Update-AzPolicyDefinition
This operation updates an existing policy definition in the given subscription or management group with the given name.
Syntax
Name (Default)
Update-AzPolicyDefinition
-Name <String>
[-DisplayName <String>]
[-Description <String>]
[-Policy <String>]
[-Metadata <String>]
[-Parameter <String>]
[-Mode <String>]
[-Version <String>]
[-ExternalEvaluationEnforcementSettingMissingTokenAction <String>]
[-ExternalEvaluationEnforcementSettingResultLifespan <String>]
[-ExternalEvaluationEnforcementSettingRoleDefinitionId <String[]>]
[-EndpointSettingKind <String>]
[-EndpointSettingDetail <String>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SubscriptionId
Update-AzPolicyDefinition
-Name <String>
-SubscriptionId <String>
[-DisplayName <String>]
[-Description <String>]
[-Policy <String>]
[-Metadata <String>]
[-Parameter <String>]
[-Mode <String>]
[-Version <String>]
[-ExternalEvaluationEnforcementSettingMissingTokenAction <String>]
[-ExternalEvaluationEnforcementSettingResultLifespan <String>]
[-ExternalEvaluationEnforcementSettingRoleDefinitionId <String[]>]
[-EndpointSettingKind <String>]
[-EndpointSettingDetail <String>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
ManagementGroupName
Update-AzPolicyDefinition
-Name <String>
-ManagementGroupName <String>
[-DisplayName <String>]
[-Description <String>]
[-Policy <String>]
[-Metadata <String>]
[-Parameter <String>]
[-Mode <String>]
[-Version <String>]
[-ExternalEvaluationEnforcementSettingMissingTokenAction <String>]
[-ExternalEvaluationEnforcementSettingResultLifespan <String>]
[-ExternalEvaluationEnforcementSettingRoleDefinitionId <String[]>]
[-EndpointSettingKind <String>]
[-EndpointSettingDetail <String>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Id
Update-AzPolicyDefinition
-Id <String>
[-DisplayName <String>]
[-Description <String>]
[-Metadata <String>]
[-Parameter <String>]
[-Mode <String>]
[-ExternalEvaluationEnforcementSettingMissingTokenAction <String>]
[-ExternalEvaluationEnforcementSettingResultLifespan <String>]
[-ExternalEvaluationEnforcementSettingRoleDefinitionId <String[]>]
[-EndpointSettingKind <String>]
[-EndpointSettingDetail <String>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-AzPolicyDefinition
-InputObject <IPolicyDefinition>
[-DisplayName <String>]
[-Description <String>]
[-Policy <String>]
[-Metadata <String>]
[-Parameter <String>]
[-Mode <String>]
[-ExternalEvaluationEnforcementSettingMissingTokenAction <String>]
[-ExternalEvaluationEnforcementSettingResultLifespan <String>]
[-ExternalEvaluationEnforcementSettingRoleDefinitionId <String[]>]
[-EndpointSettingKind <String>]
[-EndpointSettingDetail <String>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
This operation updates an existing policy definition in the given subscription or management group with the given name.
Examples
Example 1: Update the description of a policy definition
$PolicyDefinition = Get-AzPolicyDefinition -Name 'VMPolicyDefinition'
Update-AzPolicyDefinition -Id $PolicyDefinition.Id -Description 'Updated policy to not allow virtual machine creation'
The first command gets a policy definition named VMPolicyDefinition by using the Get-AzPolicyDefinition cmdlet.
The command stores that object in the $PolicyDefinition variable.
The second command updates the description of the policy definition identified by the Id property of $PolicyDefinition.
Example 2: Update the mode of a policy definition
Update-AzPolicyDefinition -Name 'VMPolicyDefinition' -Mode 'All'
This command updates the policy definition named VMPolicyDefinition by using the Update-AzPolicyDefinition cmdlet to
set its mode property to 'All'.
Update-AzPolicyDefinition -Name 'VMPolicyDefinition' -Metadata '{"category":"Virtual Machine"}'
This command updates the metadata of a policy definition named VMPolicyDefinition to indicate its category is "Virtual Machine".
Example 4: Update a policy definition to add an older version by using a policy file
Update-AzPolicyDefinition -Name 'LocationDefinition' -Policy C:\LocationPolicy.json -Version '1.1.0'
This command updates the existing policy definition named LocationDefinition by adding version 1.1.0 that contains the policy rule specified in C:\LocationPolicy.json.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The DefaultProfile parameter is not functional.
Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Parameter properties
Type: PSObject
Default value: None Supports wildcards: False DontShow: False Aliases: AzureRMContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Description
The policy definition description.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-DisplayName
The display name of the policy definition.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-EndpointSettingDetail
The details of the endpoint.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-EndpointSettingKind
The kind of the endpoint.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ExternalEvaluationEnforcementSettingMissingTokenAction
What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing.
Possible values are Audit and Deny and language expressions are supported.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ExternalEvaluationEnforcementSettingResultLifespan
The lifespan of the endpoint invocation result after which it's no longer valid.
Value is expected to follow the ISO 8601 duration format and language expressions are supported.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ExternalEvaluationEnforcementSettingRoleDefinitionId
An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Id
The resource Id of the policy definition to update.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: ResourceId
Parameter sets
Id
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
This operation updates an existing policy definition in the given subscription or management group with the given name.
InputObject
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: True Value from remaining arguments: False
-ManagementGroupName
The ID of the management group.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ManagementGroupName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
The policy definition metadata.
Metadata is an open ended object and is typically a collection of key value pairs.
Type: String
Default value: None Supports wildcards: False DontShow: False
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Mode
The policy definition mode.
Some examples are All, Indexed, Microsoft.KeyVault.Data.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Name
The name of the policy definition to update.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: PolicyDefinitionName
Parameter sets
Name
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SubscriptionId
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ManagementGroupName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Parameter
The parameter definitions for parameters used in the policy rule.
The keys are the parameter names.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Policy
The policy rule.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
Name
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SubscriptionId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ManagementGroupName
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
InputObject
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-SubscriptionId
The ID of the target subscription.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SubscriptionId
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Version
The policy definition version in #.#.# format.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: PolicyDefinitionVersion
Parameter sets
Name
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SubscriptionId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ManagementGroupName
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
Notes
ALIASES
Set-AzPolicyDefinition
