Policy.Autorest/internal/ProxyCmdletDefinitions.ps1
# ---------------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Code generated by Microsoft (R) AutoRest Code Generator.Changes may cause incorrect behavior and will be lost if the code # is regenerated. # ---------------------------------------------------------------------------------- <# .Synopsis This operation retrieves a single policy assignment, given its name and the scope it was created at. .Description This operation retrieves a single policy assignment, given its name and the scope it was created at. .Example Get-AzPolicyAssignment .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' Get-AzPolicyAssignment -Name 'PolicyAssignment07' -Scope $ResourceGroup.ResourceId .Example $mgId = 'myManagementGroup' Get-AzPolicyAssignment -Scope '/providers/Microsoft.Management/managementgroups/$mgId' .Example Get-AzPolicyAssignment | Select-Object -Property Scope, PolicyDefinitionID, DisplayName | Format-List .Example Get-AzPolicyAssignment -BackwardCompatible | Select-Object -ExpandProperty properties | Select-Object -Property Scope, PolicyDefinitionID, DisplayName | Format-List .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicyassignment #> function Get-AzPolicyAssignment { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment])] [CmdletBinding(DefaultParameterSetName='List2', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Alias('PolicyAssignmentName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy assignment to get. ${Name}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy assignment. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ParameterSetName='Get1', Mandatory)] [Alias('PolicyAssignmentId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the policy assignment to get. # Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ${Id}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='List', Mandatory)] [Parameter(ParameterSetName='List1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the resource group that contains policy assignments. ${ResourceGroupName}, [Parameter(ParameterSetName='List')] [Parameter(ParameterSetName='List1')] [Parameter(ParameterSetName='List3')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String[]] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='List1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The parent resource path. # Use empty string if there is none. ${ParentResourcePath}, [Parameter(ParameterSetName='List1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the resource. ${ResourceName}, [Parameter(ParameterSetName='List1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The namespace of the resource provider. # For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) ${ResourceProviderNamespace}, [Parameter(ParameterSetName='List1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The resource type name. # For example the type name of a web app is 'sites' (from Microsoft.Web/sites). ${ResourceType}, [Parameter(ParameterSetName='List')] [Parameter(ParameterSetName='List1')] [Parameter(ParameterSetName='List2')] [Parameter(ParameterSetName='List3')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.String] # The filter to apply on the operation. # Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. # If $filter is not provided, no filtering is performed. # If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. # If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. # If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}. ${Filter}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Az.Policy.private\Get-AzPolicyAssignment_Get'; Get1 = 'Az.Policy.private\Get-AzPolicyAssignment_Get1'; GetViaIdentity = 'Az.Policy.private\Get-AzPolicyAssignment_GetViaIdentity'; List = 'Az.Policy.private\Get-AzPolicyAssignment_List'; List1 = 'Az.Policy.private\Get-AzPolicyAssignment_List1'; List2 = 'Az.Policy.private\Get-AzPolicyAssignment_List2'; List3 = 'Az.Policy.private\Get-AzPolicyAssignment_List3'; } if (('List', 'List1', 'List3') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } if (('List2') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('ManagementGroupId') ) { $PSBoundParameters['ManagementGroupId'] = { "" } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation retrieves the built-in policy definition with the given name. .Description This operation retrieves the built-in policy definition with the given name. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicydefinitionbuilt #> function Get-AzPolicyDefinitionBuilt { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the built-in policy definition to get. ${PolicyDefinitionName}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='List')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.String] # The filter to apply on the operation. # Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. # If $filter is not provided, no filtering is performed. # If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. # If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. # Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. # If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. ${Filter}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Az.Policy.private\Get-AzPolicyDefinitionBuilt_Get'; GetViaIdentity = 'Az.Policy.private\Get-AzPolicyDefinitionBuilt_GetViaIdentity'; List = 'Az.Policy.private\Get-AzPolicyDefinitionBuilt_List'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation lists all the built-in policy definition versions for all built-in policy definitions. .Description This operation lists all the built-in policy definition versions for all built-in policy definitions. .Example {{ Add code here }} .Example {{ Add code here }} .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersionListResult .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicydefinitionversionbuiltin #> function Get-AzPolicyDefinitionVersionBuiltin { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersionListResult])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ List = 'Az.Policy.private\Get-AzPolicyDefinitionVersionBuiltin_List'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation retrieves the built-in policy definition version with the given name. .Description This operation retrieves the built-in policy definition version with the given name. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersion .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYDEFINITIONINPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicydefinitionversionbuilt #> function Get-AzPolicyDefinitionVersionBuilt { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersion])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition. ${PolicyDefinitionName}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='GetViaIdentityPolicyDefinition', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The policy definition version. # The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ${PolicyDefinitionVersion}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='GetViaIdentityPolicyDefinition', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicyDefinitionInputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Az.Policy.private\Get-AzPolicyDefinitionVersionBuilt_Get'; GetViaIdentity = 'Az.Policy.private\Get-AzPolicyDefinitionVersionBuilt_GetViaIdentity'; GetViaIdentityPolicyDefinition = 'Az.Policy.private\Get-AzPolicyDefinitionVersionBuilt_GetViaIdentityPolicyDefinition'; List = 'Az.Policy.private\Get-AzPolicyDefinitionVersionBuilt_List'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation retrieves the policy definition version in the given subscription with the given name. .Description This operation retrieves the policy definition version in the given subscription with the given name. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersion .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersionListResult .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYDEFINITION1INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYDEFINITIONINPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicydefinitionversion #> function Get-AzPolicyDefinitionVersion { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersion], [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersionListResult])] [CmdletBinding(DefaultParameterSetName='List1', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='Get1', Mandatory)] [Parameter(ParameterSetName='List2', Mandatory)] [Parameter(ParameterSetName='List3', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition. ${PolicyDefinitionName}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='Get1', Mandatory)] [Parameter(ParameterSetName='GetViaIdentityPolicyDefinition', Mandatory)] [Parameter(ParameterSetName='GetViaIdentityPolicyDefinition1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The policy definition version. # The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ${PolicyDefinitionVersion}, [Parameter(ParameterSetName='Get')] [Parameter(ParameterSetName='List1')] [Parameter(ParameterSetName='List2')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String[]] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='Get1', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Parameter(ParameterSetName='List3', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. # The name is case insensitive. ${ManagementGroupName}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='GetViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='GetViaIdentityPolicyDefinition', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicyDefinitionInputObject}, [Parameter(ParameterSetName='GetViaIdentityPolicyDefinition1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicyDefinition1InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Az.Policy.private\Get-AzPolicyDefinitionVersion_Get'; Get1 = 'Az.Policy.private\Get-AzPolicyDefinitionVersion_Get1'; GetViaIdentity = 'Az.Policy.private\Get-AzPolicyDefinitionVersion_GetViaIdentity'; GetViaIdentity1 = 'Az.Policy.private\Get-AzPolicyDefinitionVersion_GetViaIdentity1'; GetViaIdentityPolicyDefinition = 'Az.Policy.private\Get-AzPolicyDefinitionVersion_GetViaIdentityPolicyDefinition'; GetViaIdentityPolicyDefinition1 = 'Az.Policy.private\Get-AzPolicyDefinitionVersion_GetViaIdentityPolicyDefinition1'; List = 'Az.Policy.private\Get-AzPolicyDefinitionVersion_List'; List1 = 'Az.Policy.private\Get-AzPolicyDefinitionVersion_List1'; List2 = 'Az.Policy.private\Get-AzPolicyDefinitionVersion_List2'; List3 = 'Az.Policy.private\Get-AzPolicyDefinitionVersion_List3'; } if (('Get', 'List1', 'List2') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation retrieves the policy definition in the given subscription with the given name. .Description This operation retrieves the policy definition in the given subscription with the given name. .Example Get-AzPolicyDefinition .Example Get-AzPolicyDefinition -Name 'VMPolicyDefinition' .Example Get-AzPolicyDefinition -Name 'VMPolicyDefinition' -ManagementGroupName 'Dept42' .Example Get-AzPolicyDefinition -SubscriptionId '3bf44b72-c631-427a-b8c8-53e2595398ca' -Builtin .Example Get-AzPolicyDefinition | Where-Object {$_.Properties.metadata.category -eq 'Tags'} .Example Get-AzPolicyDefinition | Select-Object -Property DisplayName, Description, PolicyType, Metadata | Format-List .Example Get-AzPolicyDefinition -BackwardCompatible | Select-Object -ExpandProperty properties | Select-Object -Property DisplayName, Description, PolicyType, Metadata | Format-List .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicydefinition #> function Get-AzPolicyDefinition { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='Get1', Mandatory)] [Alias('PolicyDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition to get. ${Name}, [Parameter(ParameterSetName='Get')] [Parameter(ParameterSetName='List')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String[]] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='GetViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='List')] [Parameter(ParameterSetName='List1')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.String] # The filter to apply on the operation. # Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. # If $filter is not provided, no filtering is performed. # If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. # If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. # Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. # If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. ${Filter}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Az.Policy.private\Get-AzPolicyDefinition_Get'; Get1 = 'Az.Policy.private\Get-AzPolicyDefinition_Get1'; GetViaIdentity = 'Az.Policy.private\Get-AzPolicyDefinition_GetViaIdentity'; GetViaIdentity1 = 'Az.Policy.private\Get-AzPolicyDefinition_GetViaIdentity1'; List = 'Az.Policy.private\Get-AzPolicyDefinition_List'; List1 = 'Az.Policy.private\Get-AzPolicyDefinition_List1'; } if (('Get', 'List') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } if (('Get1', 'List1') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('ManagementGroupId') ) { $PSBoundParameters['ManagementGroupId'] = { "" } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation retrieves a single policy exemption, given its name and the scope it was created at. .Description This operation retrieves a single policy exemption, given its name and the scope it was created at. .Example Get-AzPolicyExemption .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' Get-AzPolicyExemption -Name 'PolicyExemption07' -Scope $ResourceGroup.ResourceId .Example $Assignment = Get-AzPolicyAssignment -Name 'PolicyAssignment07' Get-AzPolicyExemption -PolicyAssignmentIdFilter $Assignment.ResourceId .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicyexemption #> function Get-AzPolicyExemption { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Alias('PolicyExemptionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy exemption to delete. ${Name}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy exemption. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='List')] [Parameter(ParameterSetName='List1')] [Parameter(ParameterSetName='List2')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String[]] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='List1', Mandatory)] [Parameter(ParameterSetName='List2', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the resource group containing the resource. ${ResourceGroupName}, [Parameter(ParameterSetName='List2', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The parent resource path. # Use empty string if there is none. ${ParentResourcePath}, [Parameter(ParameterSetName='List2', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the resource. ${ResourceName}, [Parameter(ParameterSetName='List2', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The namespace of the resource provider. # For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) ${ResourceProviderNamespace}, [Parameter(ParameterSetName='List2', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The resource type name. # For example the type name of a web app is 'sites' (from Microsoft.Web/sites). ${ResourceType}, [Parameter(ParameterSetName='List')] [Parameter(ParameterSetName='List1')] [Parameter(ParameterSetName='List2')] [Parameter(ParameterSetName='List3')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.String] # The filter to apply on the operation. # Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}''. # If $filter is not provided, no filtering is performed. # If $filter is not provided, the unfiltered list includes all policy exemptions associated with the scope, including those that apply directly or apply from containing scopes. # If $filter=atScope() is provided, the returned list only includes all policy exemptions that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. # If $filter=atExactScope() is provided, the returned list only includes all policy exemptions that at the given scope. # If $filter=excludeExpired() is provided, the returned list only includes all policy exemptions that either haven't expired or didn't set expiration date. # If $filter=policyAssignmentId eq '{value}' is provided. # the returned list only includes all policy exemptions that are associated with the give policyAssignmentId. ${Filter}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Az.Policy.private\Get-AzPolicyExemption_Get'; GetViaIdentity = 'Az.Policy.private\Get-AzPolicyExemption_GetViaIdentity'; List = 'Az.Policy.private\Get-AzPolicyExemption_List'; List1 = 'Az.Policy.private\Get-AzPolicyExemption_List1'; List2 = 'Az.Policy.private\Get-AzPolicyExemption_List2'; List3 = 'Az.Policy.private\Get-AzPolicyExemption_List3'; } if (('List', 'List1', 'List2') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } if (('List3') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('ManagementGroupId') ) { $PSBoundParameters['ManagementGroupId'] = { "" } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation retrieves the built-in policy set definition with the given name. .Description This operation retrieves the built-in policy set definition with the given name. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicysetdefinitionbuilt #> function Get-AzPolicySetDefinitionBuilt { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition to get. ${PolicySetDefinitionName}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='List')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.String] # The filter to apply on the operation. # Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. # If $filter is not provided, no filtering is performed. # If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. # If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. # Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. # If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}. ${Filter}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Az.Policy.private\Get-AzPolicySetDefinitionBuilt_Get'; GetViaIdentity = 'Az.Policy.private\Get-AzPolicySetDefinitionBuilt_GetViaIdentity'; List = 'Az.Policy.private\Get-AzPolicySetDefinitionBuilt_List'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation lists all the built-in policy set definition versions for all built-in policy set definitions. .Description This operation lists all the built-in policy set definition versions for all built-in policy set definitions. .Example {{ Add code here }} .Example {{ Add code here }} .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersionListResult .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicysetdefinitionversionbuiltin #> function Get-AzPolicySetDefinitionVersionBuiltin { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersionListResult])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ List = 'Az.Policy.private\Get-AzPolicySetDefinitionVersionBuiltin_List'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation retrieves the built-in policy set definition version with the given name and version. .Description This operation retrieves the built-in policy set definition version with the given name and version. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersion .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYSETDEFINITIONINPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicysetdefinitionversionbuilt #> function Get-AzPolicySetDefinitionVersionBuilt { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersion])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='GetViaIdentityPolicySetDefinition', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The policy set definition version. # The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ${PolicyDefinitionVersion}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition. ${PolicySetDefinitionName}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='GetViaIdentityPolicySetDefinition', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicySetDefinitionInputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Az.Policy.private\Get-AzPolicySetDefinitionVersionBuilt_Get'; GetViaIdentity = 'Az.Policy.private\Get-AzPolicySetDefinitionVersionBuilt_GetViaIdentity'; GetViaIdentityPolicySetDefinition = 'Az.Policy.private\Get-AzPolicySetDefinitionVersionBuilt_GetViaIdentityPolicySetDefinition'; List = 'Az.Policy.private\Get-AzPolicySetDefinitionVersionBuilt_List'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation retrieves the policy set definition version in the given subscription with the given name and version. .Description This operation retrieves the policy set definition version in the given subscription with the given name and version. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersion .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersionListResult .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYSETDEFINITION1INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYSETDEFINITIONINPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicysetdefinitionversion #> function Get-AzPolicySetDefinitionVersion { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersion], [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersionListResult])] [CmdletBinding(DefaultParameterSetName='List1', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='Get1', Mandatory)] [Parameter(ParameterSetName='GetViaIdentityPolicySetDefinition', Mandatory)] [Parameter(ParameterSetName='GetViaIdentityPolicySetDefinition1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The policy set definition version. # The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ${PolicyDefinitionVersion}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='Get1', Mandatory)] [Parameter(ParameterSetName='List2', Mandatory)] [Parameter(ParameterSetName='List3', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition. ${PolicySetDefinitionName}, [Parameter(ParameterSetName='Get')] [Parameter(ParameterSetName='List1')] [Parameter(ParameterSetName='List2')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String[]] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='Get1', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Parameter(ParameterSetName='List3', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. # The name is case insensitive. ${ManagementGroupName}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='GetViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='GetViaIdentityPolicySetDefinition', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicySetDefinitionInputObject}, [Parameter(ParameterSetName='GetViaIdentityPolicySetDefinition1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicySetDefinition1InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Az.Policy.private\Get-AzPolicySetDefinitionVersion_Get'; Get1 = 'Az.Policy.private\Get-AzPolicySetDefinitionVersion_Get1'; GetViaIdentity = 'Az.Policy.private\Get-AzPolicySetDefinitionVersion_GetViaIdentity'; GetViaIdentity1 = 'Az.Policy.private\Get-AzPolicySetDefinitionVersion_GetViaIdentity1'; GetViaIdentityPolicySetDefinition = 'Az.Policy.private\Get-AzPolicySetDefinitionVersion_GetViaIdentityPolicySetDefinition'; GetViaIdentityPolicySetDefinition1 = 'Az.Policy.private\Get-AzPolicySetDefinitionVersion_GetViaIdentityPolicySetDefinition1'; List = 'Az.Policy.private\Get-AzPolicySetDefinitionVersion_List'; List1 = 'Az.Policy.private\Get-AzPolicySetDefinitionVersion_List1'; List2 = 'Az.Policy.private\Get-AzPolicySetDefinitionVersion_List2'; List3 = 'Az.Policy.private\Get-AzPolicySetDefinitionVersion_List3'; } if (('Get', 'List1', 'List2') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation retrieves the policy set definition in the given subscription with the given name. .Description This operation retrieves the policy set definition in the given subscription with the given name. .Example Get-AzPolicySetDefinition .Example Get-AzPolicySetDefinition -Name 'VMPolicySetDefinition' .Example Get-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -subscriptionId '3bf44b72-c631-427a-b8c8-53e2595398ca' .Example Get-AzPolicySetDefinition -ManagementGroupName 'Dept42' -Custom .Example Get-AzPolicySetDefinition | Where-Object {$_.metadata.category -eq "Virtual Machine"} .Example Get-AzPolicySetDefinition -BackwardCompatible | Where-Object {$_.Properties.metadata.category -eq "Virtual Machine"} .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicysetdefinition #> function Get-AzPolicySetDefinition { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='Get1', Mandatory)] [Alias('PolicySetDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition to get. ${Name}, [Parameter(ParameterSetName='Get')] [Parameter(ParameterSetName='List')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String[]] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='GetViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='List')] [Parameter(ParameterSetName='List1')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.String] # The filter to apply on the operation. # Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. # If $filter is not provided, no filtering is performed. # If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. # If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. # Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. # If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}. ${Filter}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Az.Policy.private\Get-AzPolicySetDefinition_Get'; Get1 = 'Az.Policy.private\Get-AzPolicySetDefinition_Get1'; GetViaIdentity = 'Az.Policy.private\Get-AzPolicySetDefinition_GetViaIdentity'; GetViaIdentity1 = 'Az.Policy.private\Get-AzPolicySetDefinition_GetViaIdentity1'; List = 'Az.Policy.private\Get-AzPolicySetDefinition_List'; List1 = 'Az.Policy.private\Get-AzPolicySetDefinition_List1'; } if (('Get', 'List') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } if (('Get1', 'List1') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('ManagementGroupId') ) { $PSBoundParameters['ManagementGroupId'] = { "" } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group. .Description This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group. .Example $Subscription = Get-AzSubscription -SubscriptionName 'Subscription01' $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -Scope "/subscriptions/$($Subscription.Id)" .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -BuiltIn | Where-Object {$_.DisplayName -eq 'Allowed locations'} $Locations = Get-AzLocation | Where-Object displayname -like '*east*' $AllowedLocations = @{'listOfAllowedLocations'=($Locations.location)} New-AzPolicyAssignment -Name 'RestrictLocationPolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -PolicyParameterObject $AllowedLocations .Example { "listOfAllowedLocations": { "value": [ "westus", "westeurope", "japanwest" ] } } $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -BuiltIn | Where-Object {$_.DisplayName -eq 'Allowed locations'} New-AzPolicyAssignment -Name 'RestrictLocationPolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -PolicyParameter .\AllowedLocations.json .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -Location 'eastus' -IdentityType 'SystemAssigned' .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' $UserAssignedIdentity = Get-AzUserAssignedIdentity -ResourceGroupName 'ResourceGroup1' -Name 'UserAssignedIdentity1' New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -Location 'eastus' -IdentityType 'UserAssigned' -IdentityId $UserAssignedIdentity.Id .Example $Subscription = Get-AzSubscription -SubscriptionName 'Subscription01' $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -Scope "/subscriptions/$($Subscription.Id)" -EnforcementMode DoNotEnforce .Example $PolicySet = Get-AzPolicySetDefinition -Name 'VirtualMachinePolicySet' $NonComplianceMessages = @(@{Message="Only DsV2 SKUs are allowed."; PolicyDefinitionReferenceId="DefRef1"}, @{Message="Virtual machines must follow cost management best practices."}) New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicySetDefinition $PolicySet -NonComplianceMessage $NonComplianceMessages .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -BuiltIn | Where-Object {$_.Properties.DisplayName -eq 'Allowed locations'} $Locations = Get-AzLocation | Where-Object displayname -like '*east*' $AllowedLocations = @{'listOfAllowedLocations'=($Locations.location)} New-AzPolicyAssignment -Name 'RestrictLocationPolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -PolicyParameterObject $AllowedLocations .Example { "listOfAllowedLocations": { "value": [ "westus", "westeurope", "japanwest" ] } } $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -BuiltIn | Where-Object {$_.Properties.DisplayName -eq 'Allowed locations'} New-AzPolicyAssignment -Name 'RestrictLocationPolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -PolicyParameter .\AllowedLocations.json .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. NONCOMPLIANCEMESSAGETABLE <INonComplianceMessage[]>: The messages that describe why a resource is non-compliant with the policy. Message <String>: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. [PolicyDefinitionReferenceId <String>]: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. OVERRIDE <IOverride[]>: The policy property value override. [Kind <String>]: The override kind. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. [Value <String>]: The value to override the policy property. RESOURCESELECTOR <IResourceSelector[]>: The resource selector list to filter policies by resource properties. [Name <String>]: The name of the resource selector. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. .Link https://learn.microsoft.com/powershell/module/az.resources/new-azpolicyassignment #> function New-AzPolicyAssignment { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment])] [CmdletBinding(DefaultParameterSetName='CreateExpanded1', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Alias('PolicyAssignmentName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy assignment. ${Name}, [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy assignment. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ParameterSetName='CreateExpanded1', Mandatory)] [Alias('PolicyAssignmentId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the policy assignment to create. # Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ${Id}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The version of the policy definition to use. ${DefinitionVersion}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # This message will be part of response in case of policy violation. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy assignment. ${DisplayName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Decides if enable a system assigned identity for the resource. ${EnableSystemAssignedIdentity}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("Default", "DoNotEnforce")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy assignment enforcement mode. # Possible values are Default and DoNotEnforce. ${EnforcementMode}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The location of the policy assignment. # Only required when utilizing managed identity. ${Location}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String[]] # The policy's excluded scopes. ${NotScope}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String[]] # The array of user assigned identities associated with the resource. # The elements in array will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.' ${UserAssignedIdentity}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ CreateExpanded = 'Az.Policy.private\New-AzPolicyAssignment_CreateExpanded'; CreateExpanded1 = 'Az.Policy.private\New-AzPolicyAssignment_CreateExpanded1'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation creates or updates a policy definition in the given subscription with the given name. .Description This operation creates or updates a policy definition in the given subscription with the given name. .Example {{ Add code here }} .Example {{ Add code here }} .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersion .Link https://learn.microsoft.com/powershell/module/az.resources/new-azpolicydefinitionversion #> function New-AzPolicyDefinitionVersion { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersion])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition. ${PolicyDefinitionName}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='CreateExpanded1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. # The name is case insensitive. ${ManagementGroupName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition description. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy definition. ${DisplayName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition mode. # Some examples are All, Indexed, Microsoft.KeyVault.Data. ${Mode}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersionPropertiesPolicyRule]))] [System.Collections.Hashtable] # The policy rule. ${PolicyRule}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("NotSpecified", "BuiltIn", "Custom", "Static")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The type of policy definition. # Possible values are NotSpecified, BuiltIn, Custom, and Static. ${PolicyType}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ CreateExpanded = 'Az.Policy.private\New-AzPolicyDefinitionVersion_CreateExpanded'; CreateExpanded1 = 'Az.Policy.private\New-AzPolicyDefinitionVersion_CreateExpanded1'; } if (('CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation creates or updates a policy definition in the given subscription with the given name. .Description This operation creates or updates a policy definition in the given subscription with the given name. .Example { "if": { "field": "location", "notIn": ["eastus", "westus", "centralus"] }, "then": { "effect": "audit" } } New-AzPolicyDefinition -Name 'LocationDefinition' -Policy C:\LocationPolicy.json .Example { "if": { "field": "location", "notIn": "[parameters('listOfAllowedLocations')]" }, "then": { "effect": "audit" } } New-AzPolicyDefinition -Name 'LocationDefinition' -Policy C:\LocationPolicy.json -Parameter '{ "listOfAllowedLocations": { "type": "array" } }' .Example New-AzPolicyDefinition -Name 'VMPolicyDefinition' -ManagementGroupName Dept42 -DisplayName 'Virtual Machine policy definition' -Policy '{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"deny"}}' .Example New-AzPolicyDefinition -Name 'VMPolicyDefinition' -Metadata '{"category":"Virtual Machine"}' -Policy '{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"deny"}}' | Format-List .Example New-AzPolicyDefinition -Name 'TagsPolicyDefinition' -Policy '{"if":{"value":"[less(length(field(''tags'')), 3)]","equals":true},"then":{"effect":"deny"}}' -Mode Indexed .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition .Link https://learn.microsoft.com/powershell/module/az.resources/new-azpolicydefinition #> function New-AzPolicyDefinition { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Alias('PolicyDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition to create. ${Name}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition description. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy definition. ${DisplayName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition mode. # Some examples are All, Indexed, Microsoft.KeyVault.Data. ${Mode}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("NotSpecified", "BuiltIn", "Custom", "Static")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The type of policy definition. # Possible values are NotSpecified, BuiltIn, Custom, and Static. ${PolicyType}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ CreateExpanded = 'Az.Policy.private\New-AzPolicyDefinition_CreateExpanded'; CreateExpanded1 = 'Az.Policy.private\New-AzPolicyDefinition_CreateExpanded1'; } if (('CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } if (('CreateExpanded1') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('ManagementGroupId') ) { $PSBoundParameters['ManagementGroupId'] = { "" } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation creates or updates a policy exemption with the given scope and name. Policy exemptions apply to all resources contained within their scope. For example, when you create a policy exemption at resource group scope for a policy assignment at the same or above level, the exemption exempts to all applicable resources in the resource group. .Description This operation creates or updates a policy exemption with the given scope and name. Policy exemptions apply to all resources contained within their scope. For example, when you create a policy exemption at resource group scope for a policy assignment at the same or above level, the exemption exempts to all applicable resources in the resource group. .Example $Subscription = Get-AzSubscription -SubscriptionName 'Subscription01' $Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' New-AzPolicyExemption -Name 'VirtualMachinePolicyExemption' -PolicyAssignment $Assignment -Scope "/subscriptions/$($Subscription.Id)" -ExemptionCategory Waiver .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' New-AzPolicyExemption -Name 'VirtualMachinePolicyAssignment' -PolicyAssignment $Assignment -Scope $ResourceGroup.ResourceId -ExemptionCategory Mitigated .Example $ManagementGroup = Get-AzManagementGroup -GroupName 'AManagementGroup' $Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' New-AzPolicyExemption -Name 'VirtualMachinePolicyAssignment' -PolicyAssignment $Assignment -Scope $ManagementGroup.Id -ExemptionCategory Mitigated .Example $VM = Get-AzVM -Name 'SpecialVM' $Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' New-AzPolicyExemption -Name 'VirtualMachinePolicyAssignment' -PolicyAssignment $Assignment -Scope $SpecialVM.Id -ExemptionCategory Waiver .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. RESOURCESELECTOR <IResourceSelector[]>: The resource selector list to filter policies by resource properties. [Name <String>]: The name of the resource selector. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. .Link https://learn.microsoft.com/powershell/module/az.resources/new-azpolicyexemption #> function New-AzPolicyExemption { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Alias('PolicyExemptionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy exemption to delete. ${Name}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy exemption. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("Waiver", "Mitigated")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy exemption category. # Possible values are Waiver and Mitigated. ${ExemptionCategory}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("Default", "DoNotValidate")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The option whether validate the exemption is at or under the assignment scope. ${AssignmentScopeValidation}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The description of the policy exemption. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy exemption. ${DisplayName}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String[]] # The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. ${PolicyDefinitionReferenceId}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ CreateExpanded = 'Az.Policy.private\New-AzPolicyExemption_CreateExpanded'; } if (('CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('ExpiresOnInternal') ) { $PSBoundParameters['ExpiresOnInternal'] = { "" } } if (('CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('PolicyAssignmentId') ) { $PSBoundParameters['PolicyAssignmentId'] = { "" } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation creates or updates a policy set definition version in the given subscription with the given name and version. .Description This operation creates or updates a policy set definition version in the given subscription with the given name and version. .Example {{ Add code here }} .Example {{ Add code here }} .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersion .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. POLICYDEFINITIONGROUPTABLE <IPolicyDefinitionGroup[]>: The metadata describing groups of policy definition references within the policy set definition. Name <String>: The name of the group. [AdditionalMetadataId <String>]: A resource ID of a resource that contains additional metadata about the group. [Category <String>]: The group's category. [Description <String>]: The group's description. [DisplayName <String>]: The group's display name. POLICYDEFINITIONTABLE <IPolicyDefinitionReference[]>: An array of policy definition references. PolicyDefinitionId <String>: The ID of the policy definition or policy set definition. [DefinitionVersion <String>]: The version of the policy definition to use. [GroupName <List<String>>]: The name of the groups that this policy definition reference belongs to. [Id <String>]: A unique id (within the policy set definition) for this policy definition reference. [Parameter <IParameterValues>]: The parameter values for the referenced policy rule. The keys are the parameter names. [(Any) <Object>]: This indicates any property can be added to this object. .Link https://learn.microsoft.com/powershell/module/az.resources/new-azpolicysetdefinitionversion #> function New-AzPolicySetDefinitionVersion { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersion])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition. ${PolicySetDefinitionName}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='CreateExpanded1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. # The name is case insensitive. ${ManagementGroupName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy set definition description. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy set definition. ${DisplayName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("NotSpecified", "BuiltIn", "Custom", "Static")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The type of policy definition. # Possible values are NotSpecified, BuiltIn, Custom, and Static. ${PolicyType}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ CreateExpanded = 'Az.Policy.private\New-AzPolicySetDefinitionVersion_CreateExpanded'; CreateExpanded1 = 'Az.Policy.private\New-AzPolicySetDefinitionVersion_CreateExpanded1'; } if (('CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation creates or updates a policy set definition in the given subscription with the given name. .Description This operation creates or updates a policy set definition in the given subscription with the given name. .Example [ { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498", "parameters": { "tagName": { "value": "Business Unit" }, "tagValue": { "value": "Finance" } } }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf" } ] New-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -Metadata '{"category":"Virtual Machine"}' -PolicyDefinition C:\VMPolicySet.json .Example [ { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498", "parameters": { "tagName": { "value": "Business Unit" }, "tagValue": { "value": "[parameters('buTagValue')]" } } }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf" } ] New-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -PolicyDefinition C:\VMPolicySet.json -Parameter '{ "buTagValue": { "type": "string" } }' .Example [ { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498", "groupNames": [ "group1" ] }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf", "groupNames": [ "group2" ] } ] $groupsJson = ConvertTo-Json @{ name = "group1" }, @{ name = "group2" } New-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -GroupDefinition $groupsJson -PolicyDefinition C:\VMPolicySet.json .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. POLICYDEFINITIONGROUPTABLE <IPolicyDefinitionGroup[]>: The metadata describing groups of policy definition references within the policy set definition. Name <String>: The name of the group. [AdditionalMetadataId <String>]: A resource ID of a resource that contains additional metadata about the group. [Category <String>]: The group's category. [Description <String>]: The group's description. [DisplayName <String>]: The group's display name. POLICYDEFINITIONTABLE <IPolicyDefinitionReference[]>: An array of policy definition references. PolicyDefinitionId <String>: The ID of the policy definition or policy set definition. [DefinitionVersion <String>]: The version of the policy definition to use. [GroupName <List<String>>]: The name of the groups that this policy definition reference belongs to. [Id <String>]: A unique id (within the policy set definition) for this policy definition reference. [Parameter <IParameterValues>]: The parameter values for the referenced policy rule. The keys are the parameter names. [(Any) <Object>]: This indicates any property can be added to this object. .Link https://learn.microsoft.com/powershell/module/az.resources/new-azpolicysetdefinition #> function New-AzPolicySetDefinition { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Alias('PolicySetDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition to create. ${Name}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy set definition description. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy set definition. ${DisplayName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("NotSpecified", "BuiltIn", "Custom", "Static")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The type of policy set definition. # Possible values are NotSpecified, BuiltIn, Custom, and Static. ${PolicyType}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ CreateExpanded = 'Az.Policy.private\New-AzPolicySetDefinition_CreateExpanded'; CreateExpanded1 = 'Az.Policy.private\New-AzPolicySetDefinition_CreateExpanded1'; } if (('CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } if (('CreateExpanded1') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('ManagementGroupId') ) { $PSBoundParameters['ManagementGroupId'] = { "" } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. .Description This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' Remove-AzPolicyAssignment -Name 'PolicyAssignment07' -Scope $ResourceGroup.ResourceId -Force .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment07' -Scope $ResourceGroup.ResourceId Remove-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -Confirm:$false .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment07' -Scope $ResourceGroup.ResourceId Remove-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -Confirm:$false -BackwardCompatible True .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/remove-azpolicyassignment #> function Remove-AzPolicyAssignment { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment])] [CmdletBinding(DefaultParameterSetName='Delete1', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Alias('PolicyAssignmentName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy assignment to delete. ${Name}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy assignment. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ParameterSetName='Delete1', Mandatory)] [Alias('PolicyAssignmentId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the policy assignment to delete. # Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ${Id}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Az.Policy.private\Remove-AzPolicyAssignment_Delete'; Delete1 = 'Az.Policy.private\Remove-AzPolicyAssignment_Delete1'; DeleteViaIdentity = 'Az.Policy.private\Remove-AzPolicyAssignment_DeleteViaIdentity'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation deletes the policy definition version in the given subscription with the given name. .Description This operation deletes the policy definition version in the given subscription with the given name. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYDEFINITION1INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYDEFINITIONINPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/remove-azpolicydefinitionversion #> function Remove-AzPolicyDefinitionVersion { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Parameter(ParameterSetName='Delete1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition. ${PolicyDefinitionName}, [Parameter(ParameterSetName='Delete', Mandatory)] [Parameter(ParameterSetName='Delete1', Mandatory)] [Parameter(ParameterSetName='DeleteViaIdentityPolicyDefinition', Mandatory)] [Parameter(ParameterSetName='DeleteViaIdentityPolicyDefinition1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The policy definition version. # The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ${PolicyDefinitionVersion}, [Parameter(ParameterSetName='Delete')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='Delete1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. # The name is case insensitive. ${ManagementGroupName}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='DeleteViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='DeleteViaIdentityPolicyDefinition', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicyDefinitionInputObject}, [Parameter(ParameterSetName='DeleteViaIdentityPolicyDefinition1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicyDefinition1InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Az.Policy.private\Remove-AzPolicyDefinitionVersion_Delete'; Delete1 = 'Az.Policy.private\Remove-AzPolicyDefinitionVersion_Delete1'; DeleteViaIdentity = 'Az.Policy.private\Remove-AzPolicyDefinitionVersion_DeleteViaIdentity'; DeleteViaIdentity1 = 'Az.Policy.private\Remove-AzPolicyDefinitionVersion_DeleteViaIdentity1'; DeleteViaIdentityPolicyDefinition = 'Az.Policy.private\Remove-AzPolicyDefinitionVersion_DeleteViaIdentityPolicyDefinition'; DeleteViaIdentityPolicyDefinition1 = 'Az.Policy.private\Remove-AzPolicyDefinitionVersion_DeleteViaIdentityPolicyDefinition1'; } if (('Delete') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation deletes the policy definition in the given subscription with the given name. .Description This operation deletes the policy definition in the given subscription with the given name. .Example Remove-AzPolicyDefinition -Name 'VMPolicyDefinition' .Example $PolicyDefinition = Get-AzPolicyDefinition -Name 'VMPolicyDefinition' Remove-AzPolicyDefinition -Id $PolicyDefinition.ResourceId -Force .Example $PolicyDefinition = Get-AzPolicyDefinition -Name 'VMPolicyDefinition' Remove-AzPolicyDefinition -Id $PolicyDefinition.ResourceId -Force -BackwardCompatible True .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/remove-azpolicydefinition #> function Remove-AzPolicyDefinition { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Parameter(ParameterSetName='Delete1', Mandatory)] [Alias('PolicyDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition to delete. ${Name}, [Parameter(ParameterSetName='Delete')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='DeleteViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Az.Policy.private\Remove-AzPolicyDefinition_Delete'; Delete1 = 'Az.Policy.private\Remove-AzPolicyDefinition_Delete1'; DeleteViaIdentity = 'Az.Policy.private\Remove-AzPolicyDefinition_DeleteViaIdentity'; DeleteViaIdentity1 = 'Az.Policy.private\Remove-AzPolicyDefinition_DeleteViaIdentity1'; } if (('Delete') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } if (('Delete1') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('ManagementGroupId') ) { $PSBoundParameters['ManagementGroupId'] = { "" } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation deletes a policy exemption, given its name and the scope it was created in. The scope of a policy exemption is the part of its ID preceding '/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}'. .Description This operation deletes a policy exemption, given its name and the scope it was created in. The scope of a policy exemption is the part of its ID preceding '/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}'. .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' Remove-AzPolicyExemption -Name 'PolicyExemption07' -Scope $ResourceGroup.ResourceId -Confirm .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' -Scope $ResourceGroup.ResourceId Remove-AzPolicyExemption -Id $PolicyExemption.ResourceId -Confirm .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' -Scope $ResourceGroup.ResourceId Remove-AzPolicyExemption -Id $PolicyExemption.ResourceId -Force -BackwardCompatible True .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/remove-azpolicyexemption #> function Remove-AzPolicyExemption { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Alias('PolicyExemptionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy exemption to delete. ${Name}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy exemption. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Az.Policy.private\Remove-AzPolicyExemption_Delete'; DeleteViaIdentity = 'Az.Policy.private\Remove-AzPolicyExemption_DeleteViaIdentity'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation deletes the policy set definition version in the given subscription with the given name and version. .Description This operation deletes the policy set definition version in the given subscription with the given name and version. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYSETDEFINITION1INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYSETDEFINITIONINPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/remove-azpolicysetdefinitionversion #> function Remove-AzPolicySetDefinitionVersion { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Parameter(ParameterSetName='Delete1', Mandatory)] [Parameter(ParameterSetName='DeleteViaIdentityPolicySetDefinition', Mandatory)] [Parameter(ParameterSetName='DeleteViaIdentityPolicySetDefinition1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The policy set definition version. # The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number ${PolicyDefinitionVersion}, [Parameter(ParameterSetName='Delete', Mandatory)] [Parameter(ParameterSetName='Delete1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition. ${PolicySetDefinitionName}, [Parameter(ParameterSetName='Delete')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='Delete1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. # The name is case insensitive. ${ManagementGroupName}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='DeleteViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='DeleteViaIdentityPolicySetDefinition', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicySetDefinitionInputObject}, [Parameter(ParameterSetName='DeleteViaIdentityPolicySetDefinition1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicySetDefinition1InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Az.Policy.private\Remove-AzPolicySetDefinitionVersion_Delete'; Delete1 = 'Az.Policy.private\Remove-AzPolicySetDefinitionVersion_Delete1'; DeleteViaIdentity = 'Az.Policy.private\Remove-AzPolicySetDefinitionVersion_DeleteViaIdentity'; DeleteViaIdentity1 = 'Az.Policy.private\Remove-AzPolicySetDefinitionVersion_DeleteViaIdentity1'; DeleteViaIdentityPolicySetDefinition = 'Az.Policy.private\Remove-AzPolicySetDefinitionVersion_DeleteViaIdentityPolicySetDefinition'; DeleteViaIdentityPolicySetDefinition1 = 'Az.Policy.private\Remove-AzPolicySetDefinitionVersion_DeleteViaIdentityPolicySetDefinition1'; } if (('Delete') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation deletes the policy set definition in the given subscription with the given name. .Description This operation deletes the policy set definition in the given subscription with the given name. .Example $PolicySetDefinition = Get-AzPolicySetDefinition -ResourceId '/subscriptions/mySub/Microsoft.Authorization/policySetDefinitions/myPSSetDefinition' Remove-AzPolicySetDefinition -Id $PolicySetDefinition.ResourceId -Force .Example $PolicySetDefinition = Get-AzPolicySetDefinition -ResourceId '/subscriptions/mySub/Microsoft.Authorization/policySetDefinitions/myPSSetDefinition' Remove-AzPolicySetDefinition -Id $PolicySetDefinition.ResourceId -Force -BackwardCompatible True .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/remove-azpolicysetdefinition #> function Remove-AzPolicySetDefinition { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Parameter(ParameterSetName='Delete1', Mandatory)] [Alias('PolicySetDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition to delete. ${Name}, [Parameter(ParameterSetName='Delete')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. # The value must be an UUID. ${SubscriptionId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='DeleteViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Az.Policy.private\Remove-AzPolicySetDefinition_Delete'; Delete1 = 'Az.Policy.private\Remove-AzPolicySetDefinition_Delete1'; DeleteViaIdentity = 'Az.Policy.private\Remove-AzPolicySetDefinition_DeleteViaIdentity'; DeleteViaIdentity1 = 'Az.Policy.private\Remove-AzPolicySetDefinition_DeleteViaIdentity1'; } if (('Delete') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId') ) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } if (('Delete1') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('ManagementGroupId') ) { $PSBoundParameters['ManagementGroupId'] = { "" } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'. .Description This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'. .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' -Scope $ResourceGroup.ResourceId Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -DisplayName 'Do not allow VM creation' .Example $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -IdentityType 'SystemAssigned' -Location 'westus' .Example $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' $UserAssignedIdentity = Get-AzUserAssignedIdentity -ResourceGroupName 'ResourceGroup1' -Name 'UserAssignedIdentity1' Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -IdentityType 'UserAssigned' -Location 'westus' -IdentityId $UserAssignedIdentity.Id .Example $Locations = Get-AzLocation | Where-Object {($_.displayname -like 'france*') -or ($_.displayname -like 'uk*')} $AllowedLocations = @{'listOfAllowedLocations'=($Locations.location)} $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -PolicyParameterObject $AllowedLocations .Example { "listOfAllowedLocations": { "value": [ "uksouth", "ukwest", "francecentral", "francesouth" ] } } Update-AzPolicyAssignment -Name 'PolicyAssignment' -PolicyParameter .\AllowedLocations.json .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' -Scope $ResourceGroup.ResourceId Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -EnforcementMode Default .Example $PolicyAssignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicy' Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -NonComplianceMessage @{Message="All resources must follow resource naming guidelines."} .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' -Scope $ResourceGroup.ResourceId Set-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -EnforcementMode Default .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. NONCOMPLIANCEMESSAGETABLE <INonComplianceMessage[]>: The messages that describe why a resource is non-compliant with the policy. Message <String>: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. [PolicyDefinitionReferenceId <String>]: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. OVERRIDE <IOverride[]>: The policy property value override. [Kind <String>]: The override kind. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. [Value <String>]: The value to override the policy property. RESOURCESELECTOR <IResourceSelector[]>: The resource selector list to filter policies by resource properties. [Name <String>]: The name of the resource selector. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. .Link https://learn.microsoft.com/powershell/module/az.resources/update-azpolicyassignment #> function Update-AzPolicyAssignment { [Alias('Set-AzPolicyAssignment')] [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Alias('PolicyAssignmentId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the policy assignment to create. # Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ${Id}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The version of the policy definition to use. ${DefinitionVersion}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # This message will be part of response in case of policy violation. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy assignment. ${DisplayName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Nullable[System.Boolean]] # Decides if enable a system assigned identity for the resource. ${EnableSystemAssignedIdentity}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("Default", "DoNotEnforce")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy assignment enforcement mode. # Possible values are Default and DoNotEnforce. ${EnforcementMode}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The location of the policy assignment. # Only required when utilizing managed identity. ${Location}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String[]] # The policy's excluded scopes. ${NotScope}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String[]] # The array of user assigned identities associated with the resource. # The elements in array will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.' ${UserAssignedIdentity}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ UpdateExpanded = 'Az.Policy.private\Update-AzPolicyAssignment_UpdateExpanded'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation creates or updates a policy definition version in the given management group with the given name. .Description This operation creates or updates a policy definition version in the given management group with the given name. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersion .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYDEFINITIONINPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/update-azpolicydefinitionversion #> function Update-AzPolicyDefinitionVersion { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersion])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. # The name is case insensitive. ${ManagementGroupName}, [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition. ${PolicyDefinitionName}, [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='UpdateViaIdentityPolicyDefinitionExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicyDefinitionInputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition description. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy definition. ${DisplayName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition mode. # Some examples are All, Indexed, Microsoft.KeyVault.Data. ${Mode}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionVersionPropertiesPolicyRule]))] [System.Collections.Hashtable] # The policy rule. ${PolicyRule}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("NotSpecified", "BuiltIn", "Custom", "Static")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The type of policy definition. # Possible values are NotSpecified, BuiltIn, Custom, and Static. ${PolicyType}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ UpdateExpanded = 'Az.Policy.private\Update-AzPolicyDefinitionVersion_UpdateExpanded'; UpdateViaIdentityExpanded = 'Az.Policy.private\Update-AzPolicyDefinitionVersion_UpdateViaIdentityExpanded'; UpdateViaIdentityPolicyDefinitionExpanded = 'Az.Policy.private\Update-AzPolicyDefinitionVersion_UpdateViaIdentityPolicyDefinitionExpanded'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation creates or updates a policy definition in the given management group with the given name. .Description This operation creates or updates a policy definition in the given management group with the given name. .Example $PolicyDefinition = Get-AzPolicyDefinition -Name 'VMPolicyDefinition' Update-AzPolicyDefinition -Id $PolicyDefinition.ResourceId -Description 'Updated policy to not allow virtual machine creation' .Example Update-AzPolicyDefinition -Name 'VMPolicyDefinition' -Mode 'All' .Example Update-AzPolicyDefinition -Name 'VMPolicyDefinition' -Metadata '{"category":"Virtual Machine"}' .Example Set-AzPolicyDefinition -Name 'VMPolicyDefinition' -Mode 'All' .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/update-azpolicydefinition #> function Update-AzPolicyDefinition { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Alias('PolicyDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition to create. ${Name}, [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition description. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy definition. ${DisplayName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition mode. # Some examples are All, Indexed, Microsoft.KeyVault.Data. ${Mode}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionPropertiesPolicyRule]))] [System.Collections.Hashtable] # The policy rule. ${PolicyRule}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("NotSpecified", "BuiltIn", "Custom", "Static")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The type of policy definition. # Possible values are NotSpecified, BuiltIn, Custom, and Static. ${PolicyType}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ UpdateExpanded = 'Az.Policy.private\Update-AzPolicyDefinition_UpdateExpanded'; UpdateViaIdentityExpanded = 'Az.Policy.private\Update-AzPolicyDefinition_UpdateViaIdentityExpanded'; } if (('UpdateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('ManagementGroupId') ) { $PSBoundParameters['ManagementGroupId'] = { "" } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation updates a policy exemption with the given scope and name. .Description This operation updates a policy exemption with the given scope and name. .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' -Scope $ResourceGroup.ResourceId Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -DisplayName 'Exempt VM creation limit' .Example $NextMonth = (Get-Date).AddMonths(1) $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -ExpiresOn $NextMonth .Example $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -ClearExpiration .Example $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -ExemptionCategory Mitigated .Example $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' Set-AzPolicyExemption -Id $PolicyExemption.ResourceId -ClearExpiration .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. RESOURCESELECTOR <IResourceSelector[]>: The resource selector list to filter policies by resource properties. [Name <String>]: The name of the resource selector. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. .Link https://learn.microsoft.com/powershell/module/az.resources/update-azpolicyexemption #> function Update-AzPolicyExemption { [Alias('Set-AzPolicyExemption')] [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Alias('PolicyExemptionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy exemption to delete. ${Name}, [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy exemption. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("Default", "DoNotValidate")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The option whether validate the exemption is at or under the assignment scope. ${AssignmentScopeValidation}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ UpdateExpanded = 'Az.Policy.private\Update-AzPolicyExemption_UpdateExpanded'; UpdateViaIdentityExpanded = 'Az.Policy.private\Update-AzPolicyExemption_UpdateViaIdentityExpanded'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation creates or updates a policy set definition version in the given management group with the given name and version. .Description This operation creates or updates a policy set definition version in the given management group with the given name and version. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersion .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYDEFINITIONGROUPTABLE <IPolicyDefinitionGroup[]>: The metadata describing groups of policy definition references within the policy set definition. Name <String>: The name of the group. [AdditionalMetadataId <String>]: A resource ID of a resource that contains additional metadata about the group. [Category <String>]: The group's category. [Description <String>]: The group's description. [DisplayName <String>]: The group's display name. POLICYDEFINITIONTABLE <IPolicyDefinitionReference[]>: An array of policy definition references. PolicyDefinitionId <String>: The ID of the policy definition or policy set definition. [DefinitionVersion <String>]: The version of the policy definition to use. [GroupName <List<String>>]: The name of the groups that this policy definition reference belongs to. [Id <String>]: A unique id (within the policy set definition) for this policy definition reference. [Parameter <IParameterValues>]: The parameter values for the referenced policy rule. The keys are the parameter names. [(Any) <Object>]: This indicates any property can be added to this object. POLICYSETDEFINITIONINPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/update-azpolicysetdefinitionversion #> function Update-AzPolicySetDefinitionVersion { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionVersion])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. # The name is case insensitive. ${ManagementGroupName}, [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition. ${PolicySetDefinitionName}, [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter(ParameterSetName='UpdateViaIdentityPolicySetDefinitionExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${PolicySetDefinitionInputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy set definition description. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy set definition. ${DisplayName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("NotSpecified", "BuiltIn", "Custom", "Static")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The type of policy definition. # Possible values are NotSpecified, BuiltIn, Custom, and Static. ${PolicyType}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ UpdateExpanded = 'Az.Policy.private\Update-AzPolicySetDefinitionVersion_UpdateExpanded'; UpdateViaIdentityExpanded = 'Az.Policy.private\Update-AzPolicySetDefinitionVersion_UpdateViaIdentityExpanded'; UpdateViaIdentityPolicySetDefinitionExpanded = 'Az.Policy.private\Update-AzPolicySetDefinitionVersion_UpdateViaIdentityPolicySetDefinitionExpanded'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis This operation creates or updates a policy set definition in the given management group with the given name. .Description This operation creates or updates a policy set definition in the given management group with the given name. .Example $PolicySetDefinition = Get-AzPolicySetDefinition -ResourceId '/subscriptions/mySub/Microsoft.Authorization/policySetDefinitions/myPSSetDefinition' Update-AzPolicySetDefinition -Id $PolicySetDefinition.ResourceId -Description 'Updated policy to not allow virtual machine creation' .Example Update-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -Metadata '{"category":"Virtual Machine"}' .Example Update-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -GroupDefinition '[{ "name": "group1", "displayName": "Virtual Machine Security" }, { "name": "group2" }]' .Example $groupsJson = ConvertTo-Json @{ name = "group1"; displayName = "Virtual Machine Security" }, @{ name = "group2" } Update-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -GroupDefinition $groupsJson .Example Set-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -Metadata '{"category":"Virtual Machine"}' .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. POLICYDEFINITIONGROUPTABLE <IPolicyDefinitionGroup[]>: The metadata describing groups of policy definition references within the policy set definition. Name <String>: The name of the group. [AdditionalMetadataId <String>]: A resource ID of a resource that contains additional metadata about the group. [Category <String>]: The group's category. [Description <String>]: The group's description. [DisplayName <String>]: The group's display name. POLICYDEFINITIONTABLE <IPolicyDefinitionReference[]>: An array of policy definition references. PolicyDefinitionId <String>: The ID of the policy definition or policy set definition. [DefinitionVersion <String>]: The version of the policy definition to use. [GroupName <List<String>>]: The name of the groups that this policy definition reference belongs to. [Id <String>]: A unique id (within the policy set definition) for this policy definition reference. [Parameter <IParameterValues>]: The parameter values for the referenced policy rule. The keys are the parameter names. [(Any) <Object>]: This indicates any property can be added to this object. .Link https://learn.microsoft.com/powershell/module/az.resources/update-azpolicysetdefinition #> function Update-AzPolicySetDefinition { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Alias('PolicySetDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition to create. ${Name}, [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter ${InputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy set definition description. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy set definition. ${DisplayName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("NotSpecified", "BuiltIn", "Custom", "Static")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The type of policy set definition. # Possible values are NotSpecified, BuiltIn, Custom, and Static. ${PolicyType}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ UpdateExpanded = 'Az.Policy.private\Update-AzPolicySetDefinition_UpdateExpanded'; UpdateViaIdentityExpanded = 'Az.Policy.private\Update-AzPolicySetDefinition_UpdateViaIdentityExpanded'; } if (('UpdateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('ManagementGroupId') ) { $PSBoundParameters['ManagementGroupId'] = { "" } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } # SIG # Begin signature block # MIInvwYJKoZIhvcNAQcCoIInsDCCJ6wCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDOZ9OUG8c3AXtw # SGCapMLyFJ/aaTEIvSLnCrzzZu+71qCCDXYwggX0MIID3KADAgECAhMzAAADrzBA # DkyjTQVBAAAAAAOvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwOTAwWhcNMjQxMTE0MTkwOTAwWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDOS8s1ra6f0YGtg0OhEaQa/t3Q+q1MEHhWJhqQVuO5amYXQpy8MDPNoJYk+FWA # hePP5LxwcSge5aen+f5Q6WNPd6EDxGzotvVpNi5ve0H97S3F7C/axDfKxyNh21MG # 0W8Sb0vxi/vorcLHOL9i+t2D6yvvDzLlEefUCbQV/zGCBjXGlYJcUj6RAzXyeNAN # xSpKXAGd7Fh+ocGHPPphcD9LQTOJgG7Y7aYztHqBLJiQQ4eAgZNU4ac6+8LnEGAL # go1ydC5BJEuJQjYKbNTy959HrKSu7LO3Ws0w8jw6pYdC1IMpdTkk2puTgY2PDNzB # tLM4evG7FYer3WX+8t1UMYNTAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQURxxxNPIEPGSO8kqz+bgCAQWGXsEw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMTgyNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAISxFt/zR2frTFPB45Yd # mhZpB2nNJoOoi+qlgcTlnO4QwlYN1w/vYwbDy/oFJolD5r6FMJd0RGcgEM8q9TgQ # 2OC7gQEmhweVJ7yuKJlQBH7P7Pg5RiqgV3cSonJ+OM4kFHbP3gPLiyzssSQdRuPY # 1mIWoGg9i7Y4ZC8ST7WhpSyc0pns2XsUe1XsIjaUcGu7zd7gg97eCUiLRdVklPmp # XobH9CEAWakRUGNICYN2AgjhRTC4j3KJfqMkU04R6Toyh4/Toswm1uoDcGr5laYn # TfcX3u5WnJqJLhuPe8Uj9kGAOcyo0O1mNwDa+LhFEzB6CB32+wfJMumfr6degvLT # e8x55urQLeTjimBQgS49BSUkhFN7ois3cZyNpnrMca5AZaC7pLI72vuqSsSlLalG # OcZmPHZGYJqZ0BacN274OZ80Q8B11iNokns9Od348bMb5Z4fihxaBWebl8kWEi2O # PvQImOAeq3nt7UWJBzJYLAGEpfasaA3ZQgIcEXdD+uwo6ymMzDY6UamFOfYqYWXk # ntxDGu7ngD2ugKUuccYKJJRiiz+LAUcj90BVcSHRLQop9N8zoALr/1sJuwPrVAtx # HNEgSW+AKBqIxYWM4Ev32l6agSUAezLMbq5f3d8x9qzT031jMDT+sUAoCw0M5wVt # CUQcqINPuYjbS1WgJyZIiEkBMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGZ8wghmbAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAOvMEAOTKNNBUEAAAAAA68wDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIIAUQXvDwob8kWkGaS9zRaAc # 2rLZcfpNgvdaCfylKX0EMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAAd2i++JABox17Yl4A7c00qLlZTRhLikiIaplC0tGpUkL4Yv0rgdm0cuS # aHvoS+c0Y9rVsOfFxryMOpU09qoo9VUZ+fkFpddo69cyQ2I/8JvwfnJh6fXfM+NI # dQL/DqBDHCFkNl0Pejt2APHn1KwTf3ywPQ0z2ksTKdhhgbNCRfGowd8O+iJ7EQoR # 21pALM/8w/B/it6vpME9l7WxoHzm0B0LrQkc25DZ+aM+7oMrZVbfx+tP6zH8RYdo # Q8K/1ES+yaml2+G0SwrDtQLkTg9Bud6ofWIJHytejkz4HnVtGTS3xfAIr2ZGzCU6 # cvFirHRFmN/fU/2PQHnJUQfT5NY3MqGCFykwghclBgorBgEEAYI3AwMBMYIXFTCC # FxEGCSqGSIb3DQEHAqCCFwIwghb+AgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFZBgsq # hkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCD/LLxpA5Zlh+CM4FfqdO+WDnPYouZEkdggkMa1gvHwUAIGZnL0zkSR # GBMyMDI0MDcwNDA4MzA1MS4yODdaMASAAgH0oIHYpIHVMIHSMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNO # Ojg2REYtNEJCQy05MzM1MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBT # ZXJ2aWNloIIReDCCBycwggUPoAMCAQICEzMAAAHdXVcdldStqhsAAQAAAd0wDQYJ # KoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMjMx # MDEyMTkwNzA5WhcNMjUwMTEwMTkwNzA5WjCB0jELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3Bl # cmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjo4NkRGLTRC # QkMtOTMzNTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCC # AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKhOA5RE6i53nHURH4lnfKLp # +9JvipuTtctairCxMUSrPSy5CWK2DtriQP+T52HXbN2g7AktQ1pQZbTDGFzK6d03 # vYYNrCPuJK+PRsP2FPVDjBXy5mrLRFzIHHLaiAaobE5vFJuoxZ0ZWdKMCs8acjhH # UmfaY+79/CR7uN+B4+xjJqwvdpU/mp0mAq3earyH+AKmv6lkrQN8zgrcbCgHwsqv # vqT6lEFqYpi7uKn7MAYbSeLe0pMdatV5EW6NVnXMYOTRKuGPfyfBKdShualLo88k # G7qa2mbA5l77+X06JAesMkoyYr4/9CgDFjHUpcHSODujlFBKMi168zRdLerdpW0b # BX9EDux2zBMMaEK8NyxawCEuAq7++7ktFAbl3hUKtuzYC1FUZuUl2Bq6U17S4CKs # qR3itLT9qNcb2pAJ4jrIDdll5Tgoqef5gpv+YcvBM834bXFNwytd3ujDD24P9Dd8 # xfVJvumjsBQQkK5T/qy3HrQJ8ud1nHSvtFVi5Sa/ubGuYEpS8gF6GDWN5/KbveFk # dsoTVIPo8pkWhjPs0Q7nA5+uBxQB4zljEjKz5WW7BA4wpmFm24fhBmRjV4Nbp+n7 # 8cgAjvDSfTlA6DYBcv2kx1JH2dIhaRnSeOXePT6hMF0Il598LMu0rw35ViUWcAQk # UNUTxRnqGFxz5w+ZusMDAgMBAAGjggFJMIIBRTAdBgNVHQ4EFgQUbqL1toyPUdpF # yyHSDKWj0I4lw/EwHwYDVR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYD # VR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j # cmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwG # CCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIw # MjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcD # CDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAC5U2bINLgXIHWbM # cqVuf9jkUT/K8zyLBvu5h8JrqYR2z/eaO2yo1Ooc9Shyvxbe9GZDu7kkUzxSyJ1I # ZksZZw6FDq6yZNT3PEjAEnREpRBL8S+mbXg+O4VLS0LSmb8XIZiLsaqZ0fDEcv3H # eA+/y/qKnCQWkXghpaEMwGMQzRkhGwcGdXr1zGpQ7HTxvfu57xFxZX1MkKnWFENJ # 6urd+4teUgXj0ngIOx//l3XMK3Ht8T2+zvGJNAF+5/5qBk7nr079zICbFXvxtidN # N5eoXdW+9rAIkS+UGD19AZdBrtt6dZ+OdAquBiDkYQ5kVfUMKS31yHQOGgmFxuCO # zTpWHalrqpdIllsy8KNsj5U9sONiWAd9PNlyEHHbQZDmi9/BNlOYyTt0YehLbDov # mZUNazk79Od/A917mqCdTqrExwBGUPbMP+/vdYUqaJspupBnUtjOf/76DAhVy8e/ # e6zR98PkplmliO2brL3Q3rD6+ZCVdrGM9Rm6hUDBBkvYh+YjmGdcQ5HB6WT9Rec8 # +qDHmbhLhX4Zdaard5/OXeLbgx2f7L4QQQj3KgqjqDOWInVhNE1gYtTWLHe4882d # /k7Lui0K1g8EZrKD7maOrsJLKPKlegceJ9FCqY1sDUKUhRa0EHUW+ZkKLlohKrS7 # FwjdrINWkPBgbQznCjdE2m47QjTbMIIHcTCCBVmgAwIBAgITMwAAABXF52ueAptJ # mQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNh # dGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgyMjI1WhcNMzAwOTMwMTgzMjI1 # WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD # Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCCAiIwDQYJKoZIhvcNAQEB # BQADggIPADCCAgoCggIBAOThpkzntHIhC3miy9ckeb0O1YLT/e6cBwfSqWxOdcjK # NVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+uDZnhUYjDLWNE893MsAQGOhg # fWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3oAo4bo3t1w/YJlN8OWECesSq/XJp # rx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhiJdxqD89d9P6OU8/W7IVWTe/d # vI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0hyTD4MmPfrVUj9z6BVWYbWg7mka9 # 7aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLNueKNiOSWrAFKu75xqRdbZ2De+JKR # Hh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXftnIv231fgLrbqn427DZM9itu # qBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8P0zbr17C89XYcz1DTsEzOUyO # ArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMYctenIPDC+hIK12NvDMk2ZItb # oKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9stQcxWv2XFJRXRLbJbqvUAV6 # bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtFtvUeh17aj54WcmnGrnu3tz5q4i6t # AgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQW # BBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4EFgQUn6cVXQBeYl2D9OXSZacb # UzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEFBQcCARYz # aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnku # aHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA # QwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2 # VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwu # bWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEw # LTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93 # d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYt # MjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38Kq3hLB9nATEkW+Geckv8qW/q # XBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQdTltuw8x5MKP+2zRoZQYIu7pZmc6 # U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnue99qb74py27YP0h1AdkY3m2CDPVt # I1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQJL1AoL8ZthISEV09J+BAljis # 9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1ijbCHcNhcy4sa3tuPywJeBTp # kbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP9pEB9s7GdP32THJvEKt1MMU0 # sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkkvnNtyo4JvbMBV0lUZNlz138e # W0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtqRRFHqfG3rsjoiV5PndLQTHa1V1QJ # sWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g75LcVv7TOPqUxUYS8vwLBgqJ7 # Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr4A245oyZ1uEi6vAnQj0llOZ0 # dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqKOghif9lwY1NNje6CbaUFEMFxBmoQ # tB1VM1izoXBm8qGCAtQwggI9AgEBMIIBAKGB2KSB1TCB0jELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxh # bmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjo4 # NkRGLTRCQkMtOTMzNTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2Vy # dmljZaIjCgEBMAcGBSsOAwIaAxUANiNHGWXbNaDPxnyiDbEOciSjFhCggYMwgYCk # fjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD # Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIF # AOowj4gwIhgPMjAyNDA3MDQxMTAzMzZaGA8yMDI0MDcwNTExMDMzNlowdDA6Bgor # BgEEAYRZCgQBMSwwKjAKAgUA6jCPiAIBADAHAgEAAgIBjjAHAgEAAgIR8TAKAgUA # 6jHhCAIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIBAAID # B6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUAA4GBAGBFti61qyDwU8ya675n # /dq7403ujbf3sczBWiWKxrrwCTXiIbrATTAHo+J26ZdNkEeTInsfnKCA0oTR/K9U # HLbEsMy60Of0366n7OtES2VQjEOXU2zxAa+ag1iLLSRmO3hrtNxkSQJBjvYOLCcR # /YOLSDvVaKNxWpxlDeI+ChVBMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUt # U3RhbXAgUENBIDIwMTACEzMAAAHdXVcdldStqhsAAQAAAd0wDQYJYIZIAWUDBAIB # BQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQx # IgQgCxu5kwe5UF8pqjV/Gwz1YmuE7X2g3OIklbL48s/uQ3IwgfoGCyqGSIb3DQEJ # EAIvMYHqMIHnMIHkMIG9BCBh/w4tmmWsT3iZnHtH0Vk37UCN02lRxY+RiON6wDFj # ZjCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # JjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB3V1X # HZXUraobAAEAAAHdMCIEIJ4kinE3QmDfY0TBhTP6a06FdBQtZcCuQUjitTRENUjd # MA0GCSqGSIb3DQEBCwUABIICAIVYNImPbSXiQD0prXKu/dXxKhKouubbNHoY8W70 # BPX9Zye/5Odu1dFk9dp+aVcLfWSHkxapjfScNys+xlNWbx4HaoKNMS+y9F2rkwin # /JPQ1jkJpiEBwdGOXDk7Yno5ljlK2ySGS2p3rZlcrEY1x64JpFY4TmtYFaDeMtn9 # oN2gTkQRSlLftyOcRTH5DkZdxCScke1Hvyr5If0HtcxLFGgoY2ekLey88CsWFbcp # tdibElkXxAL+7uUhsPYEl0rnPccBfxzSB5Mi/xXcepKgKAR0FctIqEF2XlhtLCzX # 6WL8hcPZ4EtHfEfi45ejk3cD5dEtHoLls81JeCBoZJIP741zc3TZ4GZ4dbT+2KCt # CW3EjygpGl1fW9Mpym6VAGAa9pd4/YDkFgdW2mqPw64ULLJOZYqfusugLkL+8wNJ # SK9uzA/VmA1AHd7jUW5IBIgvkBfE5N3O0myxwdnlP48URTm1TRgddOF1t7DgTiJs # djuuXlYiCYspAqaJrQwZb4uaORvGf2CPH7VekPZDgeV1xxkiVzDIgCrN4awnPuP8 # Glaq8NegVUU+VYjaUJJZC0Vzobl4p42CZUB+M7irN+UBOZS8BkkbU7WR05TyuiEC # 5wpmDISy58kAJ2Mw/KFg1hFSm/pDqSsSksvs0f99zsIsUp2WdV8GhV06yfV/+z5c # REjT # SIG # End signature block |