyExemptions",
  "name": "DemoExpensiveVM"
}

Status code:: 200

{
  "properties": {
    "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
    "policyDefinitionReferenceIds": [
      "Limit_Skus"
    ],
    "exemptionCategory": "Waiver",
    "displayName": "Exempt demo cluster",
    "description": "Exempt demo cluster from limit sku",
    "metadata": {
      "reason": "Temporary exemption for a expensive VM demo"
    }
  },
  "systemData": {
    "createdBy": "string",
    "createdByType": "User",
    "createdAt": "2020-07-01T01:01:01.1075056Z",
    "lastModifiedBy": "string",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-07-01T02:01:01.1075056Z"
  },
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM",
  "type": "Microsoft.Authorization/policyExemptions",
  "name": "DemoExpensiveVM"
}

Create or update a policy exemption with resource selectors

Sample request

PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM?api-version=2022-07-01-preview

{
  "properties": {
    "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
    "policyDefinitionReferenceIds": [
      "Limit_Skus"
    ],
    "exemptionCategory": "Waiver",
    "displayName": "Exempt demo cluster",
    "description": "Exempt demo cluster from limit sku",
    "metadata": {
      "reason": "Temporary exemption for a expensive VM demo"
    },
    "assignmentScopeValidation": "Default",
    "resourceSelectors": [
      {
        "name": "SDPRegions",
        "selectors": [
          {
            "kind": "resourceLocation",
            "in": [
              "eastus2euap",
              "centraluseuap"
            ]
          }
        ]
      }
    ]
  }
}


import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyExemptionInner;
import com.azure.resourcemanager.resources.models.AssignmentScopeValidation;
import com.azure.resourcemanager.resources.models.ExemptionCategory;
import com.azure.resourcemanager.resources.models.ResourceSelector;
import com.azure.resourcemanager.resources.models.Selector;
import com.azure.resourcemanager.resources.models.SelectorKind;
import java.io.IOException;
import java.util.Arrays;

/**
 * Samples for PolicyExemptions CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/
     * createOrUpdatePolicyExemptionWithResourceSelectors.json
     */
    /**
     * Sample code: Create or update a policy exemption with resource selectors.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateAPolicyExemptionWithResourceSelectors(
        com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
        azure.genericResources().manager().policyClient().getPolicyExemptions().createOrUpdateWithResponse(
            "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "DemoExpensiveVM",
            new PolicyExemptionInner().withPolicyAssignmentId(
                "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
                .withPolicyDefinitionReferenceIds(Arrays.asList("Limit_Skus"))
                .withExemptionCategory(ExemptionCategory.WAIVER).withDisplayName("Exempt demo cluster")
                .withDescription("Exempt demo cluster from limit sku")
                .withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
                    "{\"reason\":\"Temporary exemption for a expensive VM demo\"}", Object.class,
                    SerializerEncoding.JSON))
                .withResourceSelectors(Arrays.asList(new ResourceSelector().withName("SDPRegions")
                    .withSelectors(Arrays.asList(new Selector().withKind(SelectorKind.RESOURCE_LOCATION)
                        .withIn(Arrays.asList("eastus2euap", "centraluseuap"))))))
                .withAssignmentScopeValidation(AssignmentScopeValidation.DEFAULT),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicy_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ec0fcc278aa2128c4fbb2b8a1aa93432d72cce0/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemptionWithResourceSelectors.json
func ExampleExemptionsClient_CreateOrUpdate_createOrUpdateAPolicyExemptionWithResourceSelectors() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewExemptionsClient().CreateOrUpdate(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "DemoExpensiveVM", armpolicy.Exemption{
		Properties: &armpolicy.ExemptionProperties{
			Description:               to.Ptr("Exempt demo cluster from limit sku"),
			AssignmentScopeValidation: to.Ptr(armpolicy.AssignmentScopeValidationDefault),
			DisplayName:               to.Ptr("Exempt demo cluster"),
			ExemptionCategory:         to.Ptr(armpolicy.ExemptionCategoryWaiver),
			Metadata: map[string]any{
				"reason": "Temporary exemption for a expensive VM demo",
			},
			PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
			PolicyDefinitionReferenceIDs: []*string{
				to.Ptr("Limit_Skus")},
			ResourceSelectors: []*armpolicy.ResourceSelector{
				{
					Name: to.Ptr("SDPRegions"),
					Selectors: []*armpolicy.Selector{
						{
							In: []*string{
								to.Ptr("eastus2euap"),
								to.Ptr("centraluseuap")},
							Kind: to.Ptr(armpolicy.SelectorKindResourceLocation),
						}},
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Exemption = armpolicy.Exemption{
	// 	Name: to.Ptr("DemoExpensiveVM"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM"),
	// 	Properties: &armpolicy.ExemptionProperties{
	// 		Description: to.Ptr("Exempt demo cluster from limit sku"),
	// 		AssignmentScopeValidation: to.Ptr(armpolicy.AssignmentScopeValidationDefault),
	// 		DisplayName: to.Ptr("Exempt demo cluster"),
	// 		ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
	// 		Metadata: map[string]any{
	// 			"reason": "Temporary exemption for a expensive VM demo",
	// 		},
	// 		PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
	// 		PolicyDefinitionReferenceIDs: []*string{
	// 			to.Ptr("Limit_Skus")},
	// 			ResourceSelectors: []*armpolicy.ResourceSelector{
	// 				{
	// 					Name: to.Ptr("SDPRegions"),
	// 					Selectors: []*armpolicy.Selector{
	// 						{
	// 							In: []*string{
	// 								to.Ptr("eastus2euap"),
	// 								to.Ptr("centraluseuap")},
	// 								Kind: to.Ptr(armpolicy.SelectorKindResourceLocation),
	// 						}},
	// 				}},
	// 			},
	// 			SystemData: &armpolicy.SystemData{
	// 				CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.107Z"); return t}()),
	// 				CreatedBy: to.Ptr("string"),
	// 				CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
	// 				LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.107Z"); return t}()),
	// 				LastModifiedBy: to.Ptr("string"),
	// 				LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
	// 			},
	// 		}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 201

{
  "properties": {
    "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
    "policyDefinitionReferenceIds": [
      "Limit_Skus"
    ],
    "exemptionCategory": "Waiver",
    "displayName": "Exempt demo cluster",
    "description": "Exempt demo cluster from limit sku",
    "metadata": {
      "reason": "Temporary exemption for a expensive VM demo"
    },
    "assignmentScopeValidation": "Default",
    "resourceSelectors": [
      {
        "name": "SDPRegions",
        "selectors": [
          {
            "kind": "resourceLocation",
            "in": [
              "eastus2euap",
              "centraluseuap"
            ]
          }
        ]
      }
    ]
  },
  "systemData": {
    "createdBy": "string",
    "createdByType": "User",
    "createdAt": "2020-07-01T01:01:01.1075056Z",
    "lastModifiedBy": "string",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-07-01T01:01:01.1075056Z"
  },
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM",
  "type": "Microsoft.Authorization/policyExemptions",
  "name": "DemoExpensiveVM"
}

Status code:: 200

{
  "properties": {
    "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
    "policyDefinitionReferenceIds": [
      "Limit_Skus"
    ],
    "exemptionCategory": "Waiver",
    "displayName": "Exempt demo cluster",
    "description": "Exempt demo cluster from limit sku",
    "metadata": {
      "reason": "Temporary exemption for a expensive VM demo"
    },
    "assignmentScopeValidation": "Default",
    "resourceSelectors": [
      {
        "name": "SDPRegions",
        "selectors": [
          {
            "kind": "resourceLocation",
            "in": [
              "eastus2euap",
              "centraluseuap"
            ]
          }
        ]
      }
    ]
  },
  "systemData": {
    "createdBy": "string",
    "createdByType": "User",
    "createdAt": "2020-07-01T01:01:01.1075056Z",
    "lastModifiedBy": "string",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-07-01T02:01:01.1075056Z"
  },
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM",
  "type": "Microsoft.Authorization/policyExemptions",
  "name": "DemoExpensiveVM"
}

Definitions

Name	Description
AssignmentScopeValidation	The option whether validate the exemption is at or under the assignment scope.
CloudError	An error response from a policy operation.
createdByType	The type of identity that created the resource.
ErrorAdditionalInfo	The resource management error additional info.
ErrorResponse	Error Response
exemptionCategory	The policy exemption category. Possible values are Waiver and Mitigated.
PolicyExemption	The policy exemption.
ResourceSelector	The resource selector to filter policies by resource properties.
Selector	The selector expression.
SelectorKind	The selector kind.
systemData	Metadata pertaining to creation and last modification of the resource.

AssignmentScopeValidation

The option whether validate the exemption is at or under the assignment scope.

Name	Type	Description
Default	string	This option will validate the exemption is at or under the assignment scope.
DoNotValidate	string	This option will bypass the validation the exemption scope is at or under the policy assignment scope.

CloudError

An error response from a policy operation.

Name	Type	Description
error	ErrorResponse	Error Response Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.)

createdByType

The type of identity that created the resource.

Name	Type	Description
Application	string
Key	string
ManagedIdentity	string
User	string

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorResponse

Error Response

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorResponse[]	The error details.
message	string	The error message.
target	string	The error target.

exemptionCategory

The policy exemption category. Possible values are Waiver and Mitigated.

Name	Type	Description
Mitigated	string	This category of exemptions usually means the mitigation actions have been applied to the scope.
Waiver	string	This category of exemptions usually means the scope is not applicable for the policy.