Policy.Autorest/exports/ProxyCmdletDefinitions.ps1
# ---------------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Code generated by Microsoft (R) AutoRest Code Generator.Changes may cause incorrect behavior and will be lost if the code # is regenerated. # ---------------------------------------------------------------------------------- <# .Synopsis Gets policy assignments. .Description The **Get-AzPolicyAssignment** cmdlet gets all policy assignments or particular assignments. Identify a policy assignment to get by name and scope or by ID. .Example Get-AzPolicyAssignment .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' Get-AzPolicyAssignment -Name 'PolicyAssignment07' -Scope $ResourceGroup.ResourceId .Example $mgId = 'myManagementGroup' Get-AzPolicyAssignment -Scope '/providers/Microsoft.Management/managementgroups/$mgId' .Example Get-AzPolicyAssignment | Select-Object -Property Scope, PolicyDefinitionID, DisplayName | Format-List .Example Get-AzPolicyAssignment -BackwardCompatible | Select-Object -ExpandProperty properties | Select-Object -Property Scope, PolicyDefinitionID, DisplayName | Format-List .Inputs System.Management.Automation.SwitchParameter .Inputs System.String .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicyassignment #> function Get-AzPolicyAssignment { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment])] [CmdletBinding(DefaultParameterSetName='Default', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Name', Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicyAssignmentName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy assignment to get. ${Name}, [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Scope', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='IncludeDescendent', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='PolicyDefinitionId', ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy assignment. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ParameterSetName='IncludeDescendent', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.Management.Automation.SwitchParameter] # Causes the list of returned policy assignments to include all assignments related to the given scope, including those from ancestor scopes and those from descendent scopes. # If not provided, only assignments at and above the given scope are included. ${IncludeDescendent}, [Parameter(ParameterSetName='PolicyDefinitionId', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # Get all policy assignments that target the given policy definition [fully qualified] ID. ${PolicyDefinitionId}, [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipelineByPropertyName)] [Alias('ResourceId', 'PolicyAssignmentId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the policy assignment to get. # Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ${Id}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.String] # The filter to apply on the operation. # Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. # If $filter is not provided, no filtering is performed. # If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. # If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. # If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}. ${Filter}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Default = 'Az.Policy.custom\Get-AzPolicyAssignment'; Name = 'Az.Policy.custom\Get-AzPolicyAssignment'; Scope = 'Az.Policy.custom\Get-AzPolicyAssignment'; IncludeDescendent = 'Az.Policy.custom\Get-AzPolicyAssignment'; PolicyDefinitionId = 'Az.Policy.custom\Get-AzPolicyAssignment'; Id = 'Az.Policy.custom\Get-AzPolicyAssignment'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis Gets policy set definitions. .Description The **Get-AzPolicyDefinition** cmdlet gets a collection of policy set definitions or a specific policy set definition identified by name or ID. .Example Get-AzPolicyDefinition .Example Get-AzPolicyDefinition -Name 'VMPolicyDefinition' .Example Get-AzPolicyDefinition -Name 'VMPolicyDefinition' -ManagementGroupName 'Dept42' .Example Get-AzPolicyDefinition -SubscriptionId '3bf44b72-c631-427a-b8c8-53e2595398ca' -Builtin .Example Get-AzPolicyDefinition | Where-Object {$_.Properties.metadata.category -eq 'Tags'} .Example Get-AzPolicyDefinition | Select-Object -Property DisplayName, Description, PolicyType, Metadata | Format-List .Example Get-AzPolicyDefinition -BackwardCompatible | Select-Object -ExpandProperty properties | Select-Object -Property DisplayName, Description, PolicyType, Metadata | Format-List .Inputs System.Management.Automation.SwitchParameter .Inputs System.String .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicydefinition #> function Get-AzPolicyDefinition { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='ListVersion', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Version', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='SubscriptionId', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='ManagementGroupName', ValueFromPipelineByPropertyName)] [Alias('PolicyDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition to get. ${Name}, [Parameter(ParameterSetName='ListVersion', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Version', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipelineByPropertyName)] [Alias('ResourceId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The full Id of the policy definition to get. ${Id}, [Parameter(ParameterSetName='SubscriptionId', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Static', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Custom', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Builtin', ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='ManagementGroupName', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Static', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Custom', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Builtin', ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. ${ManagementGroupName}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.String] # The filter to apply on the operation. # Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. # If $filter is not provided, no filtering is performed. # If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. # If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. # Possible policyType values are NotSpecified, Builtin, Custom, and Static. # If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. ${Filter}, [Parameter(ParameterSetName='ListVersion', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return only custom policy definitions. ${ListVersion}, [Parameter(ParameterSetName='Static', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return only static policy definitions. ${Static}, [Parameter(ParameterSetName='Custom', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return only custom policy definitions. ${Custom}, [Parameter(ParameterSetName='Builtin', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return only built-in policy definitions. ${Builtin}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter(ParameterSetName='Version', Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicyDefinitionVersion')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition version in #.#.# format. ${Version}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The credentials, account, tenant, and subscription used for communication with Azure. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\Get-AzPolicyDefinition'; ListVersion = 'Az.Policy.custom\Get-AzPolicyDefinition'; Version = 'Az.Policy.custom\Get-AzPolicyDefinition'; SubscriptionId = 'Az.Policy.custom\Get-AzPolicyDefinition'; ManagementGroupName = 'Az.Policy.custom\Get-AzPolicyDefinition'; Id = 'Az.Policy.custom\Get-AzPolicyDefinition'; Static = 'Az.Policy.custom\Get-AzPolicyDefinition'; Custom = 'Az.Policy.custom\Get-AzPolicyDefinition'; Builtin = 'Az.Policy.custom\Get-AzPolicyDefinition'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis Gets policy exemptions. .Description The **Get-AzPolicyExemption** cmdlet gets a collection of policy exemptions or a specific policy exemption identified by name or ID. .Example Get-AzPolicyExemption .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' Get-AzPolicyExemption -Name 'PolicyExemption07' -Scope $ResourceGroup.ResourceId .Example $Assignment = Get-AzPolicyAssignment -Name 'PolicyAssignment07' Get-AzPolicyExemption -PolicyAssignmentIdFilter $Assignment.ResourceId .Inputs System.Management.Automation.SwitchParameter .Inputs System.String .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicyexemption #> function Get-AzPolicyExemption { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)] [Alias('PolicyExemptionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy exemption. ${Name}, [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='IncludeDescendent', ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy exemption. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Id', ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The policy assignment id filter. ${PolicyAssignmentIdFilter}, [Parameter(ParameterSetName='IncludeDescendent', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.Management.Automation.SwitchParameter] # Causes the list of returned policy exemptions to include all exemptions related to the given scope, including those from ancestor scopes and those from descendent scopes. # If not provided, only exemptions at and above the given scope are included. ${IncludeDescendent}, [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipelineByPropertyName)] [Alias('ResourceId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The fully qualified resource Id of the exemption. ${Id}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.String] # The filter to apply on the operation. # Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}''. # If $filter is not provided, no filtering is performed. # If $filter is not provided, the unfiltered list includes all policy exemptions associated with the scope, including those that apply directly or apply from containing scopes. # If $filter=atScope() is provided, the returned list only includes all policy exemptions that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. # If $filter=atExactScope() is provided, the returned list only includes all policy exemptions that at the given scope. # If $filter=excludeExpired() is provided, the returned list only includes all policy exemptions that either haven't expired or didn't set expiration date. # If $filter=policyAssignmentId eq '{value}' is provided. # the returned list only includes all policy exemptions that are associated with the give policyAssignmentId. ${Filter}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\Get-AzPolicyExemption'; IncludeDescendent = 'Az.Policy.custom\Get-AzPolicyExemption'; Id = 'Az.Policy.custom\Get-AzPolicyExemption'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis Gets policy set definitions. .Description The **Get-AzPolicySetDefinition** cmdlet gets a collection of policy set definitions or a specific policy set definition identified by name or ID. .Example Get-AzPolicySetDefinition .Example Get-AzPolicySetDefinition -Name 'VMPolicySetDefinition' .Example Get-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -subscriptionId '3bf44b72-c631-427a-b8c8-53e2595398ca' .Example Get-AzPolicySetDefinition -ManagementGroupName 'Dept42' -Custom .Example Get-AzPolicySetDefinition | Where-Object {$_.metadata.category -eq "Virtual Machine"} .Example Get-AzPolicySetDefinition -BackwardCompatible | Where-Object {$_.Properties.metadata.category -eq "Virtual Machine"} .Inputs System.Management.Automation.SwitchParameter .Inputs System.String .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition .Link https://learn.microsoft.com/powershell/module/az.resources/get-azpolicysetdefinition #> function Get-AzPolicySetDefinition { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='ListVersion', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Version', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='SubscriptionId', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='ManagementGroupName', ValueFromPipelineByPropertyName)] [Alias('PolicySetDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition to get. ${Name}, [Parameter(ParameterSetName='ListVersion', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Version', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipelineByPropertyName)] [Alias('ResourceId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The full Id of the policy definition to get. ${Id}, [Parameter(ParameterSetName='SubscriptionId', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Custom', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Builtin', ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='ManagementGroupName', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Custom', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='Builtin', ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. ${ManagementGroupName}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.String] # The filter to apply on the operation. # Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. # If $filter is not provided, no filtering is performed. # If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. # If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. # Possible policyType values are NotSpecified, Builtin, Custom, and Static. # If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}. ${Filter}, [Parameter(ParameterSetName='ListVersion', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return only custom policy definitions. ${ListVersion}, [Parameter(ParameterSetName='Custom', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return only custom policy definitions. ${Custom}, [Parameter(ParameterSetName='Builtin', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Query')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return only built-in policy definitions. ${Builtin}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter(ParameterSetName='Version', Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicySetDefinitionVersion')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition version in #.#.# format. ${Version}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\Get-AzPolicySetDefinition'; ListVersion = 'Az.Policy.custom\Get-AzPolicySetDefinition'; Version = 'Az.Policy.custom\Get-AzPolicySetDefinition'; SubscriptionId = 'Az.Policy.custom\Get-AzPolicySetDefinition'; ManagementGroupName = 'Az.Policy.custom\Get-AzPolicySetDefinition'; Id = 'Az.Policy.custom\Get-AzPolicySetDefinition'; Custom = 'Az.Policy.custom\Get-AzPolicySetDefinition'; Builtin = 'Az.Policy.custom\Get-AzPolicySetDefinition'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis Creates or updates a policy assignment. .Description The **New-AzPolicyAssignment** cmdlet creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group. .Example $Subscription = Get-AzSubscription -SubscriptionName 'Subscription01' $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -Scope "/subscriptions/$($Subscription.Id)" .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -BuiltIn | Where-Object {$_.DisplayName -eq 'Allowed locations'} $Locations = Get-AzLocation | Where-Object displayname -like '*east*' $AllowedLocations = @{'listOfAllowedLocations'=($Locations.location)} New-AzPolicyAssignment -Name 'RestrictLocationPolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -PolicyParameterObject $AllowedLocations .Example '{ "listOfAllowedLocations": { "value": [ "westus", "westeurope", "japanwest" ] } }' > .\AllowedLocations.json $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -BuiltIn | Where-Object {$_.DisplayName -eq 'Allowed locations'} New-AzPolicyAssignment -Name 'RestrictLocationPolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -PolicyParameter .\AllowedLocations.json .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -Location 'eastus' -IdentityType 'SystemAssigned' .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' $UserAssignedIdentity = Get-AzUserAssignedIdentity -ResourceGroupName 'ResourceGroup1' -Name 'UserAssignedIdentity1' New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -Location 'eastus' -IdentityType 'UserAssigned' -IdentityId $UserAssignedIdentity.Id .Example $Subscription = Get-AzSubscription -SubscriptionName 'Subscription01' $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -Scope "/subscriptions/$($Subscription.Id)" -EnforcementMode DoNotEnforce .Example $PolicySet = Get-AzPolicySetDefinition -Name 'VirtualMachinePolicySet' $NonComplianceMessages = @(@{Message="Only DsV2 SKUs are allowed."; PolicyDefinitionReferenceId="DefRef1"}, @{Message="Virtual machines must follow cost management best practices."}) New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicySetDefinition $PolicySet -NonComplianceMessage $NonComplianceMessages .Example $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' $ResourceSelector = @{Name = "MyLocationSelector"; Selector = @(@{Kind = "resourceLocation"; In = @("eastus", "eastus2")})} New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -ResourceSelector $ResourceSelector .Example $Policy = Get-AzPolicyDefinition -Name 'VirtualMachinePolicy' $Selector = @{Kind = "resourceLocation"; In = @("eastus", "eastus2")} $Override = @(@{Kind = "policyEffect"; Value = 'Disabled'; Selector = @($Selector)}) New-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -PolicyDefinition $Policy -Override $Override .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -BuiltIn | Where-Object {$_.Properties.DisplayName -eq 'Allowed locations'} $Locations = Get-AzLocation | Where-Object displayname -like '*east*' $AllowedLocations = @{'listOfAllowedLocations'=($Locations.location)} New-AzPolicyAssignment -Name 'RestrictLocationPolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -PolicyParameterObject $AllowedLocations .Example '{ "listOfAllowedLocations": { "value": [ "westus", "westeurope", "japanwest" ] } }' > .\AllowedLocations.json $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Policy = Get-AzPolicyDefinition -BuiltIn | Where-Object {$_.Properties.DisplayName -eq 'Allowed locations'} New-AzPolicyAssignment -Name 'RestrictLocationPolicyAssignment' -PolicyDefinition $Policy -Scope $ResourceGroup.ResourceId -PolicyParameter .\AllowedLocations.json .Inputs System.Management.Automation.PSObject .Inputs System.Management.Automation.PSObject[] .Inputs System.String .Inputs System.String[] .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. OVERRIDE <IOverride[]>: The policy property value override. [Kind <String>]: The override kind. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. [Value <String>]: The value to override the policy property. RESOURCESELECTOR <IResourceSelector[]>: The resource selector list to filter policies by resource properties. [Name <String>]: The name of the resource selector. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. .Link https://learn.microsoft.com/powershell/module/az.resources/new-azpolicyassignment #> function New-AzPolicyAssignment { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment])] [CmdletBinding(DefaultParameterSetName='Default', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicyAssignmentName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy assignment. ${Name}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy assignment. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ValueFromPipelineByPropertyName)] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String[]] # The policy's excluded scopes. ${NotScope}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy assignment. ${DisplayName}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # This message will be part of response in case of policy violation. ${Description}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignmentPropertiesMetadata]))] [System.String] # The policy assignment metadata. # Metadata is an open ended object and is typically a collection of key value pairs. ${Metadata}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("Default", "DoNotEnforce")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy assignment enforcement mode. # Possible values are Default and DoNotEnforce. ${EnforcementMode}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("None", "SystemAssigned", "UserAssigned")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The identity type. # This is the only required field when adding a system or user assigned identity to a resource. ${IdentityType}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The user identity associated with the policy. # The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ${IdentityId}, [Parameter(ValueFromPipelineByPropertyName)] [ArgumentCompleter({ LocationCompleter })] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The location of the policy assignment. # Only required when utilizing managed identity. ${Location}, [Parameter(ValueFromPipelineByPropertyName)] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.INonComplianceMessage[]]))] [System.Management.Automation.PSObject[]] # The messages that describe why a resource is non-compliant with the policy. # To construct, see NOTES section for NONCOMPLIANCEMESSAGE properties and create a hash table. ${NonComplianceMessage}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IOverride[]] # The policy property value override. ${Override}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IResourceSelector[]] # The resource selector list to filter policies by resource properties. ${ResourceSelector}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter(ParameterSetName='PolicyDefinitionOrPolicySetDefinition', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='ParameterString', ValueFromPipeline)] [Parameter(ParameterSetName='ParameterObject', ValueFromPipeline)] [Alias('PolicySetDefinition')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.PSObject] # Accept policy definition or policy set definition object ${PolicyDefinition}, [Parameter(ParameterSetName='PolicyDefinitionOrPolicySetDefinition')] [Parameter(ParameterSetName='ParameterString')] [Parameter(ParameterSetName='ParameterObject')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # Indicate version of policy definition or policy set definition ${DefinitionVersion}, [Parameter(ParameterSetName='ParameterString', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The parameter values for the assigned policy rule. # The keys are the parameter names. ${PolicyParameter}, [Parameter(ParameterSetName='ParameterObject', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Collections.Hashtable] # The parameter values for the assigned policy rule. # The keys are the parameter names. ${PolicyParameterObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Default = 'Az.Policy.custom\New-AzPolicyAssignment'; PolicyDefinitionOrPolicySetDefinition = 'Az.Policy.custom\New-AzPolicyAssignment'; ParameterString = 'Az.Policy.custom\New-AzPolicyAssignment'; ParameterObject = 'Az.Policy.custom\New-AzPolicyAssignment'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis Creates or updates a policy definition. .Description The **New-AzPolicyDefinition** cmdlet creates or updates a policy definition that includes a policy rule JSON format. .Example { "if": { "field": "location", "notIn": ["eastus", "westus", "centralus"] }, "then": { "effect": "audit" } } New-AzPolicyDefinition -Name 'LocationDefinition' -Policy C:\LocationPolicy.json .Example { "if": { "field": "location", "notIn": "[parameters('listOfAllowedLocations')]" }, "then": { "effect": "audit" } } New-AzPolicyDefinition -Name 'LocationDefinition' -Policy C:\LocationPolicy.json -Parameter '{ "listOfAllowedLocations": { "type": "array" } }' .Example New-AzPolicyDefinition -Name 'VMPolicyDefinition' -ManagementGroupName Dept42 -DisplayName 'Virtual Machine policy definition' -Policy '{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"deny"}}' .Example New-AzPolicyDefinition -Name 'VMPolicyDefinition' -Metadata '{"category":"Virtual Machine"}' -Policy '{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"deny"}}' | Format-List .Example New-AzPolicyDefinition -Name 'TagsPolicyDefinition' -Policy '{"if":{"value":"[less(length(field(''tags'')), 3)]","equals":true},"then":{"effect":"deny"}}' -Mode Indexed .Inputs System.String .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition .Link https://learn.microsoft.com/powershell/module/az.resources/new-azpolicydefinition #> function New-AzPolicyDefinition { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicyDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition to create. ${Name}, [Parameter(ParameterSetName='ManagementGroupName', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the management group. ${ManagementGroupName}, [Parameter(ParameterSetName='SubscriptionId', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy rule. ${Policy}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy definition. ${DisplayName}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition description. ${Description}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionPropertiesMetadata]))] [System.String] # The policy definition metadata. # Metadata is an open ended object and is typically a collection of key value pairs. ${Metadata}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IParameterDefinitions]))] [System.String] # The parameter definitions for parameters used in the policy rule. # The keys are the parameter names. ${Parameter}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition mode. # Some examples are All, Indexed, Microsoft.KeyVault.Data. ${Mode}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\New-AzPolicyDefinition'; ManagementGroupName = 'Az.Policy.custom\New-AzPolicyDefinition'; SubscriptionId = 'Az.Policy.custom\New-AzPolicyDefinition'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis Creates or updates a policy exemption. .Description The **New-AzPolicyExemption** cmdlet creates a policy exemption with the given scope and name. .Example $Subscription = Get-AzSubscription -SubscriptionName 'Subscription01' $Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' New-AzPolicyExemption -Name 'VirtualMachinePolicyExemption' -PolicyAssignment $Assignment -Scope "/subscriptions/$($Subscription.Id)" -ExemptionCategory Waiver .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' New-AzPolicyExemption -Name 'VirtualMachinePolicyAssignment' -PolicyAssignment $Assignment -Scope $ResourceGroup.ResourceId -ExemptionCategory Mitigated .Example $ManagementGroup = Get-AzManagementGroup -GroupName 'AManagementGroup' $Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' New-AzPolicyExemption -Name 'VirtualMachinePolicyAssignment' -PolicyAssignment $Assignment -Scope $ManagementGroup.Id -ExemptionCategory Mitigated .Example $VM = Get-AzVM -Name 'SpecialVM' $Assignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' New-AzPolicyExemption -Name 'VirtualMachinePolicyAssignment' -PolicyAssignment $Assignment -Scope $SpecialVM.Id -ExemptionCategory Waiver .Example $Assignment = Get-AzPolicyAssignment -Name 'VirtualMachineAssignment' $ResourceSelector = @{Name = "MyLocationSelector"; Selector = @(@{Kind = "resourceLocation"; In = @("eastus", "eastus2")})} New-AzPolicyExemption -Name 'VirtualMachinePolicyExemption' -PolicyAssignment $Assignment -ResourceSelector $ResourceSelector .Inputs System.Management.Automation.PSObject .Inputs System.Nullable`1[[System.DateTime, System.Private.CoreLib, Version=8.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]] .Inputs System.String .Inputs System.String[] .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. POLICYASSIGNMENT <PSObject>: The policy assignment id filter. [DefinitionVersion <String>]: The version of the policy definition to use. [Description <String>]: This message will be part of response in case of policy violation. [DisplayName <String>]: The display name of the policy assignment. [EnforcementMode <String>]: The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. [IdentityType <String>]: The identity type. This is the only required field when adding a system or user assigned identity to a resource. [IdentityUserAssignedIdentity <IIdentityUserAssignedIdentities>]: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. [(Any) <IUserAssignedIdentitiesValue>]: This indicates any property can be added to this object. [Location <String>]: The location of the policy assignment. Only required when utilizing managed identity. [Metadata <IPolicyAssignmentPropertiesMetadata>]: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. [(Any) <Object>]: This indicates any property can be added to this object. [NonComplianceMessage <List<INonComplianceMessage>>]: The messages that describe why a resource is non-compliant with the policy. Message <String>: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. [PolicyDefinitionReferenceId <String>]: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. [NotScope <List<String>>]: The policy's excluded scopes. [Override <List<IOverride>>]: The policy property value override. [Kind <String>]: The override kind. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. [Value <String>]: The value to override the policy property. [Parameter <IParameterValues>]: The parameter values for the assigned policy rule. The keys are the parameter names. [(Any) <Object>]: This indicates any property can be added to this object. [PolicyDefinitionId <String>]: The ID of the policy definition or policy set definition being assigned. [ResourceSelector <List<IResourceSelector>>]: The resource selector list to filter policies by resource properties. [Name <String>]: The name of the resource selector. [Selector <List<ISelector>>]: The list of the selector expressions. RESOURCESELECTOR <IResourceSelector[]>: The resource selector list to filter policies by resource properties. [Name <String>]: The name of the resource selector. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. .Link https://learn.microsoft.com/powershell/module/az.resources/new-azpolicyexemption #> function New-AzPolicyExemption { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption])] [CmdletBinding(DefaultParameterSetName='Default', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicyExemptionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy exemption. ${Name}, [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("Waiver", "Mitigated")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The policy exemption category ${ExemptionCategory}, [Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment]))] [System.Management.Automation.PSObject] # The policy assignment id filter. ${PolicyAssignment}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy exemption. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String[]] # The policy definition reference ID list when the associated policy assignment is for a policy set (initiative). ${PolicyDefinitionReferenceId}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("Default", "DoNotValidate")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # Whether to validate the exemption is at or under the assignment scope. ${AssignmentScopeValidation}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy assignment. ${DisplayName}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # This message will be part of response in case of policy violation. ${Description}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Nullable[System.DateTime]] # The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. ${ExpiresOn}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemptionPropertiesMetadata]))] [System.String] # The policy assignment metadata. # Metadata is an open ended object and is typically a collection of key value pairs. ${Metadata}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IResourceSelector[]] # The resource selector list to filter policies by resource properties. ${ResourceSelector}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Default = 'Az.Policy.custom\New-AzPolicyExemption'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis Creates or updates a policy set definition. .Description The **New-AzPolicySetDefinition** cmdlet creates or updates a policy set definition in the given subscription or management group with the given name. .Example [ { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498", "parameters": { "tagName": { "value": "Business Unit" }, "tagValue": { "value": "Finance" } } }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf" } ] New-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -Metadata '{"category":"Virtual Machine"}' -PolicyDefinition C:\VMPolicySet.json .Example [ { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498", "parameters": { "tagName": { "value": "Business Unit" }, "tagValue": { "value": "[parameters('buTagValue')]" } } }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf" } ] New-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -PolicyDefinition C:\VMPolicySet.json -Parameter '{ "buTagValue": { "type": "string" } }' .Example [ { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498", "groupNames": [ "group1" ] }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf", "groupNames": [ "group2" ] } ] $groupsJson = ConvertTo-Json @{ name = "group1" }, @{ name = "group2" } New-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -GroupDefinition $groupsJson -PolicyDefinition C:\VMPolicySet.json .Inputs System.String .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition .Link https://learn.microsoft.com/powershell/module/az.resources/new-azpolicysetdefinition #> function New-AzPolicySetDefinition { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicySetDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition to create. ${Name}, [Parameter(ParameterSetName='ManagementGroupName', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the management group. ${ManagementGroupName}, [Parameter(ParameterSetName='SubscriptionId', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionReference[]]))] [System.String] # The policy definition array in JSON string form. ${PolicyDefinition}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy set definition. ${DisplayName}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy set definition description. ${Description}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionPropertiesMetadata]))] [System.String] # The policy set definition metadata. # Metadata is an open ended object and is typically a collection of key value pairs. ${Metadata}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The parameter definitions for parameters used in the policy rule. # The keys are the parameter names. ${Parameter}, [Parameter()] [Alias('GroupDefinition')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionGroup[]]))] [System.String] # The metadata describing groups of policy definition references within the policy set definition. # To construct, see NOTES section for POLICYDEFINITIONGROUP properties and create a hash table. ${PolicyDefinitionGroup}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\New-AzPolicySetDefinition'; ManagementGroupName = 'Az.Policy.custom\New-AzPolicySetDefinition'; SubscriptionId = 'Az.Policy.custom\New-AzPolicySetDefinition'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. .Description This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' Remove-AzPolicyAssignment -Name 'PolicyAssignment07' -Scope $ResourceGroup.ResourceId -Force .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment07' -Scope $ResourceGroup.ResourceId Remove-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -Confirm:$false .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment07' -Scope $ResourceGroup.ResourceId Remove-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -Confirm:$false -BackwardCompatible True .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Inputs System.String .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table. [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/remove-azpolicyassignment #> function Remove-AzPolicyAssignment { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Name', Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicyAssignmentName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy assignment to delete. ${Name}, [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy assignment. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipelineByPropertyName)] [Alias('ResourceId', 'PolicyAssignmentId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the policy assignment to delete. # Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ${Id}, [Parameter(ParameterSetName='InputObject', Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # When $true, skip confirmation prompts ${Force}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\Remove-AzPolicyAssignment'; Id = 'Az.Policy.custom\Remove-AzPolicyAssignment'; InputObject = 'Az.Policy.custom\Remove-AzPolicyAssignment'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis This operation deletes the policy definition in the given subscription with the given name. .Description This operation deletes the policy definition in the given subscription with the given name. .Example Remove-AzPolicyDefinition -Name 'VMPolicyDefinition' .Example $PolicyDefinition = Get-AzPolicyDefinition -Name 'VMPolicyDefinition' Remove-AzPolicyDefinition -Id $PolicyDefinition.ResourceId -Force .Example $PolicyDefinition = Get-AzPolicyDefinition -Name 'VMPolicyDefinition' Remove-AzPolicyDefinition -Id $PolicyDefinition.ResourceId -Force -BackwardCompatible True .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Inputs System.String .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table. [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/remove-azpolicydefinition #> function Remove-AzPolicyDefinition { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Name', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='SubscriptionId', Mandatory)] [Parameter(ParameterSetName='ManagementGroupName', Mandatory)] [Alias('PolicyDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition to get. ${Name}, [Parameter(ParameterSetName='SubscriptionId', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='ManagementGroupName', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. ${ManagementGroupName}, [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipelineByPropertyName)] [Alias('ResourceId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The full Id of the policy definition to get. ${Id}, [Parameter(ParameterSetName='InputObject', Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # When $true, skip confirmation prompts ${Force}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\Remove-AzPolicyDefinition'; SubscriptionId = 'Az.Policy.custom\Remove-AzPolicyDefinition'; ManagementGroupName = 'Az.Policy.custom\Remove-AzPolicyDefinition'; Id = 'Az.Policy.custom\Remove-AzPolicyDefinition'; InputObject = 'Az.Policy.custom\Remove-AzPolicyDefinition'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis This operation deletes a policy exemption, given its name and the scope it was created in. The scope of a policy exemption is the part of its ID preceding '/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}'. .Description This operation deletes a policy exemption, given its name and the scope it was created in. The scope of a policy exemption is the part of its ID preceding '/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}'. .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' Remove-AzPolicyExemption -Name 'PolicyExemption07' -Scope $ResourceGroup.ResourceId -Confirm .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' -Scope $ResourceGroup.ResourceId Remove-AzPolicyExemption -Id $PolicyExemption.ResourceId -Confirm .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' -Scope $ResourceGroup.ResourceId Remove-AzPolicyExemption -Id $PolicyExemption.ResourceId -Force -BackwardCompatible True .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Inputs System.String .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table. [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/remove-azpolicyexemption #> function Remove-AzPolicyExemption { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Name', Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicyExemptionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy exemption to delete. ${Name}, [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy exemption. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipelineByPropertyName)] [Alias('ResourceId', 'PolicyExemptionId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the policy exemption to delete. # Use the format '{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}'. ${Id}, [Parameter(ParameterSetName='InputObject', Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # When $true, skip confirmation prompts ${Force}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\Remove-AzPolicyExemption'; Id = 'Az.Policy.custom\Remove-AzPolicyExemption'; InputObject = 'Az.Policy.custom\Remove-AzPolicyExemption'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis This operation deletes the policy definition in the given subscription with the given name. .Description This operation deletes the policy definition in the given subscription with the given name. .Example $PolicySetDefinition = Get-AzPolicySetDefinition -ResourceId '/subscriptions/mySub/Microsoft.Authorization/policySetDefinitions/myPSSetDefinition' Remove-AzPolicySetDefinition -Id $PolicySetDefinition.ResourceId -Force .Example $PolicySetDefinition = Get-AzPolicySetDefinition -ResourceId '/subscriptions/mySub/Microsoft.Authorization/policySetDefinitions/myPSSetDefinition' Remove-AzPolicySetDefinition -Id $PolicySetDefinition.ResourceId -Force -BackwardCompatible True .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity .Inputs System.String .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyIdentity>: Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table. [Id <String>]: Resource identity path [ManagementGroupId <String>]: The ID of the management group. [ManagementGroupName <String>]: The name of the management group. The name is case insensitive. [ParentResourcePath <String>]: The parent resource path. Use empty string if there is none. [PolicyAssignmentId <String>]: The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. [PolicyAssignmentName <String>]: The name of the policy assignment to delete. [PolicyDefinitionName <String>]: The name of the policy definition to create. [PolicyDefinitionVersion <String>]: The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number [PolicyExemptionName <String>]: The name of the policy exemption to delete. [PolicySetDefinitionName <String>]: The name of the policy set definition to create. [ResourceGroupName <String>]: The name of the resource group that contains policy assignments. [ResourceName <String>]: The name of the resource. [ResourceProviderNamespace <String>]: The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) [ResourceType <String>]: The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). [Scope <String>]: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' [SubscriptionId <String>]: The ID of the target subscription. The value must be an UUID. .Link https://learn.microsoft.com/powershell/module/az.resources/remove-azpolicysetdefinition #> function Remove-AzPolicySetDefinition { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Name', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='SubscriptionId', Mandatory)] [Parameter(ParameterSetName='ManagementGroupName', Mandatory)] [Alias('PolicySetDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition to get. ${Name}, [Parameter(ParameterSetName='SubscriptionId', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='ManagementGroupName', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the management group. ${ManagementGroupName}, [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipelineByPropertyName)] [Alias('ResourceId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The full Id of the policy definition to get. ${Id}, [Parameter(ParameterSetName='InputObject', Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # When $true, skip confirmation prompts ${Force}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\Remove-AzPolicySetDefinition'; SubscriptionId = 'Az.Policy.custom\Remove-AzPolicySetDefinition'; ManagementGroupName = 'Az.Policy.custom\Remove-AzPolicySetDefinition'; Id = 'Az.Policy.custom\Remove-AzPolicySetDefinition'; InputObject = 'Az.Policy.custom\Remove-AzPolicySetDefinition'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group. .Description This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group. .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' -Scope $ResourceGroup.ResourceId Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -DisplayName 'Do not allow VM creation' .Example $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -IdentityType 'SystemAssigned' -Location 'westus' .Example $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' $UserAssignedIdentity = Get-AzUserAssignedIdentity -ResourceGroupName 'ResourceGroup1' -Name 'UserAssignedIdentity1' Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -IdentityType 'UserAssigned' -Location 'westus' -IdentityId $UserAssignedIdentity.Id .Example $Locations = Get-AzLocation | Where-Object {($_.displayname -like 'france*') -or ($_.displayname -like 'uk*')} $AllowedLocations = @{'listOfAllowedLocations'=($Locations.location)} $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -PolicyParameterObject $AllowedLocations .Example { "listOfAllowedLocations": { "value": [ "uksouth", "ukwest", "francecentral", "francesouth" ] } } Update-AzPolicyAssignment -Name 'PolicyAssignment' -PolicyParameter .\AllowedLocations.json .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' -Scope $ResourceGroup.ResourceId Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -EnforcementMode Default .Example $PolicyAssignment = Get-AzPolicyAssignment -Name 'VirtualMachinePolicy' Update-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -NonComplianceMessage @{Message="All resources must follow resource naming guidelines."} .Example $ResourceSelector = @{Name = "MyLocationSelector"; Selector = @(@{Kind = "resourceLocation"; NotIn = @("eastus", "eastus2")})} Update-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -ResourceSelector $ResourceSelector .Example $Selector = @{Kind = "resourceLocation"; NotIn = @("eastus", "eastus2")} $Override = @(@{Kind = "policyEffect"; Value = 'Disabled'; Selector = @($Selector)}) Update-AzPolicyAssignment -Name 'VirtualMachinePolicyAssignment' -Override $Override .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyAssignment = Get-AzPolicyAssignment -Name 'PolicyAssignment' -Scope $ResourceGroup.ResourceId Set-AzPolicyAssignment -Id $PolicyAssignment.ResourceId -EnforcementMode Default .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment .Inputs System.Management.Automation.PSObject[] .Inputs System.String .Inputs System.String[] .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyAssignment>: [DefinitionVersion <String>]: The version of the policy definition to use. [Description <String>]: This message will be part of response in case of policy violation. [DisplayName <String>]: The display name of the policy assignment. [EnforcementMode <String>]: The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. [IdentityType <String>]: The identity type. This is the only required field when adding a system or user assigned identity to a resource. [IdentityUserAssignedIdentity <IIdentityUserAssignedIdentities>]: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. [(Any) <IUserAssignedIdentitiesValue>]: This indicates any property can be added to this object. [Location <String>]: The location of the policy assignment. Only required when utilizing managed identity. [Metadata <IPolicyAssignmentPropertiesMetadata>]: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. [(Any) <Object>]: This indicates any property can be added to this object. [NonComplianceMessage <List<INonComplianceMessage>>]: The messages that describe why a resource is non-compliant with the policy. Message <String>: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. [PolicyDefinitionReferenceId <String>]: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. [NotScope <List<String>>]: The policy's excluded scopes. [Override <List<IOverride>>]: The policy property value override. [Kind <String>]: The override kind. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. [Value <String>]: The value to override the policy property. [Parameter <IParameterValues>]: The parameter values for the assigned policy rule. The keys are the parameter names. [(Any) <Object>]: This indicates any property can be added to this object. [PolicyDefinitionId <String>]: The ID of the policy definition or policy set definition being assigned. [ResourceSelector <List<IResourceSelector>>]: The resource selector list to filter policies by resource properties. [Name <String>]: The name of the resource selector. [Selector <List<ISelector>>]: The list of the selector expressions. OVERRIDE <IOverride[]>: The policy property value override. [Kind <String>]: The override kind. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. [Value <String>]: The value to override the policy property. RESOURCESELECTOR <IResourceSelector[]>: The resource selector list to filter policies by resource properties. [Name <String>]: The name of the resource selector. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. .Link https://learn.microsoft.com/powershell/module/az.resources/update-azpolicyassignment #> function Update-AzPolicyAssignment { [Alias('Set-AzPolicyAssignment')] [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Name', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='NameParameterString', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='NameParameterObject', Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicyAssignmentName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy assignment. ${Name}, [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='NameParameterString', ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='NameParameterObject', ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy assignment. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ParameterSetName='IdParameterString', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='IdParameterObject', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipeline)] [Alias('ResourceId', 'PolicyAssignmentId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the policy assignment to update. # Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ${Id}, [Parameter(ValueFromPipelineByPropertyName)] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String[]] # The policy's excluded scopes. ${NotScope}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy assignment. ${DisplayName}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # This message will be part of response in case of policy violation. ${Description}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignmentPropertiesMetadata]))] [System.String] # The policy assignment metadata. # Metadata is an open ended object and is typically a collection of key value pairs. ${Metadata}, [Parameter(ValueFromPipelineByPropertyName)] [ArgumentCompleter({ LocationCompleter })] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The location of the policy assignment. # Only required when utilizing managed identity. ${Location}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("Default", "DoNotEnforce")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy assignment enforcement mode. # Possible values are Default and DoNotEnforce. ${EnforcementMode}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("None", "SystemAssigned", "UserAssigned")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The identity type. # This is the only required field when adding a system or user assigned identity to a resource. ${IdentityType}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The user identity associated with the policy. # The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ${IdentityId}, [Parameter(ValueFromPipelineByPropertyName)] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.INonComplianceMessage[]]))] [System.Management.Automation.PSObject[]] # The messages that describe why a resource is non-compliant with the policy. # To construct, see NOTES section for NONCOMPLIANCEMESSAGE properties and create a hash table. ${NonComplianceMessage}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IOverride[]] # The policy property value override. ${Override}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IResourceSelector[]] # The resource selector list to filter policies by resource properties. ${ResourceSelector}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter(ParameterSetName='NameParameterString', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='IdParameterString', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The parameter values for the assigned policy rule. # The keys are the parameter names. ${PolicyParameter}, [Parameter(ParameterSetName='NameParameterObject', Mandatory)] [Parameter(ParameterSetName='IdParameterObject', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.PSObject] # The parameter values for the assigned policy rule. # The keys are the parameter names. ${PolicyParameterObject}, [Parameter(ParameterSetName='InputObject', Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment] # ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\Update-AzPolicyAssignment'; NameParameterString = 'Az.Policy.custom\Update-AzPolicyAssignment'; NameParameterObject = 'Az.Policy.custom\Update-AzPolicyAssignment'; IdParameterString = 'Az.Policy.custom\Update-AzPolicyAssignment'; IdParameterObject = 'Az.Policy.custom\Update-AzPolicyAssignment'; Id = 'Az.Policy.custom\Update-AzPolicyAssignment'; InputObject = 'Az.Policy.custom\Update-AzPolicyAssignment'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis This operation updates an existing policy definition in the given subscription or management group with the given name. .Description This operation updates an existing policy definition in the given subscription or management group with the given name. .Example $PolicyDefinition = Get-AzPolicyDefinition -Name 'VMPolicyDefinition' Update-AzPolicyDefinition -Id $PolicyDefinition.ResourceId -Description 'Updated policy to not allow virtual machine creation' .Example Update-AzPolicyDefinition -Name 'VMPolicyDefinition' -Mode 'All' .Example Update-AzPolicyDefinition -Name 'VMPolicyDefinition' -Metadata '{"category":"Virtual Machine"}' .Example Set-AzPolicyDefinition -Name 'VMPolicyDefinition' -Mode 'All' .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition .Inputs System.String .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyDefinition>: [Description <String>]: The policy definition description. [DisplayName <String>]: The display name of the policy definition. [Metadata <IPolicyDefinitionPropertiesMetadata>]: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. [(Any) <Object>]: This indicates any property can be added to this object. [Mode <String>]: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. [Parameter <IParameterDefinitions>]: The parameter definitions for parameters used in the policy rule. The keys are the parameter names. [(Any) <Object>]: This indicates any property can be added to this object. [PolicyRule <IPolicyDefinitionPropertiesPolicyRule>]: The policy rule. [(Any) <Object>]: This indicates any property can be added to this object. [PolicyType <String>]: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. [Version <String>]: The policy definition version in #.#.# format. [Versions <List<String>>]: A list of available versions for this policy definition. .Link https://learn.microsoft.com/powershell/module/az.resources/update-azpolicydefinition #> function Update-AzPolicyDefinition { [Alias('Set-AzPolicyDefinition')] [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Name', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='ManagementGroupName', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='SubscriptionId', Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicyDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy definition to update. ${Name}, [Parameter(ParameterSetName='ManagementGroupName', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the management group. ${ManagementGroupName}, [Parameter(ParameterSetName='SubscriptionId', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipelineByPropertyName)] [Alias('ResourceId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The resource Id of the policy definition to update. ${Id}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy definition. ${DisplayName}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition description. ${Description}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy rule. ${Policy}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionPropertiesMetadata]))] [System.String] # The policy definition metadata. # Metadata is an open ended object and is typically a collection of key value pairs. ${Metadata}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IParameterDefinitions]))] [System.String] # The parameter definitions for parameters used in the policy rule. # The keys are the parameter names. ${Parameter}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy definition mode. # Some examples are All, Indexed, Microsoft.KeyVault.Data. ${Mode}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter(ParameterSetName='InputObject', Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition] # ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\Update-AzPolicyDefinition'; ManagementGroupName = 'Az.Policy.custom\Update-AzPolicyDefinition'; SubscriptionId = 'Az.Policy.custom\Update-AzPolicyDefinition'; Id = 'Az.Policy.custom\Update-AzPolicyDefinition'; InputObject = 'Az.Policy.custom\Update-AzPolicyDefinition'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis This operation updates a policy exemption with the given scope and name. .Description This operation updates a policy exemption with the given scope and name. .Example $ResourceGroup = Get-AzResourceGroup -Name 'ResourceGroup11' $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' -Scope $ResourceGroup.ResourceId Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -DisplayName 'Exempt VM creation limit' .Example $NextMonth = (Get-Date).AddMonths(1) $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -ExpiresOn $NextMonth .Example $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -ClearExpiration .Example $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' Update-AzPolicyExemption -Id $PolicyExemption.ResourceId -ExemptionCategory Mitigated .Example $ResourceSelector = @{Name = "MyLocationSelector"; Selector = @(@{Kind = "resourceLocation"; NotIn = @("eastus", "eastus2")})} Update-AzPolicyExemption -Name 'VirtualMachineExemption' -ResourceSelector $ResourceSelector .Example $PolicyExemption = Get-AzPolicyExemption -Name 'PolicyExemption07' Set-AzPolicyExemption -Id $PolicyExemption.ResourceId -ClearExpiration .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption .Inputs System.Management.Automation.SwitchParameter .Inputs System.Nullable`1[[System.DateTime, System.Private.CoreLib, Version=8.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]] .Inputs System.String .Inputs System.String[] .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicyExemption>: ExemptionCategory <String>: The policy exemption category. Possible values are Waiver and Mitigated. PolicyAssignmentId <String>: The ID of the policy assignment that is being exempted. [AssignmentScopeValidation <String>]: The option whether validate the exemption is at or under the assignment scope. [Description <String>]: The description of the policy exemption. [DisplayName <String>]: The display name of the policy exemption. [ExpiresOn <DateTime?>]: The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. [Metadata <IPolicyExemptionPropertiesMetadata>]: The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs. [(Any) <Object>]: This indicates any property can be added to this object. [PolicyDefinitionReferenceId <List<String>>]: The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. [ResourceSelector <List<IResourceSelector>>]: The resource selector list to filter policies by resource properties. [Name <String>]: The name of the resource selector. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. RESOURCESELECTOR <IResourceSelector[]>: The resource selector list to filter policies by resource properties. [Name <String>]: The name of the resource selector. [Selector <List<ISelector>>]: The list of the selector expressions. [In <List<String>>]: The list of values to filter in. [Kind <String>]: The selector kind. [NotIn <List<String>>]: The list of values to filter out. .Link https://learn.microsoft.com/powershell/module/az.resources/update-azpolicyexemption #> function Update-AzPolicyExemption { [Alias('Set-AzPolicyExemption')] [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Name', Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicyExemptionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy exemption. ${Name}, [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The scope of the policy exemption. # Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' ${Scope}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("Waiver", "Mitigated")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The policy exemption category ${ExemptionCategory}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String[]] # The policy definition reference ID list when the associated policy assignment is for a policy set (initiative). ${PolicyDefinitionReferenceId}, [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipelineByPropertyName)] [Alias('ResourceId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the policy assignment to delete. # Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. ${Id}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy assignment. ${DisplayName}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # This message will be part of response in case of policy violation. ${Description}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Nullable[System.DateTime]] # The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. ${ExpiresOn}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Indicates whether to clear the expiration date and time of the policy exemption. ${ClearExpiration}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemptionPropertiesMetadata]))] [System.String] # The policy assignment metadata. # Metadata is an open ended object and is typically a collection of key value pairs. ${Metadata}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IResourceSelector[]] # The resource selector list to filter policies by resource properties. ${ResourceSelector}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.PSArgumentCompleterAttribute("Default", "DoNotValidate")] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The option whether validate the exemption is at or under the assignment scope. ${AssignmentScopeValidation}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter(ParameterSetName='InputObject', Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption] # ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\Update-AzPolicyExemption'; Id = 'Az.Policy.custom\Update-AzPolicyExemption'; InputObject = 'Az.Policy.custom\Update-AzPolicyExemption'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } <# .Synopsis This operation updates an existing policy set definition in the given subscription or management group with the given name. .Description This operation updates an existing policy set definition in the given subscription or management group with the given name. .Example $PolicySetDefinition = Get-AzPolicySetDefinition -ResourceId '/subscriptions/mySub/Microsoft.Authorization/policySetDefinitions/myPSSetDefinition' Update-AzPolicySetDefinition -Id $PolicySetDefinition.ResourceId -Description 'Updated policy to not allow virtual machine creation' .Example Update-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -Metadata '{"category":"Virtual Machine"}' .Example Update-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -GroupDefinition '[{ "name": "group1", "displayName": "Virtual Machine Security" }, { "name": "group2" }]' .Example $groupsJson = ConvertTo-Json @{ name = "group1"; displayName = "Virtual Machine Security" }, @{ name = "group2" } Update-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -GroupDefinition $groupsJson .Example Set-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -Metadata '{"category":"Virtual Machine"}' .Inputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition .Inputs System.String .Outputs Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <IPolicySetDefinition>: [Description <String>]: The policy set definition description. [DisplayName <String>]: The display name of the policy set definition. [Metadata <IPolicySetDefinitionPropertiesMetadata>]: The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. [(Any) <Object>]: This indicates any property can be added to this object. [Parameter <IParameterDefinitions>]: The policy set definition parameters that can be used in policy definition references. [(Any) <Object>]: This indicates any property can be added to this object. [PolicyDefinition <List<IPolicyDefinitionReference>>]: An array of policy definition references. PolicyDefinitionId <String>: The ID of the policy definition or policy set definition. [DefinitionVersion <String>]: The version of the policy definition to use. [GroupName <List<String>>]: The name of the groups that this policy definition reference belongs to. [Id <String>]: A unique id (within the policy set definition) for this policy definition reference. [Parameter <IParameterValues>]: The parameter values for the referenced policy rule. The keys are the parameter names. [(Any) <Object>]: This indicates any property can be added to this object. [PolicyDefinitionGroup <List<IPolicyDefinitionGroup>>]: The metadata describing groups of policy definition references within the policy set definition. Name <String>: The name of the group. [AdditionalMetadataId <String>]: A resource ID of a resource that contains additional metadata about the group. [Category <String>]: The group's category. [Description <String>]: The group's description. [DisplayName <String>]: The group's display name. [PolicyType <String>]: The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. [Version <String>]: The policy set definition version in #.#.# format. [Versions <List<String>>]: A list of available versions for this policy set definition. .Link https://learn.microsoft.com/powershell/module/az.resources/update-azpolicysetdefinition #> function Update-AzPolicySetDefinition { [Alias('Set-AzPolicySetDefinition')] [OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition])] [CmdletBinding(DefaultParameterSetName='Name', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Name', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='SubscriptionId', Mandatory, ValueFromPipelineByPropertyName)] [Parameter(ParameterSetName='ManagementGroupName', Mandatory, ValueFromPipelineByPropertyName)] [Alias('PolicySetDefinitionName')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The name of the policy set definition to update. ${Name}, [Parameter(ParameterSetName='SubscriptionId', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='ManagementGroupName', Mandatory, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The ID of the management group. ${ManagementGroupName}, [Parameter(ParameterSetName='Id', Mandatory, ValueFromPipelineByPropertyName)] [Alias('ResourceId')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Path')] [System.String] # The resource Id of the policy definition to update. ${Id}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The display name of the policy set definition. ${DisplayName}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The policy set definition description. ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionReference[]]))] [System.String] # The policy definition array in JSON string form. ${PolicyDefinition}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinitionPropertiesMetadata]))] [System.String] # The policy set definition metadata. # Metadata is an open ended object and is typically a collection of key value pairs. ${Metadata}, [Parameter(ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.String] # The parameter definitions for parameters used in the policy set. # The keys are the parameter names. ${Parameter}, [Parameter()] [Alias('GroupDefinition')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinitionGroup[]]))] [System.String] # The metadata describing groups of policy definition references within the policy set definition. # To construct, see NOTES section for POLICYDEFINITIONGROUP properties and create a hash table. ${PolicyDefinitionGroup}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [System.Management.Automation.SwitchParameter] # Causes cmdlet to return artifacts using legacy format placing policy-specific properties in a property bag object. ${BackwardCompatible}, [Parameter(ParameterSetName='InputObject', Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition] # ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName if ($null -eq [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion) { [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PowerShellVersion = $PSVersionTable.PSVersion.ToString() } $preTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId if ($preTelemetryId -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId =(New-Guid).ToString() [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Create', $MyInvocation, $parameterSet, $PSCmdlet) } else { $internalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets if ($internalCalledCmdlets -eq '') { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $MyInvocation.MyCommand.Name } else { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets += ',' + $MyInvocation.MyCommand.Name } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = 'internal' } $mapping = @{ Name = 'Az.Policy.custom\Update-AzPolicySetDefinition'; SubscriptionId = 'Az.Policy.custom\Update-AzPolicySetDefinition'; ManagementGroupName = 'Az.Policy.custom\Update-AzPolicySetDefinition'; Id = 'Az.Policy.custom\Update-AzPolicySetDefinition'; InputObject = 'Az.Policy.custom\Update-AzPolicySetDefinition'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) if ($null -ne $MyInvocation.MyCommand -and [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets -notcontains $MyInvocation.MyCommand.Name -and [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ContainsPreviewAttribute($cmdInfo, $MyInvocation)){ [Microsoft.Azure.PowerShell.Cmdlets.Policy.Runtime.MessageAttributeHelper]::ProcessPreviewMessageAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet]::PromptedPreviewMessageCmdlets.Enqueue($MyInvocation.MyCommand.Name) } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } process { try { $steppablePipeline.Process($_) } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } finally { $backupTelemetryId = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId $backupInternalCalledCmdlets = [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } } end { try { $steppablePipeline.End() [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $backupTelemetryId [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::InternalCalledCmdlets = $backupInternalCalledCmdlets if ($preTelemetryId -eq '') { [Microsoft.Azure.PowerShell.Cmdlets.Policy.module]::Instance.Telemetry.Invoke('Send', $MyInvocation, $parameterSet, $PSCmdlet) [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() } [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::TelemetryId = $preTelemetryId } catch { [Microsoft.WindowsAzure.Commands.Common.MetricHelper]::ClearTelemetryContext() throw } } } # SIG # Begin signature block # MIIoQwYJKoZIhvcNAQcCoIIoNDCCKDACAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDcsFxBGY+KXPhV # YsNVjqCT1ePi2VosKTZ3kMgxsqH/YKCCDXYwggX0MIID3KADAgECAhMzAAAEBGx0 # Bv9XKydyAAAAAAQEMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjQwOTEyMjAxMTE0WhcNMjUwOTExMjAxMTE0WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC0KDfaY50MDqsEGdlIzDHBd6CqIMRQWW9Af1LHDDTuFjfDsvna0nEuDSYJmNyz # NB10jpbg0lhvkT1AzfX2TLITSXwS8D+mBzGCWMM/wTpciWBV/pbjSazbzoKvRrNo # DV/u9omOM2Eawyo5JJJdNkM2d8qzkQ0bRuRd4HarmGunSouyb9NY7egWN5E5lUc3 # a2AROzAdHdYpObpCOdeAY2P5XqtJkk79aROpzw16wCjdSn8qMzCBzR7rvH2WVkvF # HLIxZQET1yhPb6lRmpgBQNnzidHV2Ocxjc8wNiIDzgbDkmlx54QPfw7RwQi8p1fy # 4byhBrTjv568x8NGv3gwb0RbAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU8huhNbETDU+ZWllL4DNMPCijEU4w # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMjkyMzAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAIjmD9IpQVvfB1QehvpC # Ge7QeTQkKQ7j3bmDMjwSqFL4ri6ae9IFTdpywn5smmtSIyKYDn3/nHtaEn0X1NBj # L5oP0BjAy1sqxD+uy35B+V8wv5GrxhMDJP8l2QjLtH/UglSTIhLqyt8bUAqVfyfp # h4COMRvwwjTvChtCnUXXACuCXYHWalOoc0OU2oGN+mPJIJJxaNQc1sjBsMbGIWv3 # cmgSHkCEmrMv7yaidpePt6V+yPMik+eXw3IfZ5eNOiNgL1rZzgSJfTnvUqiaEQ0X # dG1HbkDv9fv6CTq6m4Ty3IzLiwGSXYxRIXTxT4TYs5VxHy2uFjFXWVSL0J2ARTYL # E4Oyl1wXDF1PX4bxg1yDMfKPHcE1Ijic5lx1KdK1SkaEJdto4hd++05J9Bf9TAmi # u6EK6C9Oe5vRadroJCK26uCUI4zIjL/qG7mswW+qT0CW0gnR9JHkXCWNbo8ccMk1 # sJatmRoSAifbgzaYbUz8+lv+IXy5GFuAmLnNbGjacB3IMGpa+lbFgih57/fIhamq # 5VhxgaEmn/UjWyr+cPiAFWuTVIpfsOjbEAww75wURNM1Imp9NJKye1O24EspEHmb # DmqCUcq7NqkOKIG4PVm3hDDED/WQpzJDkvu4FrIbvyTGVU01vKsg4UfcdiZ0fQ+/ # V0hf8yrtq9CkB8iIuk5bBxuPMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGiMwghofAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAQEbHQG/1crJ3IAAAAABAQwDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIBkp3XItkXIfQqMGpWl87X0P # Hf6k8YEZ9GbRZ7Q+aJsBMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAFLsca19bt9P5whxhpZeUjwkgbYf7vQi5eC2+/uimzH2+8A+PZA0GQqZL # 0x66oFUcI9PG2o5C8mdlO+LN7npRyEaS2V9HRhheYmgmS6bk4NGrpEjY2jjD9O4I # ys1BXVRg5wv6CE42Ttbx9skb2s1EPOymE7+MuTWaw4DvswU0qbGYGVx1C65PyWcG # 6QiUOZmj1e/7YbmSel/YmdNmP3sZ3/zY3IrWKSdwM8AjYrzpVLuSTy4Ifi9wjI8m # XrvI56BnwohCRRCILFhmVO4C6HhpSy2/h2iwAjZHVB4zKZ7Oqet0oSoBf9WC4azS # HDSQWCu9/WLykiwiaQu3FZ5ttRJSoKGCF60wghepBgorBgEEAYI3AwMBMYIXmTCC # F5UGCSqGSIb3DQEHAqCCF4YwgheCAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFaBgsq # hkiG9w0BCRABBKCCAUkEggFFMIIBQQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCBscy3vw5PAAiwV9gtx8rgdX1H5GMdXoDXwee86OebCNgIGZ2L/x8tg # GBMyMDI1MDEwOTA2Mzc0OC4wNjdaMASAAgH0oIHZpIHWMIHTMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVT # Tjo2NTFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAg # U2VydmljZaCCEfswggcoMIIFEKADAgECAhMzAAAB9ZkJlLzxxlCMAAEAAAH1MA0G # CSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4XDTI0 # MDcyNTE4MzEwMVoXDTI1MTAyMjE4MzEwMVowgdMxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9w # ZXJhdGlvbnMgTGltaXRlZDEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjY1MUEt # MDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl # MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzO90cFQTWd/WP84IT7JM # IW1fQL61sdfgmhlfT0nvYEb2kvkNF073ZwjveuSWot387LjE0TCiG93e6I0HzIFQ # BnbxGP/WPBUirFq7WE5RAsuhNfYUL+PIb9jJq3CwWxICfw5t/pTyIOHjKvo1lQOT # WZypir/psZwEE7y2uWAPbZJTFrKen5R73x2Hbxy4eW1DcmXjym2wFWv10sBH40aj # Jfe+OkwcTdoYrY3KkpN/RQSjeycK0bhjo0CGYIYa+ZMAao0SNR/R1J1Y6sLkiCJO # 3aQrbS1Sz7l+/qJgy8fyEZMND5Ms7C0sEaOvoBHiWSpTM4vc0xDLCmc6PGv03CtW # u2KiyqrL8BAB1EYyOShI3IT79arDIDrL+de91FfjmSbBY5j+HvS0l3dXkjP3Hon8 # b74lWwikF0rzErF0n3khVAusx7Sm1oGG+06hz9XAy3Wou+T6Se6oa5LDiQgPTfWR # /j9FNk8Ju06oSfTh6c03V0ulla0Iwy+HzUl+WmYxFLU0PiaXsmgudNwVqn51zr+B # i3XPJ85wWuy6GGT7nBDmXNzTNkzK98DBQjTOabQXUZ884Yb9DFNcigmeVTYkyUXZ # 6hscd8Nyq45A3D3bk+nXnsogK1Z7zZj6XbGft7xgOYvveU6p0+frthbF7MXv+i5q # cD9HfFmOq4VYHevVesYb6P0CAwEAAaOCAUkwggFFMB0GA1UdDgQWBBRV4Hxb9Uo0 # oHDwJZJe22ixe2B1ATAfBgNVHSMEGDAWgBSfpxVdAF5iXYP05dJlpxtTNRnpcjBf # BgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz # L2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcmww # bAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0El # MjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUF # BwMIMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAcwxmVPaA9xHf # fuom0TOSp2hspuf1G0cHW/KXHAuhnpW8/Svlq5j9aKI/8/G6fGIQMr0zlpau8jy8 # 3I4zclGdJjl5S02SxDlUKawtWvgf7ida06PgjeQM1eX4Lut4bbPfT0FEp77G76hh # ysXxTJNHv5y+fwThUeiiclihZwqcZMpa46m+oV6igTU6I0EnneotMqFs0Q3zHgVV # r4WXjnG2Bcnkip42edyg/9iXczqTBrEkvTz0UlltpFGaQnLzq+No8VEgq0UG7W1E # LZGhmmxFmHABwTT6sPJFV68DfLoC0iB9Qbb9VZ8mvbTV5JtISBklTuVAlEkzXi9L # IjNmx+kndBfKP8dxG/xbRXptQDQDaCsS6ogLkwLgH6zSs+ul9WmzI0F8zImbhnZh # UziIHheFo4H+ZoojPYcgTK6/3bkSbOabmQFf95B8B6e5WqXbS5s9OdMdUlW1gTI1 # r5u+WAwH2KG7dxneoTbf/jYl3TUtP7AHpyck2c0nun/Q0Cycpa9QUH/Dy01k6tQo # mNXGjivg2/BGcgZJ0Hw8C6KVelEJ31xLoE21m9+NEgSKCRoFE1Lkma31SyIaynbd # YEb8sOlZynMdm8yPldDwuF54vJiEArjrcDNXe6BobZUiTWSKvv1DJadR1SUCO/Od # 21GgU+hZqu+dKgjKAYdeTIvi9R2rtLYwggdxMIIFWaADAgECAhMzAAAAFcXna54C # m0mZAAAAAAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UE # CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z # b2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZp # Y2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMy # MjVaMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0B # AQEFAAOCAg8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51 # yMo1V/YBf2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY # 6GB9alKDRLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9 # cmmvHaus9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl3GoPz130/o5Tz9bshVZN # 7928jaTjkY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDua # Rr3tpK56KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74 # kpEeHT39IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2 # K26oElHovwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5 # TI4CvEJoLhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZk # i1ugpoMhXV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9Q # BXpsxREdcu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6HXtqPnhZyacaue7e3Pmri # Lq0CAwEAAaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUC # BBYEFCqnUv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJl # pxtTNRnpcjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9y # eS5odG0wEwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUA # YgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU # 1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2Ny # bC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIw # MTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0w # Ni0yMy5jcnQwDQYJKoZIhvcNAQELBQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/yp # b+pcFLY+TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulm # ZzpTTd2YurYeeNg2LpypglYAA7AFvonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM # 9W0jVOR4U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECW # OKz3+SmJw7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4 # FOmRsqlb30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3Uw # xTSwethQ/gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPX # fx5bRAGOWhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVX # VAmxaQFEfnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGC # onsXHRWJjXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU # 5nR0W2rRnj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEG # ahC0HVUzWLOhcGbyoYIDVjCCAj4CAQEwggEBoYHZpIHWMIHTMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVT # Tjo2NTFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAg # U2VydmljZaIjCgEBMAcGBSsOAwIaAxUAJsAKu48NbR5YRg3WSBQCyjzdkvaggYMw # gYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQsF # AAIFAOsp1Y4wIhgPMjAyNTAxMDkwNDU2NDZaGA8yMDI1MDExMDA0NTY0NlowdDA6 # BgorBgEEAYRZCgQBMSwwKjAKAgUA6ynVjgIBADAHAgEAAgIv2DAHAgEAAgITKTAK # AgUA6ysnDgIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIB # AAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBCwUAA4IBAQBQZ+epogh9yozG # UXovfC3VuYhp+q9eHXsbU/tJwdx7+bFn5T6uQT/6MJPWR7o6lYwustfEM0NLspeU # imvngBIWtQbNrJpreDR9FiiwUn/Vyr0xLe9wulNHOPr+bqXRWk6PpLXo0fjZ2pUS # cusPFs7wcRFLIaEdn7nuFhV62XsNsNm3V4OyAKEu6mkkIHx4X5Lrg80iKlN2BXYR # GjRYP7Hb4TglhDJSPdDWxvhj+ndNbhc13Nm3zZd/DJqJgi5TYRK6BmUDOfZRiO2U # CHB5CKvilGCspEfnlyBFjlPuUQhra/zOX2uuSzrHTcfwJ6b5vb7DmQVFde3aEtEM # Vk3Z8ACgMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh # c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD # b3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIw # MTACEzMAAAH1mQmUvPHGUIwAAQAAAfUwDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqG # SIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgW1R4ofJHT7LU # aMvWPb/IM8N+H1q80FEcjqvh0j9onWEwgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHk # MIG9BCDB1vLSFwh09ISu4kdEv4/tg9eR1Yk8w5x7j5GThqaPNTCBmDCBgKR+MHwx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p # Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB9ZkJlLzxxlCMAAEAAAH1 # MCIEIILkTWtto6jyoOiQmqv3k12cmyPChV3pUGKZ5kYF/vZ0MA0GCSqGSIb3DQEB # CwUABIICAEcjYQupz6xG364lDRGekqTPG6QNtgVr+TBr2oLyWzV/pjYrl8PLNrmy # UnHwIGaS9TFcVEV2TgYmsMmOVqUibUohS5270AAKag3+veYdO22DjO7j9waCZV0l # ez23RGha/qLPJ4+8APCG8kRk0+4gK43kjCKhjyL7gCPqsI4Xm9rxe501xKNB14n2 # g0wxaB9TckX9hMGLB98KqpIuA6jEGAvG11dwOdWkmtYZOBnjLcinmyNNZfoDrq9I # JgRoNnmQDxH9Ltiok48vIRUQxaDcLFvuj2+Cyz4GfLKBC2kyUMgXuHgsTSig3uAj # sBYWzzrPloVU3+mR+UX+mwFFbYeavR5amM+IOysY+75FHoTF5eVRFjY0KP8IkVyl # dTCEJ8wuzPzpM1i7vjgOw9eEM+1ms/7z34DS+wjB9dlyfD/7SBv7fB+vLFVKm2WY # GpsMvJk2kdz6IuyGysQKIJCnuTZlkQgMpS7wpbn7WfyeipUsjyMJ2mYCgj8XfybY # SUVzrFhEJ5PRQg3pK9Tpnhq3BQGlBaYw6/Mp2paK5x+fNtb5JNrTF3IiUcgSAJa8 # +bER+GgFDOlCcsbyZfllcbherJBioMCdfCtVvdA/ccn6ZsMdyIblnhttQ0+64+gU # Dn+nyva3xYqoEo7jMJ72RGIwGt1KbGZjvzDHbfryhxDzeYx+OovQ # SIG # End signature block |