Microsoft.ManagedServices registrationDefinitions 2020-02-01-preview
Bicep resource definition
The registrationDefinitions resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.
Valid deployment scopes for the registrationDefinitions resource are:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedServices/registrationDefinitions resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ManagedServices/registrationDefinitions@2020-02-01-preview' = {
name: 'string'
scope: resourceSymbolicName
plan: {
name: 'string'
product: 'string'
publisher: 'string'
version: 'string'
}
properties: {
authorizations: [
{
delegatedRoleDefinitionIds: [
'string'
]
principalId: 'string'
principalIdDisplayName: 'string'
roleDefinitionId: 'string'
}
]
description: 'string'
eligibleAuthorizations: [
{
justInTimeAccessPolicy: {
managedByTenantApprovers: [
{
principalId: 'string'
principalIdDisplayName: 'string'
}
]
maximumActivationDuration: 'string'
multiFactorAuthProvider: 'string'
}
principalId: 'string'
principalIdDisplayName: 'string'
roleDefinitionId: 'string'
}
]
managedByTenantId: 'string'
registrationDefinitionName: 'string'
}
}
Property values
registrationDefinitions
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource. |
| plan | The details for the Managed Services offer’s plan in Azure Marketplace. | Plan |
| properties | The properties of a registration definition. | RegistrationDefinitionProperties |
Plan
| Name | Description | Value |
|---|---|---|
| name | Azure Marketplace plan name. | string (required) |
| product | Azure Marketplace product code. | string (required) |
| publisher | Azure Marketplace publisher ID. | string (required) |
| version | Azure Marketplace plan's version. | string (required) |
RegistrationDefinitionProperties
| Name | Description | Value |
|---|---|---|
| authorizations | The collection of authorization objects describing the access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | Authorization[] (required) |
| description | The description of the registration definition. | string |
| eligibleAuthorizations | The collection of eligible authorization objects describing the just-in-time access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | EligibleAuthorization[] |
| managedByTenantId | The identifier of the managedBy tenant. | string (required) |
| registrationDefinitionName | The name of the registration definition. | string |
Authorization
| Name | Description | Value |
|---|---|---|
| delegatedRoleDefinitionIds | The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other principals. | string[] |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
EligibleAuthorization
| Name | Description | Value |
|---|---|---|
| justInTimeAccessPolicy | The just-in-time access policy setting. | JustInTimeAccessPolicy |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
JustInTimeAccessPolicy
| Name | Description | Value |
|---|---|---|
| managedByTenantApprovers | The list of managedByTenant approvers for the eligible authorization. | EligibleApprover[] |
| maximumActivationDuration | The maximum access duration in ISO 8601 format for just-in-time access requests. | string |
| multiFactorAuthProvider | The multi-factor authorization provider to be used for just-in-time access requests. | 'Azure' 'None' (required) |
EligibleApprover
| Name | Description | Value |
|---|---|---|
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
ARM template resource definition
The registrationDefinitions resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
Valid deployment scopes for the registrationDefinitions resource are:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedServices/registrationDefinitions resource, add the following JSON to your template.
{
"type": "Microsoft.ManagedServices/registrationDefinitions",
"apiVersion": "2020-02-01-preview",
"name": "string",
"scope": "string",
"plan": {
"name": "string",
"product": "string",
"publisher": "string",
"version": "string"
},
"properties": {
"authorizations": [
{
"delegatedRoleDefinitionIds": [ "string" ],
"principalId": "string",
"principalIdDisplayName": "string",
"roleDefinitionId": "string"
}
],
"description": "string",
"eligibleAuthorizations": [
{
"justInTimeAccessPolicy": {
"managedByTenantApprovers": [
{
"principalId": "string",
"principalIdDisplayName": "string"
}
],
"maximumActivationDuration": "string",
"multiFactorAuthProvider": "string"
},
"principalId": "string",
"principalIdDisplayName": "string",
"roleDefinitionId": "string"
}
],
"managedByTenantId": "string",
"registrationDefinitionName": "string"
}
}
Property values
registrationDefinitions
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.ManagedServices/registrationDefinitions' |
| apiVersion | The resource api version | '2020-02-01-preview' |
| name | The resource name | string (required) |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
| plan | The details for the Managed Services offer’s plan in Azure Marketplace. | Plan |
| properties | The properties of a registration definition. | RegistrationDefinitionProperties |
Plan
| Name | Description | Value |
|---|---|---|
| name | Azure Marketplace plan name. | string (required) |
| product | Azure Marketplace product code. | string (required) |
| publisher | Azure Marketplace publisher ID. | string (required) |
| version | Azure Marketplace plan's version. | string (required) |
RegistrationDefinitionProperties
| Name | Description | Value |
|---|---|---|
| authorizations | The collection of authorization objects describing the access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | Authorization[] (required) |
| description | The description of the registration definition. | string |
| eligibleAuthorizations | The collection of eligible authorization objects describing the just-in-time access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | EligibleAuthorization[] |
| managedByTenantId | The identifier of the managedBy tenant. | string (required) |
| registrationDefinitionName | The name of the registration definition. | string |
Authorization
| Name | Description | Value |
|---|---|---|
| delegatedRoleDefinitionIds | The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other principals. | string[] |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
EligibleAuthorization
| Name | Description | Value |
|---|---|---|
| justInTimeAccessPolicy | The just-in-time access policy setting. | JustInTimeAccessPolicy |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
JustInTimeAccessPolicy
| Name | Description | Value |
|---|---|---|
| managedByTenantApprovers | The list of managedByTenant approvers for the eligible authorization. | EligibleApprover[] |
| maximumActivationDuration | The maximum access duration in ISO 8601 format for just-in-time access requests. | string |
| multiFactorAuthProvider | The multi-factor authorization provider to be used for just-in-time access requests. | 'Azure' 'None' (required) |
EligibleApprover
| Name | Description | Value |
|---|---|---|
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
Terraform (AzAPI provider) resource definition
The registrationDefinitions resource type is an extension resource, which means you can apply it to another resource.
Use the parent_id property on this resource to set the scope for this resource.
Valid deployment scopes for the registrationDefinitions resource are:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedServices/registrationDefinitions resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.ManagedServices/registrationDefinitions@2020-02-01-preview"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
authorizations = [
{
delegatedRoleDefinitionIds = [
"string"
]
principalId = "string"
principalIdDisplayName = "string"
roleDefinitionId = "string"
}
]
description = "string"
eligibleAuthorizations = [
{
justInTimeAccessPolicy = {
managedByTenantApprovers = [
{
principalId = "string"
principalIdDisplayName = "string"
}
]
maximumActivationDuration = "string"
multiFactorAuthProvider = "string"
}
principalId = "string"
principalIdDisplayName = "string"
roleDefinitionId = "string"
}
]
managedByTenantId = "string"
registrationDefinitionName = "string"
}
plan = {
name = "string"
product = "string"
publisher = "string"
version = "string"
}
})
}
Property values
registrationDefinitions
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.ManagedServices/registrationDefinitions@2020-02-01-preview" |
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| plan | The details for the Managed Services offer’s plan in Azure Marketplace. | Plan |
| properties | The properties of a registration definition. | RegistrationDefinitionProperties |
Plan
| Name | Description | Value |
|---|---|---|
| name | Azure Marketplace plan name. | string (required) |
| product | Azure Marketplace product code. | string (required) |
| publisher | Azure Marketplace publisher ID. | string (required) |
| version | Azure Marketplace plan's version. | string (required) |
RegistrationDefinitionProperties
| Name | Description | Value |
|---|---|---|
| authorizations | The collection of authorization objects describing the access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | Authorization[] (required) |
| description | The description of the registration definition. | string |
| eligibleAuthorizations | The collection of eligible authorization objects describing the just-in-time access Azure Active Directory principals in the managedBy tenant will receive on the delegated resource in the managed tenant. | EligibleAuthorization[] |
| managedByTenantId | The identifier of the managedBy tenant. | string (required) |
| registrationDefinitionName | The name of the registration definition. | string |
Authorization
| Name | Description | Value |
|---|---|---|
| delegatedRoleDefinitionIds | The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other principals. | string[] |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
EligibleAuthorization
| Name | Description | Value |
|---|---|---|
| justInTimeAccessPolicy | The just-in-time access policy setting. | JustInTimeAccessPolicy |
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
| roleDefinitionId | The identifier of the Azure built-in role that defines the permissions that the Azure Active Directory principal will have on the projected scope. | string (required) |
JustInTimeAccessPolicy
| Name | Description | Value |
|---|---|---|
| managedByTenantApprovers | The list of managedByTenant approvers for the eligible authorization. | EligibleApprover[] |
| maximumActivationDuration | The maximum access duration in ISO 8601 format for just-in-time access requests. | string |
| multiFactorAuthProvider | The multi-factor authorization provider to be used for just-in-time access requests. | "Azure" "None" (required) |
EligibleApprover
| Name | Description | Value |
|---|---|---|
| principalId | The identifier of the Azure Active Directory principal. | string (required) |
| principalIdDisplayName | The display name of the Azure Active Directory principal. | string |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for