New-AzPolicyExemption

Creates a policy exemption.

Syntax

New-AzPolicyExemption
   -Name <String>
   [-Scope <String>]
   [-DisplayName <String>]
   [-Description <String>]
   -ExemptionCategory <String>
   -PolicyAssignment <PsPolicyAssignment>
   [-PolicyDefinitionReferenceId <String[]>]
   [-ExpiresOn <DateTime>]
   [-Metadata <String>]
   [-ApiVersion <String>]
   [-Pre]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzPolicyExemption cmdlet creates a policy exemption. Specify a policy assignment, exemption category and scope.

Examples

Example 1: Policy exemption at subscription level

$Subscription = Get-AzSubscription -SubscriptionName 'Subscription01'
$Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment'
New-AzPolicyExemption -Name 'VirtualMachinePolicyExemption' -PolicyAssignment $Assignment -Scope "/subscriptions/$($Subscription.Id)" -ExemptionCategory Waiver

The first command gets a subscription named Subscription01 by using the Get-AzSubscription cmdlet and stores it in the $Subscription variable. The second command gets the policy assignment named VirtualMachinePolicyAssignment by using the Get-AzPolicyAssignment cmdlet and stores it in the $Assignment variable. The final command exempts the policy assignment in $Assignment at the level of the subscription identified by the subscription scope string.

Example 2: Policy exemption at resource group level

$ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11'
$Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment'
New-AzPolicyExemption -Name 'VirtualMachinePolicyAssignment' -PolicyAssignment $Assignment -Scope $ResourceGroup.ResourceId -ExemptionCategory Mitigated

The first command gets a resource group named ResourceGroup11 by using the Get-AzResourceGroup cmdlet and stores it in the $ResourceGroup variable. The second command gets the policy assignment named VirtualMachinePolicyAssignment by using the Get-AzPolicyAssignment cmdlet and stores it in the $Assignment variable. The final command exempts the policy assignment in $Assignment at the level of the resource group identified by the ResourceId property of $ResourceGroup.

Parameters

-ApiVersion

When set, indicates the version of the resource provider API to use. If not specified, the API version is automatically determined as the latest available.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

The description for the new policy exemption.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DisplayName

The display name for the new policy exemption.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ExemptionCategory

The policy exemption category of the new policy exemption. Possible values are Waiver and Mitigated.

Type:String
Accepted values:Waiver, Mitigated
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ExpiresOn

The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the new policy exemption.

Type:Nullable<T>[DateTime]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Metadata

The metadata for the new policy exemption. This can either be a path to a file containing the metadata JSON, or the metadata as a JSON string.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Name

The name of the new policy exemption.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-PolicyAssignment

The referenced policy assignment Id for the new policy exemption.

Type:PsPolicyAssignment
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-PolicyDefinitionReferenceId

The policy definition reference ID list when the associated policy assignment is for a policy set (initiative).

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Pre

When set, indicates that the cmdlet should use pre-release API versions when automatically determining which version to use.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Scope

The scope of the new policy exemption, e.g. /providers/managementGroups/{managementGroupName}, defaults to current subscription.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

PsPolicyAssignment

String[]

Nullable<T>[[System.DateTime, System.Private.CoreLib, Version=5.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]

Outputs

PsPolicyExemption