Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The standardAssignments resource type can be deployed with operations that target:
- Tenant - See tenant deployment commands* Management groups - See management group deployment commands* Subscription - See subscription deployment commands* Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/standardAssignments resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/standardAssignments@2024-08-01' = {
scope: resourceSymbolicName or scope
name: 'string'
properties: {
assignedStandard: {
id: 'string'
}
attestationData: {
assignedAssessment: {
assessmentKey: 'string'
}
complianceState: 'string'
evidence: [
{
description: 'string'
sourceUrl: 'string'
}
]
}
description: 'string'
displayName: 'string'
effect: 'string'
excludedScopes: [
'string'
]
exemptionData: {
assignedAssessment: {
assessmentKey: 'string'
}
exemptionCategory: 'string'
}
expiresOn: 'string'
metadata: {}
}
}
Property Values
Microsoft.Security/standardAssignments
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Pattern = [{]?[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$ (required) |
| properties | Properties of a standard assignments assignment | StandardAssignmentProperties |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
AssignedAssessmentItem
| Name | Description | Value |
|---|---|---|
| assessmentKey | Unique key to a security assessment object | string |
AssignedStandardItem
| Name | Description | Value |
|---|---|---|
| id | Full resourceId of the Microsoft.Security/standard object | string |
AttestationEvidence
| Name | Description | Value |
|---|---|---|
| description | The description of the evidence | string |
| sourceUrl | The source url of the evidence | string |
StandardAssignmentMetadata
| Name | Description | Value |
|---|
StandardAssignmentProperties
| Name | Description | Value |
|---|---|---|
| assignedStandard | Standard item with key as applied to this standard assignment over the given scope | AssignedStandardItem |
| attestationData | Additional data about assignment that has Attest effect | StandardAssignmentPropertiesAttestationData |
| description | Description of the standardAssignment | string |
| displayName | Display name of the standardAssignment | string |
| effect | Expected effect of this assignment (Audit/Exempt/Attest) | 'Attest' 'Audit' 'Exempt' |
| excludedScopes | Excluded scopes, filter out the descendants of the scope (on management scopes) | string[] |
| exemptionData | Additional data about assignment that has Exempt effect | StandardAssignmentPropertiesExemptionData |
| expiresOn | Expiration date of this assignment as a full ISO date | string |
| metadata | The standard assignment metadata. | StandardAssignmentMetadata |
StandardAssignmentPropertiesAttestationData
| Name | Description | Value |
|---|---|---|
| assignedAssessment | Component item with key as applied to this standard assignment over the given scope | AssignedAssessmentItem |
| complianceState | Attest category of this assignment | 'compliant' 'nonCompliant' 'unknown' |
| evidence | Array of links to attestation evidence | AttestationEvidence[] |
StandardAssignmentPropertiesExemptionData
| Name | Description | Value |
|---|---|---|
| assignedAssessment | Component item with key as applied to this standard assignment over the given scope | AssignedAssessmentItem |
| exemptionCategory | Exemption category of this assignment | 'mitigated' 'waiver' |
ARM template resource definition
The standardAssignments resource type can be deployed with operations that target:
- Tenant - See tenant deployment commands* Management groups - See management group deployment commands* Subscription - See subscription deployment commands* Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/standardAssignments resource, add the following JSON to your template.
{
"type": "Microsoft.Security/standardAssignments",
"apiVersion": "2024-08-01",
"name": "string",
"properties": {
"assignedStandard": {
"id": "string"
},
"attestationData": {
"assignedAssessment": {
"assessmentKey": "string"
},
"complianceState": "string",
"evidence": [
{
"description": "string",
"sourceUrl": "string"
}
]
},
"description": "string",
"displayName": "string",
"effect": "string",
"excludedScopes": [ "string" ],
"exemptionData": {
"assignedAssessment": {
"assessmentKey": "string"
},
"exemptionCategory": "string"
},
"expiresOn": "string",
"metadata": {
}
}
}
Property Values
Microsoft.Security/standardAssignments
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2024-08-01' |
| name | The resource name | string Constraints: Pattern = [{]?[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$ (required) |
| properties | Properties of a standard assignments assignment | StandardAssignmentProperties |
| type | The resource type | 'Microsoft.Security/standardAssignments' |
AssignedAssessmentItem
| Name | Description | Value |
|---|---|---|
| assessmentKey | Unique key to a security assessment object | string |
AssignedStandardItem
| Name | Description | Value |
|---|---|---|
| id | Full resourceId of the Microsoft.Security/standard object | string |
AttestationEvidence
| Name | Description | Value |
|---|---|---|
| description | The description of the evidence | string |
| sourceUrl | The source url of the evidence | string |
StandardAssignmentMetadata
| Name | Description | Value |
|---|
StandardAssignmentProperties
| Name | Description | Value |
|---|---|---|
| assignedStandard | Standard item with key as applied to this standard assignment over the given scope | AssignedStandardItem |
| attestationData | Additional data about assignment that has Attest effect | StandardAssignmentPropertiesAttestationData |
| description | Description of the standardAssignment | string |
| displayName | Display name of the standardAssignment | string |
| effect | Expected effect of this assignment (Audit/Exempt/Attest) | 'Attest' 'Audit' 'Exempt' |
| excludedScopes | Excluded scopes, filter out the descendants of the scope (on management scopes) | string[] |
| exemptionData | Additional data about assignment that has Exempt effect | StandardAssignmentPropertiesExemptionData |
| expiresOn | Expiration date of this assignment as a full ISO date | string |
| metadata | The standard assignment metadata. | StandardAssignmentMetadata |
StandardAssignmentPropertiesAttestationData
| Name | Description | Value |
|---|---|---|
| assignedAssessment | Component item with key as applied to this standard assignment over the given scope | AssignedAssessmentItem |
| complianceState | Attest category of this assignment | 'compliant' 'nonCompliant' 'unknown' |
| evidence | Array of links to attestation evidence | AttestationEvidence[] |
StandardAssignmentPropertiesExemptionData
| Name | Description | Value |
|---|---|---|
| assignedAssessment | Component item with key as applied to this standard assignment over the given scope | AssignedAssessmentItem |
| exemptionCategory | Exemption category of this assignment | 'mitigated' 'waiver' |
Usage Examples
Terraform (AzAPI provider) resource definition
The standardAssignments resource type can be deployed with operations that target:
- Tenant* Management groups* Subscription* Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/standardAssignments resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/standardAssignments@2024-08-01"
name = "string"
parent_id = "string"
body = {
properties = {
assignedStandard = {
id = "string"
}
attestationData = {
assignedAssessment = {
assessmentKey = "string"
}
complianceState = "string"
evidence = [
{
description = "string"
sourceUrl = "string"
}
]
}
description = "string"
displayName = "string"
effect = "string"
excludedScopes = [
"string"
]
exemptionData = {
assignedAssessment = {
assessmentKey = "string"
}
exemptionCategory = "string"
}
expiresOn = "string"
metadata = {
}
}
}
}
Property Values
Microsoft.Security/standardAssignments
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Pattern = [{]?[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$ (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | Properties of a standard assignments assignment | StandardAssignmentProperties |
| type | The resource type | "Microsoft.Security/standardAssignments@2024-08-01" |
AssignedAssessmentItem
| Name | Description | Value |
|---|---|---|
| assessmentKey | Unique key to a security assessment object | string |
AssignedStandardItem
| Name | Description | Value |
|---|---|---|
| id | Full resourceId of the Microsoft.Security/standard object | string |
AttestationEvidence
| Name | Description | Value |
|---|---|---|
| description | The description of the evidence | string |
| sourceUrl | The source url of the evidence | string |
StandardAssignmentMetadata
| Name | Description | Value |
|---|
StandardAssignmentProperties
| Name | Description | Value |
|---|---|---|
| assignedStandard | Standard item with key as applied to this standard assignment over the given scope | AssignedStandardItem |
| attestationData | Additional data about assignment that has Attest effect | StandardAssignmentPropertiesAttestationData |
| description | Description of the standardAssignment | string |
| displayName | Display name of the standardAssignment | string |
| effect | Expected effect of this assignment (Audit/Exempt/Attest) | 'Attest' 'Audit' 'Exempt' |
| excludedScopes | Excluded scopes, filter out the descendants of the scope (on management scopes) | string[] |
| exemptionData | Additional data about assignment that has Exempt effect | StandardAssignmentPropertiesExemptionData |
| expiresOn | Expiration date of this assignment as a full ISO date | string |
| metadata | The standard assignment metadata. | StandardAssignmentMetadata |
StandardAssignmentPropertiesAttestationData
| Name | Description | Value |
|---|---|---|
| assignedAssessment | Component item with key as applied to this standard assignment over the given scope | AssignedAssessmentItem |
| complianceState | Attest category of this assignment | 'compliant' 'nonCompliant' 'unknown' |
| evidence | Array of links to attestation evidence | AttestationEvidence[] |
StandardAssignmentPropertiesExemptionData
| Name | Description | Value |
|---|---|---|
| assignedAssessment | Component item with key as applied to this standard assignment over the given scope | AssignedAssessmentItem |
| exemptionCategory | Exemption category of this assignment | 'mitigated' 'waiver' |