Policy Set Definitions - Create Or Update At Management Group
This operation creates or updates a policy set definition in the given management group with the given name.
PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}?api-version=2023-04-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
management
|
path | True |
string |
The ID of the management group. |
policy
|
path | True |
string |
The name of the policy set definition to create. Regex pattern: |
api-version
|
query | True |
string |
The API version to use for this operation. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
properties.policyDefinitions | True |
An array of policy definition references. |
|
properties.description |
string |
The policy set definition description. |
|
properties.displayName |
string |
The display name of the policy set definition. |
|
properties.metadata |
object |
The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. |
|
properties.parameters |
<string,
Parameter |
The policy set definition parameters that can be used in policy definition references. |
|
properties.policyDefinitionGroups |
The metadata describing groups of policy definition references within the policy set definition. |
||
properties.policyType |
The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. |
||
properties.version |
string |
The policy set definition version in #.#.# format. |
|
properties.versions |
string[] |
A list of available versions for this policy set definition. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK - Returns information about the policy set definition. |
|
201 Created |
Created - Returns information about the policy set definition. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Create or update a policy set definition at management group level |
Create or update a policy set definition with groups at management group level |
Create or update a policy set definition at management group level
Sample request
PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement?api-version=2023-04-01
{
"properties": {
"displayName": "Cost Management",
"description": "Policies to enforce low cost storage SKUs",
"metadata": {
"category": "Cost Management"
},
"policyDefinitions": [
{
"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
"policyDefinitionReferenceId": "Limit_Skus",
"parameters": {
"listOfAllowedSKUs": {
"value": [
"Standard_GRS",
"Standard_LRS"
]
}
}
},
{
"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"policyDefinitionReferenceId": "Resource_Naming",
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
}
}
]
}
}
Sample response
{
"id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"type": "Microsoft.Authorization/policySetDefinitions",
"name": "CostManagement",
"properties": {
"displayName": "Cost Management",
"description": "Policies to enforce low cost storage SKUs",
"metadata": {
"category": "Cost Management"
},
"version": "1.2.1",
"versions": [
"1.2.1",
"1.0.0"
],
"policyDefinitions": [
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Limit_Skus",
"parameters": {
"listOfAllowedSKUs": {
"value": [
"Standard_GRS",
"Standard_LRS"
]
}
}
},
{
"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Resource_Naming",
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
}
}
]
}
}
{
"id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"type": "Microsoft.Authorization/policySetDefinitions",
"name": "CostManagement",
"properties": {
"displayName": "Cost Management",
"description": "Policies to enforce low cost storage SKUs",
"metadata": {
"category": "Cost Management"
},
"policyDefinitions": [
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Limit_Skus",
"parameters": {
"listOfAllowedSKUs": {
"value": [
"Standard_GRS",
"Standard_LRS"
]
}
}
},
{
"policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Resource_Naming",
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
}
}
]
}
}
Create or update a policy set definition with groups at management group level
Sample request
PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement?api-version=2023-04-01
{
"properties": {
"displayName": "Cost Management",
"description": "Policies to enforce low cost storage SKUs",
"metadata": {
"category": "Cost Management"
},
"policyDefinitionGroups": [
{
"name": "CostSaving",
"displayName": "Cost Management Policies",
"description": "Policies designed to control spend within a subscription."
},
{
"name": "Organizational",
"displayName": "Organizational Policies",
"description": "Policies that help enforce resource organization standards within a subscription."
}
],
"policyDefinitions": [
{
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
"policyDefinitionReferenceId": "Limit_Skus",
"groupNames": [
"CostSaving"
],
"parameters": {
"listOfAllowedSKUs": {
"value": [
"Standard_GRS",
"Standard_LRS"
]
}
}
},
{
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"policyDefinitionReferenceId": "Resource_Naming",
"groupNames": [
"Organizational"
],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
}
}
]
}
}
Sample response
{
"id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"type": "Microsoft.Authorization/policySetDefinitions",
"name": "CostManagement",
"properties": {
"displayName": "Cost Management",
"description": "Policies to enforce low cost storage SKUs",
"metadata": {
"category": "Cost Management"
},
"version": "1.2.1",
"versions": [
"1.2.1",
"1.0.0"
],
"policyDefinitionGroups": [
{
"name": "CostSaving",
"displayName": "Cost Management Policies",
"description": "Policies designed to control spend within a subscription."
},
{
"name": "Organizational",
"displayName": "Organizational Policies",
"description": "Policies that help enforce resource organization standards within a subscription."
}
],
"policyDefinitions": [
{
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Limit_Skus",
"groupNames": [
"CostSaving"
],
"parameters": {
"listOfAllowedSKUs": {
"value": [
"Standard_GRS",
"Standard_LRS"
]
}
}
},
{
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Resource_Naming",
"groupNames": [
"Organizational"
],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
}
}
]
}
}
{
"id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"type": "Microsoft.Authorization/policySetDefinitions",
"name": "CostManagement",
"properties": {
"displayName": "Cost Management",
"description": "Policies to enforce low cost storage SKUs",
"metadata": {
"category": "Cost Management"
},
"version": "1.2.1",
"versions": [
"1.2.1",
"1.0.0"
],
"policyDefinitionGroups": [
{
"name": "CostSaving",
"displayName": "Cost Management Policies",
"description": "Policies designed to control spend within a subscription."
},
{
"name": "Organizational",
"displayName": "Organizational Policies",
"description": "Policies that help enforce resource organization standards within a subscription."
}
],
"policyDefinitions": [
{
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Limit_Skus",
"groupNames": [
"CostSaving"
],
"parameters": {
"listOfAllowedSKUs": {
"value": [
"Standard_GRS",
"Standard_LRS"
]
}
}
},
{
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Resource_Naming",
"groupNames": [
"Organizational"
],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
}
}
]
}
}
Definitions
Name | Description |
---|---|
Cloud |
An error response from a policy operation. |
created |
The type of identity that created the resource. |
Error |
The resource management error additional info. |
Error |
Error Response |
Metadata |
General metadata for the parameter. |
Parameter |
The definition of a parameter that can be provided to the policy. |
parameter |
The data type of the parameter. |
Parameter |
The value of a parameter. |
Policy |
The policy definition group. |
Policy |
The policy definition reference. |
Policy |
The policy set definition. |
policy |
The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. |
system |
Metadata pertaining to creation and last modification of the resource. |
CloudError
An error response from a policy operation.
Name | Type | Description |
---|---|---|
error |
Error Response |
createdByType
The type of identity that created the resource.
Name | Type | Description |
---|---|---|
Application |
string |
|
Key |
string |
|
ManagedIdentity |
string |
|
User |
string |
ErrorAdditionalInfo
The resource management error additional info.
Name | Type | Description |
---|---|---|
info |
object |
The additional info. |
type |
string |
The additional info type. |
ErrorResponse
Error Response
Name | Type | Description |
---|---|---|
additionalInfo |
The error additional info. |
|
code |
string |
The error code. |
details |
The error details. |
|
message |
string |
The error message. |
target |
string |
The error target. |
Metadata
General metadata for the parameter.
Name | Type | Description |
---|---|---|
assignPermissions |
boolean |
Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope. |
description |
string |
The description of the parameter. |
displayName |
string |
The display name for the parameter. |
strongType |
string |
Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from. |
ParameterDefinitionsValue
The definition of a parameter that can be provided to the policy.
Name | Type | Description |
---|---|---|
allowedValues |
object[] |
The allowed values for the parameter. |
defaultValue |
object |
The default value for the parameter if no value is provided. |
metadata |
General metadata for the parameter. |
|
schema |
object |
Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/. |
type |
The data type of the parameter. |
parameterType
The data type of the parameter.
Name | Type | Description |
---|---|---|
Array |
string |
|
Boolean |
string |
|
DateTime |
string |
|
Float |
string |
|
Integer |
string |
|
Object |
string |
|
String |
string |
ParameterValuesValue
The value of a parameter.
Name | Type | Description |
---|---|---|
value |
object |
The value of the parameter. |
PolicyDefinitionGroup
The policy definition group.
Name | Type | Description |
---|---|---|
additionalMetadataId |
string |
A resource ID of a resource that contains additional metadata about the group. |
category |
string |
The group's category. |
description |
string |
The group's description. |
displayName |
string |
The group's display name. |
name |
string |
The name of the group. |
PolicyDefinitionReference
The policy definition reference.
Name | Type | Description |
---|---|---|
definitionVersion |
string |
The version of the policy definition to use. |
groupNames |
string[] |
The name of the groups that this policy definition reference belongs to. |
parameters |
<string,
Parameter |
The parameter values for the referenced policy rule. The keys are the parameter names. |
policyDefinitionId |
string |
The ID of the policy definition or policy set definition. |
policyDefinitionReferenceId |
string |
A unique id (within the policy set definition) for this policy definition reference. |
PolicySetDefinition
The policy set definition.
Name | Type | Description |
---|---|---|
id |
string |
The ID of the policy set definition. |
name |
string |
The name of the policy set definition. |
properties.description |
string |
The policy set definition description. |
properties.displayName |
string |
The display name of the policy set definition. |
properties.metadata |
object |
The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. |
properties.parameters |
<string,
Parameter |
The policy set definition parameters that can be used in policy definition references. |
properties.policyDefinitionGroups |
The metadata describing groups of policy definition references within the policy set definition. |
|
properties.policyDefinitions |
An array of policy definition references. |
|
properties.policyType |
The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. |
|
properties.version |
string |
The policy set definition version in #.#.# format. |
properties.versions |
string[] |
A list of available versions for this policy set definition. |
systemData |
The system metadata relating to this resource. |
|
type |
string |
The type of the resource (Microsoft.Authorization/policySetDefinitions). |
policyType
The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
Name | Type | Description |
---|---|---|
BuiltIn |
string |
|
Custom |
string |
|
NotSpecified |
string |
|
Static |
string |
systemData
Metadata pertaining to creation and last modification of the resource.
Name | Type | Description |
---|---|---|
createdAt |
string |
The timestamp of resource creation (UTC). |
createdBy |
string |
The identity that created the resource. |
createdByType |
The type of identity that created the resource. |
|
lastModifiedAt |
string |
The timestamp of resource last modification (UTC) |
lastModifiedBy |
string |
The identity that last modified the resource. |
lastModifiedByType |
The type of identity that last modified the resource. |