Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The policySetDefinitions resource type can be deployed with operations that target:
- Management groups - See management group deployment commands* Subscription - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/policySetDefinitions resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Authorization/policySetDefinitions@2019-06-01' = {
name: 'string'
properties: {
description: 'string'
displayName: 'string'
metadata: any(...)
parameters: any(...)
policyDefinitions: [
{
parameters: any(...)
policyDefinitionId: 'string'
}
]
policyType: 'string'
}
}
Property Values
Microsoft.Authorization/policySetDefinitions
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| properties | The policy definition properties. | PolicySetDefinitionProperties |
PolicyDefinitionReference
| Name | Description | Value |
|---|---|---|
| parameters | Required if a parameter is used in policy rule. | any |
| policyDefinitionId | The ID of the policy definition or policy set definition. | string |
PolicySetDefinitionProperties
| Name | Description | Value |
|---|---|---|
| description | The policy set definition description. | string |
| displayName | The display name of the policy set definition. | string |
| metadata | The policy set definition metadata. | any |
| parameters | The policy set definition parameters that can be used in policy definition references. | any |
| policyDefinitions | An array of policy definition references. | PolicyDefinitionReference[] (required) |
| policyType | The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom. | 'BuiltIn' 'Custom' 'NotSpecified' |
Usage Examples
Bicep Samples
A basic example of deploying policy set definition.
targetScope = 'subscription'
param resourceName string = 'acctest0001'
resource policyDefinition 'Microsoft.Authorization/policyDefinitions@2021-06-01' = {
name: resourceName
properties: {
description: ''
displayName: 'my-policy-definition'
mode: 'All'
parameters: {
allowedLocations: {
metadata: {
description: 'The list of allowed locations for resources.'
displayName: 'Allowed locations'
strongType: 'location'
}
type: 'Array'
}
}
policyRule: {
if: {
not: {
field: 'location'
in: '[parameters(\'allowedLocations\')]'
}
}
then: {
effect: 'audit'
}
}
policyType: 'Custom'
}
}
resource policySetDefinition 'Microsoft.Authorization/policySetDefinitions@2025-01-01' = {
name: 'acctestpolset-${resourceName}'
properties: {
description: ''
displayName: 'acctestpolset-acctest0001'
parameters: {
allowedLocations: {
metadata: {
description: 'The list of allowed locations for resources.'
displayName: 'Allowed locations'
strongType: 'location'
}
type: 'Array'
}
}
policyDefinitions: [
{
groupNames: []
parameters: {
listOfAllowedLocations: {
value: '[parameters(\'allowedLocations\')]'
}
}
policyDefinitionId: policyDefinition.id
policyDefinitionReferenceId: ''
}
]
policyType: 'Custom'
}
}
ARM template resource definition
The policySetDefinitions resource type can be deployed with operations that target:
- Management groups - See management group deployment commands* Subscription - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/policySetDefinitions resource, add the following JSON to your template.
{
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2019-06-01",
"name": "string",
"properties": {
"description": "string",
"displayName": "string",
"metadata": {},
"parameters": {},
"policyDefinitions": [
{
"parameters": {},
"policyDefinitionId": "string"
}
],
"policyType": "string"
}
}
Property Values
Microsoft.Authorization/policySetDefinitions
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2019-06-01' |
| name | The resource name | string (required) |
| properties | The policy definition properties. | PolicySetDefinitionProperties |
| type | The resource type | 'Microsoft.Authorization/policySetDefinitions' |
PolicyDefinitionReference
| Name | Description | Value |
|---|---|---|
| parameters | Required if a parameter is used in policy rule. | any |
| policyDefinitionId | The ID of the policy definition or policy set definition. | string |
PolicySetDefinitionProperties
| Name | Description | Value |
|---|---|---|
| description | The policy set definition description. | string |
| displayName | The display name of the policy set definition. | string |
| metadata | The policy set definition metadata. | any |
| parameters | The policy set definition parameters that can be used in policy definition references. | any |
| policyDefinitions | An array of policy definition references. | PolicyDefinitionReference[] (required) |
| policyType | The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom. | 'BuiltIn' 'Custom' 'NotSpecified' |
Usage Examples
Terraform (AzAPI provider) resource definition
The policySetDefinitions resource type can be deployed with operations that target:
- Management groups* Subscription
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/policySetDefinitions resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Authorization/policySetDefinitions@2019-06-01"
name = "string"
parent_id = "string"
body = {
properties = {
description = "string"
displayName = "string"
metadata = ?
parameters = ?
policyDefinitions = [
{
parameters = ?
policyDefinitionId = "string"
}
]
policyType = "string"
}
}
}
Property Values
Microsoft.Authorization/policySetDefinitions
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| properties | The policy definition properties. | PolicySetDefinitionProperties |
| type | The resource type | "Microsoft.Authorization/policySetDefinitions@2019-06-01" |
PolicyDefinitionReference
| Name | Description | Value |
|---|---|---|
| parameters | Required if a parameter is used in policy rule. | any |
| policyDefinitionId | The ID of the policy definition or policy set definition. | string |
PolicySetDefinitionProperties
| Name | Description | Value |
|---|---|---|
| description | The policy set definition description. | string |
| displayName | The display name of the policy set definition. | string |
| metadata | The policy set definition metadata. | any |
| parameters | The policy set definition parameters that can be used in policy definition references. | any |
| policyDefinitions | An array of policy definition references. | PolicyDefinitionReference[] (required) |
| policyType | The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom. | 'BuiltIn' 'Custom' 'NotSpecified' |
Usage Examples
Terraform Samples
A basic example of deploying policy set definition.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westus"
}
data "azapi_client_config" "current" {}
resource "azapi_resource" "policyDefinition" {
type = "Microsoft.Authorization/policyDefinitions@2021-06-01"
parent_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
name = var.resource_name
body = {
properties = {
description = ""
displayName = "my-policy-definition"
mode = "All"
parameters = {
allowedLocations = {
metadata = {
description = "The list of allowed locations for resources."
displayName = "Allowed locations"
strongType = "location"
}
type = "Array"
}
}
policyRule = {
if = {
not = {
field = "location"
in = "[parameters('allowedLocations')]"
}
}
then = {
effect = "audit"
}
}
policyType = "Custom"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "policySetDefinition" {
type = "Microsoft.Authorization/policySetDefinitions@2025-01-01"
parent_id = "/subscriptions/${data.azapi_client_config.current.subscription_id}"
name = "acctestpolset-${var.resource_name}"
body = {
properties = {
description = ""
displayName = "acctestpolset-${var.resource_name}"
parameters = {
allowedLocations = {
metadata = {
description = "The list of allowed locations for resources."
displayName = "Allowed locations"
strongType = "location"
}
type = "Array"
}
}
policyDefinitions = [{
groupNames = []
parameters = {
listOfAllowedLocations = {
value = "[parameters('allowedLocations')]"
}
}
policyDefinitionId = azapi_resource.policyDefinition.id
policyDefinitionReferenceId = ""
}]
policyType = "Custom"
}
}
}