This operation updates a policy assignment with the given scope and name.
Policy assignments apply to all resources contained within their scope.
For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
This operation updates a policy assignment with the given scope and name.
Policy assignments apply to all resources contained within their scope.
For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
The first command gets a resource group named ResourceGroup11 by using the Get-AzResourceGroup cmdlet.
The command stores that object in the $ResourceGroup variable.
The second command gets the policy assignment named PolicyAssignment by using the Get-AzPolicyAssignment cmdlet.
The command stores that object in the $PolicyAssignment variable.
The final command updates the display name on the policy assignment on the resource group identified by the ResourceId property of $ResourceGroup.
Example 2: Add a system assigned managed identity to the policy assignment
The first command gets the policy assignment named PolicyAssignment from the current subscription by using the Get-AzPolicyAssignment cmdlet.
The command stores that object in the $PolicyAssignment variable.
The final command assigns a system assigned managed identity to the policy assignment.
Example 3: Add a user assigned managed identity to the policy assignment
The first command gets the policy assignment named PolicyAssignment from the current subscription by using the Get-AzPolicyAssignment cmdlet.
The command stores that object in the $PolicyAssignment variable.
The second command gets the user assigned managed identity named UserAssignedIdentity1 by using the Get-AzUserAssignedIdentity cmdlet and stores it in the $UserAssignedIdentity variable.
The final command assigns the user assigned managed identity identified by the Id property of $UserAssignedIdentity to the policy assignment.
Example 4: Update policy assignment parameters with new policy parameter object
The first and second commands create an object containing all Azure regions whose names start with "france" or "uk".
The second command stores that object in the $AllowedLocations variable.
The third command gets the policy assignment named 'PolicyAssignment'
The command stores that object in the $PolicyAssignment variable.
The final command updates the parameter values on the policy assignment named PolicyAssignment.
Example 5: Update policy assignment parameters with policy parameter file
The command updates the policy assignment named 'PolicyAssignment' using the policy parameter file AllowedLocations.json from the local working directory.
The first command gets a resource group named ResourceGroup11 by using the Get-AzResourceGroup cmdlet.
The command stores that object in the $ResourceGroup variable.
The second command gets the policy assignment named PolicyAssignment by using the Get-AzPolicyAssignment cmdlet.
The command stores that object in the $PolicyAssignment variable.
The final command updates the enforcementMode property on the policy assignment on the resource group identified by the ResourceId property of $ResourceGroup.
The first command gets the policy assignment named VirtualMachinePolicy by using the Get-AzPolicyAssignment cmdlet and stores it in the $PolicyAssignment variable.
The final command updates the non-compliance messages on the policy assignment with a new message that will be displayed if a resource is denied by the policy.
The first command creates a resource selector object that will be used to specify the assignment should only apply to resources not located in East US or East US 2 and stores it in the $ResourceSelector variable.
The final command updates the policy assignment named VirtualMachinePolicyAssignment with the resource selector specified by $ResourceSelector.
The first command creates a location selector specifying locations other than East US or East US 2 and stores in in the $Selector variable.
The second command creates an override object that will be used to specify that the assigned definition should have a Disabled effect in the locations identified by $Selector.
The final command updates the policy assignment named VirtualMachinePolicyAssignment with the override specified by $Override.
Example 10: [Backcompat] Update an enforcementMode
The first command gets a resource group named ResourceGroup11 by using the Get-AzResourceGroup cmdlet.
The command stores that object in the $ResourceGroup variable.
The second command gets the policy assignment named PolicyAssignment by using the Get-AzPolicyAssignment cmdlet.
The command stores that object in the $PolicyAssignment variable.
The final command updates the enforcementMode property on the policy assignment on the resource group identified by the ResourceId property of $ResourceGroup.
Parameters
-BackwardCompatible
Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object.
The DefaultProfile parameter is not functional.
Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
The user identity associated with the policy.
The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
This operation updates a policy assignment with the given scope and name.
Policy assignments apply to all resources contained within their scope.
For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
The messages that describe why a resource is non-compliant with the policy.
To construct, see NOTES section for NONCOMPLIANCEMESSAGE properties and create a hash table.
The scope of the policy assignment.
Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
