Microsoft.Security governanceRules

Choose a deployment language

Bicep ARM template Terraform

Bicep resource definition

The governanceRules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/governanceRules resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Security/governanceRules@2022-01-01-preview' = {
  scope: resourceSymbolicName or scope
  name: 'string'
  properties: {
    conditionSets: [
      any(...)
    ]
    description: 'string'
    displayName: 'string'
    excludedScopes: [
      'string'
    ]
    governanceEmailNotification: {
      disableManagerEmailNotification: bool
      disableOwnerEmailNotification: bool
    }
    includeMemberScopes: bool
    isDisabled: bool
    isGracePeriod: bool
    metadata: {}
    ownerSource: {
      type: 'string'
      value: 'string'
    }
    remediationTimeframe: 'string'
    rulePriority: int
    ruleType: 'string'
    sourceResourceType: 'string'
  }
}

Property Values

GovernanceRuleEmailNotification

Name	Description	Value
disableManagerEmailNotification	Defines whether manager email notifications are disabled	bool
disableOwnerEmailNotification	Defines whether owner email notifications are disabled	bool

GovernanceRuleMetadata

Name	Description	Value

GovernanceRuleOwnerSource

Name	Description	Value
type	The owner type for the governance rule owner source	'ByTag' 'Manually'
value	The source value e.g. tag key like owner name or email address	string

GovernanceRuleProperties

Name	Description	Value
conditionSets	The governance rule conditionSets - see examples	any[] (required)
description	Description of the governance rule	string
displayName	Display name of the governance rule	string (required)
excludedScopes	Excluded scopes, filter out the descendants of the scope (on management scopes)	string[]
governanceEmailNotification	The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners	GovernanceRuleEmailNotification
includeMemberScopes	Defines whether the rule is management scope rule (master connector as a single scope or management scope)	bool
isDisabled	Defines whether the rule is active/inactive	bool
isGracePeriod	Defines whether there is a grace period on the governance rule	bool
metadata	The governance rule metadata	GovernanceRuleMetadata
ownerSource	The owner source for the governance rule - e.g. Manually by user@contoso.com - see example	GovernanceRuleOwnerSource (required)
remediationTimeframe	Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days	string Constraints: Pattern = ^[0-9]+\.[0-9]{2}:[0-9]{2}:[0-9]{2}$
rulePriority	The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed	int Constraints: Min value = 0 Max value = 1000 (required)
ruleType	The rule type of the governance rule, defines the source of the rule e.g. Integrated	'Integrated' 'ServiceNow' (required)
sourceResourceType	The governance rule source, what the rule affects, e.g. Assessments	'Assessments' (required)

Microsoft.Security/governanceRules

Name	Description	Value
name	The resource name	string (required)
properties	Properties of a governance rule	GovernanceRuleProperties
scope	Use when creating a resource at a scope that is different than the deployment scope.	Set this property to the symbolic name of a resource to apply the extension resource.

ARM template resource definition

The governanceRules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/governanceRules resource, add the following JSON to your template.

{
  "type": "Microsoft.Security/governanceRules",
  "apiVersion": "2022-01-01-preview",
  "name": "string",
  "properties": {
    "conditionSets": [ {} ],
    "description": "string",
    "displayName": "string",
    "excludedScopes": [ "string" ],
    "governanceEmailNotification": {
      "disableManagerEmailNotification": "bool",
      "disableOwnerEmailNotification": "bool"
    },
    "includeMemberScopes": "bool",
    "isDisabled": "bool",
    "isGracePeriod": "bool",
    "metadata": {
    },
    "ownerSource": {
      "type": "string",
      "value": "string"
    },
    "remediationTimeframe": "string",
    "rulePriority": "int",
    "ruleType": "string",
    "sourceResourceType": "string"
  }
}

Property Values

GovernanceRuleEmailNotification

Name	Description	Value
disableManagerEmailNotification	Defines whether manager email notifications are disabled	bool
disableOwnerEmailNotification	Defines whether owner email notifications are disabled	bool

GovernanceRuleMetadata

Name	Description	Value

GovernanceRuleOwnerSource

Name	Description	Value
type	The owner type for the governance rule owner source	'ByTag' 'Manually'
value	The source value e.g. tag key like owner name or email address	string

GovernanceRuleProperties

Name	Description	Value
conditionSets	The governance rule conditionSets - see examples	any[] (required)
description	Description of the governance rule	string
displayName	Display name of the governance rule	string (required)
excludedScopes	Excluded scopes, filter out the descendants of the scope (on management scopes)	string[]
governanceEmailNotification	The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners	GovernanceRuleEmailNotification
includeMemberScopes	Defines whether the rule is management scope rule (master connector as a single scope or management scope)	bool
isDisabled	Defines whether the rule is active/inactive	bool
isGracePeriod	Defines whether there is a grace period on the governance rule	bool
metadata	The governance rule metadata	GovernanceRuleMetadata
ownerSource	The owner source for the governance rule - e.g. Manually by user@contoso.com - see example	GovernanceRuleOwnerSource (required)
remediationTimeframe	Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days	string Constraints: Pattern = ^[0-9]+\.[0-9]{2}:[0-9]{2}:[0-9]{2}$
rulePriority	The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed	int Constraints: Min value = 0 Max value = 1000 (required)
ruleType	The rule type of the governance rule, defines the source of the rule e.g. Integrated	'Integrated' 'ServiceNow' (required)
sourceResourceType	The governance rule source, what the rule affects, e.g. Assessments	'Assessments' (required)

Microsoft.Security/governanceRules

Name	Description	Value
apiVersion	The api version	'2022-01-01-preview'
name	The resource name	string (required)
properties	Properties of a governance rule	GovernanceRuleProperties
type	The resource type	'Microsoft.Security/governanceRules'

Usage Examples

Terraform (AzAPI provider) resource definition

The governanceRules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/governanceRules resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Security/governanceRules@2022-01-01-preview"
  name = "string"
  parent_id = "string"
  body = {
    properties = {
      conditionSets = [
        ?
      ]
      description = "string"
      displayName = "string"
      excludedScopes = [
        "string"
      ]
      governanceEmailNotification = {
        disableManagerEmailNotification = bool
        disableOwnerEmailNotification = bool
      }
      includeMemberScopes = bool
      isDisabled = bool
      isGracePeriod = bool
      metadata = {
      }
      ownerSource = {
        type = "string"
        value = "string"
      }
      remediationTimeframe = "string"
      rulePriority = int
      ruleType = "string"
      sourceResourceType = "string"
    }
  }
}

Property Values

GovernanceRuleEmailNotification

Name	Description	Value
disableManagerEmailNotification	Defines whether manager email notifications are disabled	bool
disableOwnerEmailNotification	Defines whether owner email notifications are disabled	bool

GovernanceRuleMetadata

Name	Description	Value

GovernanceRuleOwnerSource

Name	Description	Value
type	The owner type for the governance rule owner source	'ByTag' 'Manually'
value	The source value e.g. tag key like owner name or email address	string

GovernanceRuleProperties

Name	Description	Value
conditionSets	The governance rule conditionSets - see examples	any[] (required)
description	Description of the governance rule	string
displayName	Display name of the governance rule	string (required)
excludedScopes	Excluded scopes, filter out the descendants of the scope (on management scopes)	string[]
governanceEmailNotification	The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners	GovernanceRuleEmailNotification
includeMemberScopes	Defines whether the rule is management scope rule (master connector as a single scope or management scope)	bool
isDisabled	Defines whether the rule is active/inactive	bool
isGracePeriod	Defines whether there is a grace period on the governance rule	bool
metadata	The governance rule metadata	GovernanceRuleMetadata
ownerSource	The owner source for the governance rule - e.g. Manually by user@contoso.com - see example	GovernanceRuleOwnerSource (required)
remediationTimeframe	Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days	string Constraints: Pattern = ^[0-9]+\.[0-9]{2}:[0-9]{2}:[0-9]{2}$
rulePriority	The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed	int Constraints: Min value = 0 Max value = 1000 (required)
ruleType	The rule type of the governance rule, defines the source of the rule e.g. Integrated	'Integrated' 'ServiceNow' (required)
sourceResourceType	The governance rule source, what the rule affects, e.g. Assessments	'Assessments' (required)

Microsoft.Security/governanceRules

Name	Description	Value
name	The resource name	string (required)
parent_id	The ID of the resource to apply this extension resource to.	string (required)
properties	Properties of a governance rule	GovernanceRuleProperties
type	The resource type	"Microsoft.Security/governanceRules@2022-01-01-preview"