Attestations - Create Or Update At Resource Group

Creates or updates an attestation at resource group scope.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/attestations/{attestationName}?api-version=2022-09-01

URI Parameters

Name In Required Type Description
attestationName
path True

string

The name of the attestation.

resourceGroupName
path True

string

The name of the resource group. The name is case insensitive.

subscriptionId
path True

string

The ID of the target subscription.

api-version
query True

string

The API version to use for this operation.

Request Body

Name Required Type Description
properties.policyAssignmentId True

string

The resource ID of the policy assignment that the attestation is setting the state for.

properties.assessmentDate

string

The time the evidence was assessed

properties.comments

string

Comments describing why this attestation was created.

properties.complianceState

ComplianceState

The compliance state that should be set on the resource.

properties.evidence

AttestationEvidence[]

The evidence supporting the compliance state set in this attestation.

properties.expiresOn

string

The time the compliance state should expire.

properties.metadata

object

Additional metadata for this attestation

properties.owner

string

The person responsible for setting the state of the resource. This value is typically an Azure Active Directory object ID.

properties.policyDefinitionReferenceId

string

The policy definition reference ID from a policy set definition that the attestation is setting the state for. If the policy assignment assigns a policy set definition the attestation can choose a definition within the set definition with this property or omit this and set the state for the entire set definition.

Responses

Name Type Description
200 OK

Attestation

The updated attestation.

201 Created

Attestation

The created attestation.

Other Status Codes

ErrorResponse

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Create attestation at resource group scope

Sample request

PUT https://management.azure.com/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/resourceGroups/myRg/providers/Microsoft.PolicyInsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e?api-version=2022-09-01

{
  "properties": {
    "policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
    "policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
    "complianceState": "Compliant",
    "expiresOn": "2021-06-15T00:00:00Z",
    "owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
    "comments": "This subscription has passed a security audit.",
    "evidence": [
      {
        "description": "The results of the security audit.",
        "sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
      }
    ],
    "assessmentDate": "2021-06-10T00:00:00Z",
    "metadata": {
      "departmentId": "NYC-MARKETING-1"
    }
  }
}

Sample response

{
  "properties": {
    "policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
    "policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
    "complianceState": "Compliant",
    "lastComplianceStateChangeAt": "2020-06-15T18:52:27Z",
    "expiresOn": "2021-06-15T00:00:00Z",
    "owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
    "comments": "This subscription has passed a security audit.",
    "evidence": [
      {
        "description": "The results of the security audit.",
        "sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
      }
    ],
    "assessmentDate": "2021-06-10T00:00:00Z",
    "metadata": {
      "departmentId": "NYC-MARKETING-1"
    },
    "provisioningState": "Succeeded"
  },
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
    "createdByType": "User",
    "createdAt": "2020-06-15T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-06-15T18:52:27Z"
  },
  "id": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/resourcegroups/myrg/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
  "name": "790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
  "type": "Microsoft.PolicyInsights/attestations"
}
{
  "properties": {
    "policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
    "policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
    "complianceState": "Compliant",
    "lastComplianceStateChangeAt": "2020-06-15T18:52:27Z",
    "expiresOn": "2021-06-15T00:00:00Z",
    "owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
    "comments": "This subscription has passed a security audit.",
    "evidence": [
      {
        "description": "The results of the security audit.",
        "sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
      }
    ],
    "assessmentDate": "2021-06-10T00:00:00Z",
    "metadata": {
      "departmentId": "NYC-MARKETING-1"
    },
    "provisioningState": "Succeeded"
  },
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
    "createdByType": "User",
    "createdAt": "2020-06-15T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-06-15T18:52:27Z"
  },
  "id": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/resourcegroups/myrg/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
  "name": "790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
  "type": "Microsoft.PolicyInsights/attestations"
}

Definitions

Name Description
Attestation

An attestation resource.

AttestationEvidence

A piece of evidence supporting the compliance state set in the attestation.

ComplianceState

The compliance state that should be set on the resource.

createdByType

The type of identity that created the resource.

ErrorDefinition

Error definition.

ErrorResponse

Error response.

systemData

Metadata pertaining to creation and last modification of the resource.

TypedErrorInfo

Scenario specific error details.

Attestation

An attestation resource.

Name Type Description
id

string

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

name

string

The name of the resource

properties.assessmentDate

string

The time the evidence was assessed

properties.comments

string

Comments describing why this attestation was created.

properties.complianceState

ComplianceState

The compliance state that should be set on the resource.

properties.evidence

AttestationEvidence[]

The evidence supporting the compliance state set in this attestation.

properties.expiresOn

string

The time the compliance state should expire.

properties.lastComplianceStateChangeAt

string

The time the compliance state was last changed in this attestation.

properties.metadata

object

Additional metadata for this attestation

properties.owner

string

The person responsible for setting the state of the resource. This value is typically an Azure Active Directory object ID.

properties.policyAssignmentId

string

The resource ID of the policy assignment that the attestation is setting the state for.

properties.policyDefinitionReferenceId

string

The policy definition reference ID from a policy set definition that the attestation is setting the state for. If the policy assignment assigns a policy set definition the attestation can choose a definition within the set definition with this property or omit this and set the state for the entire set definition.

properties.provisioningState

string

The status of the attestation.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

AttestationEvidence

A piece of evidence supporting the compliance state set in the attestation.

Name Type Description
description

string

The description for this piece of evidence.

sourceUri

string

The URI location of the evidence.

ComplianceState

The compliance state that should be set on the resource.

Name Type Description
Compliant

string

The resource is in compliance with the policy.

NonCompliant

string

The resource is not in compliance with the policy.

Unknown

string

The compliance state of the resource is not known.

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

ErrorDefinition

Error definition.

Name Type Description
additionalInfo

TypedErrorInfo[]

Additional scenario specific error details.

code

string

Service specific error code which serves as the substatus for the HTTP error code.

details

ErrorDefinition[]

Internal error details.

message

string

Description of the error.

target

string

The target of the error.

ErrorResponse

Error response.

Name Type Description
error

ErrorDefinition

The error details.

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The timestamp of resource last modification (UTC)

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.

TypedErrorInfo

Scenario specific error details.

Name Type Description
info

The scenario specific error details.

type

string

The type of included error details.