Share via


az policy remediation

Manage resource policy remediations.

Commands

Name Description Type Status
az policy remediation cancel

Cancel a resource policy remediation.

Core GA
az policy remediation create

Create a resource policy remediation.

Core GA
az policy remediation delete

Delete a resource policy remediation.

Core GA
az policy remediation deployment

Manage resource policy remediation deployments.

Core GA
az policy remediation deployment list

Lists deployments for a resource policy remediation.

Core GA
az policy remediation list

List resource policy remediations.

Core GA
az policy remediation show

Show a resource policy remediation.

Core GA

az policy remediation cancel

Cancel a resource policy remediation.

az policy remediation cancel --name
                             [--management-group]
                             [--namespace]
                             [--parent]
                             [--resource]
                             [--resource-group]
                             [--resource-type]

Required Parameters

--name -n

Name of the remediation.

Optional Parameters

--management-group -m

Name of management group.

--namespace

Provider namespace (Ex: Microsoft.Provider).

--parent

The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).

--resource

Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-type

Resource type (Ex: resourceTypeC).

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az policy remediation create

Create a resource policy remediation.

az policy remediation create --name
                             --policy-assignment
                             [--definition-reference-id]
                             [--location-filters]
                             [--management-group]
                             [--namespace]
                             [--parent]
                             [--resource]
                             [--resource-discovery-mode {ExistingNonCompliant, ReEvaluateCompliance}]
                             [--resource-group]
                             [--resource-type]

Examples

Create a remediation at resource group scope for a policy assignment

az policy remediation create -g myRg -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab

Create a remediation at resource group scope for a policy assignment using the policy assignment resource ID

az policy remediation create -g myRg -n myRemediation --policy-assignment "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyAssignments/myPa"

Create a remediation at subscription scope for a policy set assignment

az policy remediation create -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab --definition-reference-id auditVMPolicyReference

Create a remediation at management group scope for specific resource locations

az policy remediation create -m myMg -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab --location-filters eastus westeurope

Create a remediation for a specific resource using the resource ID

az policy remediation create --resource "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/myVm" -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab

Create a remediation that will re-evaluate compliance before remediating

az policy remediation create -g myRg -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab --resource-discovery-mode ReEvaluateCompliance

Required Parameters

--name -n

Name of the remediation.

--policy-assignment -a

Name or resource ID of the policy assignment.

Optional Parameters

--definition-reference-id

Policy definition reference ID inside the policy set definition. Only required when the policy assignment is assigning a policy set definition.

--location-filters

Space separated list of resource locations that should be remediated (Ex: centralus westeurope).

--management-group -m

Name of management group.

--namespace

Provider namespace (Ex: Microsoft.Provider).

--parent

The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).

--resource

Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.

--resource-discovery-mode

The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.

Accepted values: ExistingNonCompliant, ReEvaluateCompliance
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-type

Resource type (Ex: resourceTypeC).

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az policy remediation delete

Delete a resource policy remediation.

az policy remediation delete --name
                             [--management-group]
                             [--namespace]
                             [--parent]
                             [--resource]
                             [--resource-group]
                             [--resource-type]

Required Parameters

--name -n

Name of the remediation.

Optional Parameters

--management-group -m

Name of management group.

--namespace

Provider namespace (Ex: Microsoft.Provider).

--parent

The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).

--resource

Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-type

Resource type (Ex: resourceTypeC).

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az policy remediation list

List resource policy remediations.

az policy remediation list [--management-group]
                           [--namespace]
                           [--parent]
                           [--resource]
                           [--resource-group]
                           [--resource-type]

Optional Parameters

--management-group -m

Name of management group.

--namespace

Provider namespace (Ex: Microsoft.Provider).

--parent

The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).

--resource

Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-type

Resource type (Ex: resourceTypeC).

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az policy remediation show

Show a resource policy remediation.

az policy remediation show --name
                           [--management-group]
                           [--namespace]
                           [--parent]
                           [--resource]
                           [--resource-group]
                           [--resource-type]

Required Parameters

--name -n

Name of the remediation.

Optional Parameters

--management-group -m

Name of management group.

--namespace

Provider namespace (Ex: Microsoft.Provider).

--parent

The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).

--resource

Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-type

Resource type (Ex: resourceTypeC).

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.