Update-AzPolicyExemption
This operation updates a policy exemption with the given scope and name.
Syntax
Update-AzPolicyExemption
-Name <String>
[-Scope <String>]
[-ExemptionCategory <String>]
[-PolicyDefinitionReferenceId <String[]>]
[-DisplayName <String>]
[-Description <String>]
[-ExpiresOn <DateTime>]
[-ClearExpiration]
[-Metadata <String>]
[-ResourceSelector <IResourceSelector[]>]
[-AssignmentScopeValidation <String>]
[-BackwardCompatible]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-AzPolicyExemption
[-ExemptionCategory <String>]
[-PolicyDefinitionReferenceId <String[]>]
-Id <String>
[-DisplayName <String>]
[-Description <String>]
[-ExpiresOn <DateTime>]
[-ClearExpiration]
[-Metadata <String>]
[-ResourceSelector <IResourceSelector[]>]
[-AssignmentScopeValidation <String>]
[-BackwardCompatible]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-AzPolicyExemption
[-ExemptionCategory <String>]
[-PolicyDefinitionReferenceId <String[]>]
[-DisplayName <String>]
[-Description <String>]
[-ExpiresOn <DateTime>]
[-ClearExpiration]
[-Metadata <String>]
[-ResourceSelector <IResourceSelector[]>]
[-AssignmentScopeValidation <String>]
[-BackwardCompatible]
-InputObject <IPolicyExemption>
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
This operation updates a policy exemption with the given scope and name.
Examples
Example 1: Update the display name
$ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11'
$PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' -Scope $ResourceGroup.ResourceId
Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -DisplayName 'Exempt VM creation limit'
The first command gets a resource group named ResourceGroup11 by using the Get-AzResourceGroup cmdlet. The command stores that object in the $ResourceGroup variable. The second command gets the policy exemption named PolicyExemption07 by using the Get-AzPolicyExemption cmdlet. The command stores that object in the $PolicyExemption variable. The final command updates the display name on the policy exemption on the resource group identified by the ResourceId property of $ResourceGroup.
Example 2: Update the expiration date time
$NextMonth = (Get-Date).AddMonths(1)
$PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07'
Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -ExpiresOn $NextMonth
The first command gets the current date time by using the Get-Date cmdlet and add 1 month to the current date time The command stores that object in the $NextMonth variable. The second command gets the policy exemption named PolicyExemption07 by using the Get-AzPolicyExemption cmdlet. The command stores that object in the $PolicyExemption variable. The final command updates the expiration date time for the policy exemption on the default subscription.
Example 3: Clear the expiration date time
$PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07'
Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -ClearExpiration
The first command gets the policy exemption named PolicyExemption07 by using the Get-AzPolicyExemption cmdlet. The command stores that object in the $PolicyExemption variable. The second command clears the expiration date time for the policy exemption on the default subscription. The updated exemption will never expire.
Example 4: Update the expiration category
$PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07'
Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -ExemptionCategory Mitigated
The first command gets the policy exemption named PolicyExemption07 by using the Get-AzPolicyExemption cmdlet. The command stores that object in the $PolicyExemption variable. The second command updates the expiration category for the policy exemption on the default subscription. The updated exemption will never expire.
The first command gets the current date time by using the Get-Date cmdlet and add 1 month to the current date time The command stores that object in the $NextMonth variable. The second command gets the policy exemption named PolicyExemption07 by using the Get-AzPolicyExemption cmdlet. The command stores that object in the $PolicyExemption variable. The final command updates the expiration date time for the policy exemption on the default subscription.
Example 5: Update resource selector
$ResourceSelector = @{Name = "MyLocationSelector"; Selector = @(@{Kind = "resourceLocation"; NotIn = @("eastus", "eastus2")})}
Update-AzPolicyExemption -Name 'VirtualMachineExemption' -ResourceSelector $ResourceSelector
The first command creates a resource selector object that will be used to specify the exemption should only apply to resources in locations other than East US or East US 2 and stores it in the $ResourceSelector variable. The final command updates the policy exemption named VirtualMachineExemption with the resource selector specified by $ResourceSelector.
Example 6: [Backcompat] Clear the expiration date time
$PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07'
Set-AzPolicyExemption -Id $PolicyExemption.ResourceId -ClearExpiration
The first command gets the policy exemption named PolicyExemption07 by using the Get-AzPolicyExemption cmdlet. The command stores that object in the $PolicyExemption variable. The second command clears the expiration date time for the policy exemption on the default subscription. The updated exemption will never expire.
Parameters
-AssignmentScopeValidation
The option whether validate the exemption is at or under the assignment scope.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-BackwardCompatible
Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ClearExpiration
Indicates whether to clear the expiration date and time of the policy exemption.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Description
This message will be part of response in case of policy violation.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-DisplayName
The display name of the policy assignment.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ExemptionCategory
The policy exemption category
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ExpiresOn
The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
Type: | Nullable<T>[DateTime] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Id
The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.
Type: | String |
Aliases: | ResourceId |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-InputObject
Type: | IPolicyExemption |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Metadata
The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Name
The name of the policy exemption.
Type: | String |
Aliases: | PolicyExemptionName |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-PolicyDefinitionReferenceId
The policy definition reference ID list when the associated policy assignment is for a policy set (initiative).
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceSelector
The resource selector list to filter policies by resource properties.
Type: | IResourceSelector[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Scope
The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Nullable<T>[[System.DateTime, System.Private.CoreLib, Version=8.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]
String[]
Outputs
Notes
ALIASES
Set-AzPolicyExemption
Azure PowerShell