Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Microsoft.Security assessments
Bicep resource definition
The assessments resource type can be deployed with operations that target:
- Tenant - See tenant deployment commands* Management groups - See management group deployment commands* Subscription - See subscription deployment commands* Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/assessments resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/assessments@2025-05-04' = {
scope: resourceSymbolicName or scope
name: 'string'
properties: {
additionalData: {
{customized property}: 'string'
}
metadata: {
assessmentType: 'string'
categories: [
'string'
]
description: 'string'
displayName: 'string'
implementationEffort: 'string'
partnerData: {
partnerName: 'string'
productName: 'string'
secret: 'string'
}
preview: bool
remediationDescription: 'string'
severity: 'string'
threats: [
'string'
]
userImpact: 'string'
}
partnersData: {
partnerName: 'string'
secret: 'string'
}
resourceDetails: {
source: 'string'
// For remaining properties, see CommonResourceDetails objects
}
risk: {
attackPathsReferences: [
'string'
]
isContextualRisk: bool
level: 'string'
paths: [
{
edges: [
{
id: 'string'
sourceId: 'string'
targetId: 'string'
}
]
id: 'string'
nodes: [
{
id: 'string'
nodePropertiesLabel: [
'string'
]
}
]
}
]
riskFactors: [
'string'
]
}
status: {
cause: 'string'
code: 'string'
description: 'string'
}
}
}
CommonResourceDetails objects
Set the source property to specify the type of object.
For Azure, use:
{
source: 'Azure'
}
For OnPremiseSql, use:
{
databaseName: 'string'
machineName: 'string'
serverName: 'string'
source: 'OnPremiseSql'
sourceComputerId: 'string'
vmuuid: 'string'
workspaceId: 'string'
}
Property Values
Microsoft.Security/assessments
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| properties | Describes properties of an assessment. | SecurityAssessmentPropertiesOrSecurityAssessmentPropertiesResponse |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
AssessmentStatusOrAssessmentStatusResponse
| Name | Description | Value |
|---|---|---|
| cause | Programmatic code for the cause of the assessment status | string |
| code | Programmatic code for the status of the assessment | 'Healthy' 'NotApplicable' 'Unhealthy' (required) |
| description | Human readable description of the assessment status | string |
AzureResourceDetails
| Name | Description | Value |
|---|---|---|
| source | The platform where the assessed resource resides | 'Azure' (required) |
CommonResourceDetails
| Name | Description | Value |
|---|---|---|
| source | Set to 'Azure' for type AzureResourceDetails. Set to 'OnPremiseSql' for type OnPremiseSqlResourceDetails. | 'Azure' 'OnPremiseSql' (required) |
OnPremiseSqlResourceDetails
| Name | Description | Value |
|---|---|---|
| databaseName | The Sql database name installed on the machine | string (required) |
| machineName | The name of the machine | string (required) |
| serverName | The Sql server name installed on the machine | string (required) |
| source | The platform where the assessed resource resides | 'OnPremiseSql' (required) |
| sourceComputerId | The oms agent Id installed on the machine | string (required) |
| vmuuid | The unique Id of the machine | string (required) |
| workspaceId | Azure resource Id of the workspace the machine is attached to | string (required) |
SecurityAssessmentMetadataPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| productName | Name of the product of the partner that created the assessment | string |
| secret | Secret to authenticate the partner and verify it created the assessment - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentMetadataProperties
| Name | Description | Value |
|---|---|---|
| assessmentType | BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition | 'BuiltIn' 'BuiltInPolicy' 'Custom' 'CustomerManaged' 'CustomPolicy' 'DynamicBuiltIn' 'ManualBuiltIn' 'ManualBuiltInPolicy' 'ManualCustomPolicy' 'Unknown' 'VerifiedPartner' (required) |
| categories | String array containing any of: 'AppServices' 'Compute' 'Container' 'Data' 'IdentityAndAccess' 'IoT' 'Networking' |
|
| description | Human readable description of the assessment | string |
| displayName | User friendly display name of the assessment | string (required) |
| implementationEffort | The implementation effort required to remediate this assessment | 'High' 'Low' 'Moderate' |
| partnerData | Describes the partner that created the assessment | SecurityAssessmentMetadataPartnerData |
| preview | True if this assessment is in preview release status | bool |
| remediationDescription | Human readable description of what you should do to mitigate this security issue | string |
| severity | The severity level of the assessment | 'Critical' 'High' 'Low' 'Medium' (required) |
| threats | String array containing any of: 'accountBreach' 'dataExfiltration' 'dataSpillage' 'denialOfService' 'elevationOfPrivilege' 'maliciousInsider' 'missingCoverage' 'threatResistance' |
|
| userImpact | The user impact of the assessment | 'High' 'Low' 'Moderate' |
SecurityAssessmentPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| secret | secret to authenticate the partner - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentPropertiesBaseAdditionalData
| Name | Description | Value |
|---|
SecurityAssessmentPropertiesBaseRisk
| Name | Description | Value |
|---|---|---|
| attackPathsReferences | The attack paths references of the risk | string[] |
| isContextualRisk | Indicates if the risk is contextual or static | bool |
| level | The risk level | 'Critical' 'High' 'Low' 'Medium' 'None' |
| paths | SecurityAssessmentPropertiesBaseRiskPathsItem[] | |
| riskFactors | The factors of the risk adding base factor | string[] |
SecurityAssessmentPropertiesBaseRiskPathsItem
| Name | Description | Value |
|---|---|---|
| edges | Connections between nodes | SecurityAssessmentPropertiesBaseRiskPathsItemEdgeItem[] |
| id | Unique identifier for the path | string |
| nodes | SecurityAssessmentPropertiesBaseRiskPathsItemNodesItem[] |
SecurityAssessmentPropertiesBaseRiskPathsItemEdgeItem
| Name | Description | Value |
|---|---|---|
| id | Edge identifier | string (required) |
| sourceId | Source node identifier | string (required) |
| targetId | Target node identifier | string (required) |
SecurityAssessmentPropertiesBaseRiskPathsItemNodesItem
| Name | Description | Value |
|---|---|---|
| id | Node identifier | string |
| nodePropertiesLabel | Properties associated with the node | string[] |
SecurityAssessmentPropertiesOrSecurityAssessmentPropertiesResponse
| Name | Description | Value |
|---|---|---|
| additionalData | Additional data regarding the assessment | SecurityAssessmentPropertiesBaseAdditionalData |
| metadata | Describes properties of an assessment metadata. | SecurityAssessmentMetadataProperties |
| partnersData | Data regarding 3rd party partner integration | SecurityAssessmentPartnerData |
| resourceDetails | Details of the resource that was assessed | CommonResourceDetails (required) |
| risk | External model of risk result | SecurityAssessmentPropertiesBaseRisk |
| status | The result of the assessment | AssessmentStatusOrAssessmentStatusResponse (required) |
Usage Examples
Bicep Samples
A basic example of deploying Security Center Assessment for Azure Security Center.
targetScope = 'subscription'
param resourceName string = 'acctest0001'
param location string = 'westus'
@secure()
@description('The administrator password for the virtual machine scale set')
param adminPassword string
resource resourceGroup 'Microsoft.Resources/resourceGroups@2020-06-01' = {
name: resourceName
location: location
}
resource assessmentMetadata 'Microsoft.Security/assessmentMetadata@2021-06-01' = {
name: 'fdaaa62c-1d42-45ab-be2f-2af194dd1700'
properties: {
assessmentType: 'CustomerManaged'
description: 'Test Description'
displayName: 'Test Display Name'
severity: 'Medium'
}
}
resource pricing 'Microsoft.Security/pricings@2023-01-01' = {
name: 'VirtualMachines'
properties: {
extensions: []
pricingTier: 'Standard'
subPlan: 'P2'
}
}
module module1 'main-rg-module.bicep' = {
name: 'deploy-rg-resources'
scope: resourceGroup
params: {
resourceName: resourceName
adminPassword: adminPassword
location: location
}
}
A basic example of deploying Security Center Assessment for Azure Security Center.
param resourceName string = 'acctest0001'
param location string = 'westus'
@secure()
@description('The administrator password for the virtual machine scale set')
param adminPassword string
resource virtualMachineScaleSet 'Microsoft.Compute/virtualMachineScaleSets@2024-11-01' = {
name: '${resourceName}-vmss'
location: location
sku: {
capacity: 1
name: 'Standard_B1s'
}
properties: {
additionalCapabilities: {}
doNotRunExtensionsOnOverprovisionedVMs: false
orchestrationMode: 'Uniform'
overprovision: true
singlePlacementGroup: true
upgradePolicy: {
mode: 'Manual'
}
virtualMachineProfile: {
diagnosticsProfile: {
bootDiagnostics: {
enabled: false
storageUri: ''
}
}
extensionProfile: {
extensionsTimeBudget: 'PT1H30M'
}
networkProfile: {
networkInterfaceConfigurations: [
{
name: 'example'
properties: {
dnsSettings: {
dnsServers: []
}
enableAcceleratedNetworking: false
enableIPForwarding: false
ipConfigurations: [
{
name: 'internal'
properties: {
applicationGatewayBackendAddressPools: []
applicationSecurityGroups: []
loadBalancerBackendAddressPools: []
loadBalancerInboundNatPools: []
primary: true
privateIPAddressVersion: 'IPv4'
subnet: {
id: subnet.id
}
}
}
]
primary: true
}
}
]
}
osProfile: {
adminPassword: adminPassword
adminUsername: 'adminuser'
allowExtensionOperations: true
computerNamePrefix: '${resourceName}-vmss'
linuxConfiguration: {
disablePasswordAuthentication: false
provisionVMAgent: true
ssh: {
publicKeys: []
}
}
secrets: []
}
priority: 'Regular'
storageProfile: {
dataDisks: []
imageReference: {
offer: '0001-com-ubuntu-server-jammy'
publisher: 'Canonical'
sku: '22_04-lts'
version: 'latest'
}
osDisk: {
caching: 'ReadWrite'
createOption: 'FromImage'
managedDisk: {
storageAccountType: 'Standard_LRS'
}
osType: 'Linux'
writeAcceleratorEnabled: false
}
}
}
}
}
resource assessment 'Microsoft.Security/assessments@2020-01-01' = {
name: 'fdaaa62c-1d42-45ab-be2f-2af194dd1700'
scope: virtualMachineScaleSet
properties: {
additionalData: {}
resourceDetails: {
source: 'Azure'
}
status: {
cause: ''
code: 'Healthy'
description: ''
}
}
}
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
name: '${resourceName}-vnet'
location: location
properties: {
addressSpace: {
addressPrefixes: [
'10.0.0.0/16'
]
}
dhcpOptions: {
dnsServers: []
}
privateEndpointVNetPolicies: 'Disabled'
}
}
resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
name: 'internal'
parent: virtualNetwork
properties: {
addressPrefix: '10.0.2.0/24'
defaultOutboundAccess: true
delegations: []
privateEndpointNetworkPolicies: 'Disabled'
privateLinkServiceNetworkPolicies: 'Enabled'
serviceEndpointPolicies: []
serviceEndpoints: []
}
}
ARM template resource definition
The assessments resource type can be deployed with operations that target:
- Tenant - See tenant deployment commands* Management groups - See management group deployment commands* Subscription - See subscription deployment commands* Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/assessments resource, add the following JSON to your template.
{
"type": "Microsoft.Security/assessments",
"apiVersion": "2025-05-04",
"name": "string",
"properties": {
"additionalData": {
"{customized property}": "string"
},
"metadata": {
"assessmentType": "string",
"categories": [ "string" ],
"description": "string",
"displayName": "string",
"implementationEffort": "string",
"partnerData": {
"partnerName": "string",
"productName": "string",
"secret": "string"
},
"preview": "bool",
"remediationDescription": "string",
"severity": "string",
"threats": [ "string" ],
"userImpact": "string"
},
"partnersData": {
"partnerName": "string",
"secret": "string"
},
"resourceDetails": {
"source": "string"
// For remaining properties, see CommonResourceDetails objects
},
"risk": {
"attackPathsReferences": [ "string" ],
"isContextualRisk": "bool",
"level": "string",
"paths": [
{
"edges": [
{
"id": "string",
"sourceId": "string",
"targetId": "string"
}
],
"id": "string",
"nodes": [
{
"id": "string",
"nodePropertiesLabel": [ "string" ]
}
]
}
],
"riskFactors": [ "string" ]
},
"status": {
"cause": "string",
"code": "string",
"description": "string"
}
}
}
CommonResourceDetails objects
Set the source property to specify the type of object.
For Azure, use:
{
"source": "Azure"
}
For OnPremiseSql, use:
{
"databaseName": "string",
"machineName": "string",
"serverName": "string",
"source": "OnPremiseSql",
"sourceComputerId": "string",
"vmuuid": "string",
"workspaceId": "string"
}
Property Values
Microsoft.Security/assessments
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2025-05-04' |
| name | The resource name | string (required) |
| properties | Describes properties of an assessment. | SecurityAssessmentPropertiesOrSecurityAssessmentPropertiesResponse |
| type | The resource type | 'Microsoft.Security/assessments' |
AssessmentStatusOrAssessmentStatusResponse
| Name | Description | Value |
|---|---|---|
| cause | Programmatic code for the cause of the assessment status | string |
| code | Programmatic code for the status of the assessment | 'Healthy' 'NotApplicable' 'Unhealthy' (required) |
| description | Human readable description of the assessment status | string |
AzureResourceDetails
| Name | Description | Value |
|---|---|---|
| source | The platform where the assessed resource resides | 'Azure' (required) |
CommonResourceDetails
| Name | Description | Value |
|---|---|---|
| source | Set to 'Azure' for type AzureResourceDetails. Set to 'OnPremiseSql' for type OnPremiseSqlResourceDetails. | 'Azure' 'OnPremiseSql' (required) |
OnPremiseSqlResourceDetails
| Name | Description | Value |
|---|---|---|
| databaseName | The Sql database name installed on the machine | string (required) |
| machineName | The name of the machine | string (required) |
| serverName | The Sql server name installed on the machine | string (required) |
| source | The platform where the assessed resource resides | 'OnPremiseSql' (required) |
| sourceComputerId | The oms agent Id installed on the machine | string (required) |
| vmuuid | The unique Id of the machine | string (required) |
| workspaceId | Azure resource Id of the workspace the machine is attached to | string (required) |
SecurityAssessmentMetadataPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| productName | Name of the product of the partner that created the assessment | string |
| secret | Secret to authenticate the partner and verify it created the assessment - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentMetadataProperties
| Name | Description | Value |
|---|---|---|
| assessmentType | BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition | 'BuiltIn' 'BuiltInPolicy' 'Custom' 'CustomerManaged' 'CustomPolicy' 'DynamicBuiltIn' 'ManualBuiltIn' 'ManualBuiltInPolicy' 'ManualCustomPolicy' 'Unknown' 'VerifiedPartner' (required) |
| categories | String array containing any of: 'AppServices' 'Compute' 'Container' 'Data' 'IdentityAndAccess' 'IoT' 'Networking' |
|
| description | Human readable description of the assessment | string |
| displayName | User friendly display name of the assessment | string (required) |
| implementationEffort | The implementation effort required to remediate this assessment | 'High' 'Low' 'Moderate' |
| partnerData | Describes the partner that created the assessment | SecurityAssessmentMetadataPartnerData |
| preview | True if this assessment is in preview release status | bool |
| remediationDescription | Human readable description of what you should do to mitigate this security issue | string |
| severity | The severity level of the assessment | 'Critical' 'High' 'Low' 'Medium' (required) |
| threats | String array containing any of: 'accountBreach' 'dataExfiltration' 'dataSpillage' 'denialOfService' 'elevationOfPrivilege' 'maliciousInsider' 'missingCoverage' 'threatResistance' |
|
| userImpact | The user impact of the assessment | 'High' 'Low' 'Moderate' |
SecurityAssessmentPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| secret | secret to authenticate the partner - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentPropertiesBaseAdditionalData
| Name | Description | Value |
|---|
SecurityAssessmentPropertiesBaseRisk
| Name | Description | Value |
|---|---|---|
| attackPathsReferences | The attack paths references of the risk | string[] |
| isContextualRisk | Indicates if the risk is contextual or static | bool |
| level | The risk level | 'Critical' 'High' 'Low' 'Medium' 'None' |
| paths | SecurityAssessmentPropertiesBaseRiskPathsItem[] | |
| riskFactors | The factors of the risk adding base factor | string[] |
SecurityAssessmentPropertiesBaseRiskPathsItem
| Name | Description | Value |
|---|---|---|
| edges | Connections between nodes | SecurityAssessmentPropertiesBaseRiskPathsItemEdgeItem[] |
| id | Unique identifier for the path | string |
| nodes | SecurityAssessmentPropertiesBaseRiskPathsItemNodesItem[] |
SecurityAssessmentPropertiesBaseRiskPathsItemEdgeItem
| Name | Description | Value |
|---|---|---|
| id | Edge identifier | string (required) |
| sourceId | Source node identifier | string (required) |
| targetId | Target node identifier | string (required) |
SecurityAssessmentPropertiesBaseRiskPathsItemNodesItem
| Name | Description | Value |
|---|---|---|
| id | Node identifier | string |
| nodePropertiesLabel | Properties associated with the node | string[] |
SecurityAssessmentPropertiesOrSecurityAssessmentPropertiesResponse
| Name | Description | Value |
|---|---|---|
| additionalData | Additional data regarding the assessment | SecurityAssessmentPropertiesBaseAdditionalData |
| metadata | Describes properties of an assessment metadata. | SecurityAssessmentMetadataProperties |
| partnersData | Data regarding 3rd party partner integration | SecurityAssessmentPartnerData |
| resourceDetails | Details of the resource that was assessed | CommonResourceDetails (required) |
| risk | External model of risk result | SecurityAssessmentPropertiesBaseRisk |
| status | The result of the assessment | AssessmentStatusOrAssessmentStatusResponse (required) |
Usage Examples
Terraform (AzAPI provider) resource definition
The assessments resource type can be deployed with operations that target:
- Tenant* Management groups* Subscription* Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/assessments resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/assessments@2025-05-04"
name = "string"
parent_id = "string"
body = {
properties = {
additionalData = {
{customized property} = "string"
}
metadata = {
assessmentType = "string"
categories = [
"string"
]
description = "string"
displayName = "string"
implementationEffort = "string"
partnerData = {
partnerName = "string"
productName = "string"
secret = "string"
}
preview = bool
remediationDescription = "string"
severity = "string"
threats = [
"string"
]
userImpact = "string"
}
partnersData = {
partnerName = "string"
secret = "string"
}
resourceDetails = {
source = "string"
// For remaining properties, see CommonResourceDetails objects
}
risk = {
attackPathsReferences = [
"string"
]
isContextualRisk = bool
level = "string"
paths = [
{
edges = [
{
id = "string"
sourceId = "string"
targetId = "string"
}
]
id = "string"
nodes = [
{
id = "string"
nodePropertiesLabel = [
"string"
]
}
]
}
]
riskFactors = [
"string"
]
}
status = {
cause = "string"
code = "string"
description = "string"
}
}
}
}
CommonResourceDetails objects
Set the source property to specify the type of object.
For Azure, use:
{
source = "Azure"
}
For OnPremiseSql, use:
{
databaseName = "string"
machineName = "string"
serverName = "string"
source = "OnPremiseSql"
sourceComputerId = "string"
vmuuid = "string"
workspaceId = "string"
}
Property Values
Microsoft.Security/assessments
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | Describes properties of an assessment. | SecurityAssessmentPropertiesOrSecurityAssessmentPropertiesResponse |
| type | The resource type | "Microsoft.Security/assessments@2025-05-04" |
AssessmentStatusOrAssessmentStatusResponse
| Name | Description | Value |
|---|---|---|
| cause | Programmatic code for the cause of the assessment status | string |
| code | Programmatic code for the status of the assessment | 'Healthy' 'NotApplicable' 'Unhealthy' (required) |
| description | Human readable description of the assessment status | string |
AzureResourceDetails
| Name | Description | Value |
|---|---|---|
| source | The platform where the assessed resource resides | 'Azure' (required) |
CommonResourceDetails
| Name | Description | Value |
|---|---|---|
| source | Set to 'Azure' for type AzureResourceDetails. Set to 'OnPremiseSql' for type OnPremiseSqlResourceDetails. | 'Azure' 'OnPremiseSql' (required) |
OnPremiseSqlResourceDetails
| Name | Description | Value |
|---|---|---|
| databaseName | The Sql database name installed on the machine | string (required) |
| machineName | The name of the machine | string (required) |
| serverName | The Sql server name installed on the machine | string (required) |
| source | The platform where the assessed resource resides | 'OnPremiseSql' (required) |
| sourceComputerId | The oms agent Id installed on the machine | string (required) |
| vmuuid | The unique Id of the machine | string (required) |
| workspaceId | Azure resource Id of the workspace the machine is attached to | string (required) |
SecurityAssessmentMetadataPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| productName | Name of the product of the partner that created the assessment | string |
| secret | Secret to authenticate the partner and verify it created the assessment - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentMetadataProperties
| Name | Description | Value |
|---|---|---|
| assessmentType | BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition | 'BuiltIn' 'BuiltInPolicy' 'Custom' 'CustomerManaged' 'CustomPolicy' 'DynamicBuiltIn' 'ManualBuiltIn' 'ManualBuiltInPolicy' 'ManualCustomPolicy' 'Unknown' 'VerifiedPartner' (required) |
| categories | String array containing any of: 'AppServices' 'Compute' 'Container' 'Data' 'IdentityAndAccess' 'IoT' 'Networking' |
|
| description | Human readable description of the assessment | string |
| displayName | User friendly display name of the assessment | string (required) |
| implementationEffort | The implementation effort required to remediate this assessment | 'High' 'Low' 'Moderate' |
| partnerData | Describes the partner that created the assessment | SecurityAssessmentMetadataPartnerData |
| preview | True if this assessment is in preview release status | bool |
| remediationDescription | Human readable description of what you should do to mitigate this security issue | string |
| severity | The severity level of the assessment | 'Critical' 'High' 'Low' 'Medium' (required) |
| threats | String array containing any of: 'accountBreach' 'dataExfiltration' 'dataSpillage' 'denialOfService' 'elevationOfPrivilege' 'maliciousInsider' 'missingCoverage' 'threatResistance' |
|
| userImpact | The user impact of the assessment | 'High' 'Low' 'Moderate' |
SecurityAssessmentPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| secret | secret to authenticate the partner - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentPropertiesBaseAdditionalData
| Name | Description | Value |
|---|
SecurityAssessmentPropertiesBaseRisk
| Name | Description | Value |
|---|---|---|
| attackPathsReferences | The attack paths references of the risk | string[] |
| isContextualRisk | Indicates if the risk is contextual or static | bool |
| level | The risk level | 'Critical' 'High' 'Low' 'Medium' 'None' |
| paths | SecurityAssessmentPropertiesBaseRiskPathsItem[] | |
| riskFactors | The factors of the risk adding base factor | string[] |
SecurityAssessmentPropertiesBaseRiskPathsItem
| Name | Description | Value |
|---|---|---|
| edges | Connections between nodes | SecurityAssessmentPropertiesBaseRiskPathsItemEdgeItem[] |
| id | Unique identifier for the path | string |
| nodes | SecurityAssessmentPropertiesBaseRiskPathsItemNodesItem[] |
SecurityAssessmentPropertiesBaseRiskPathsItemEdgeItem
| Name | Description | Value |
|---|---|---|
| id | Edge identifier | string (required) |
| sourceId | Source node identifier | string (required) |
| targetId | Target node identifier | string (required) |
SecurityAssessmentPropertiesBaseRiskPathsItemNodesItem
| Name | Description | Value |
|---|---|---|
| id | Node identifier | string |
| nodePropertiesLabel | Properties associated with the node | string[] |
SecurityAssessmentPropertiesOrSecurityAssessmentPropertiesResponse
| Name | Description | Value |
|---|---|---|
| additionalData | Additional data regarding the assessment | SecurityAssessmentPropertiesBaseAdditionalData |
| metadata | Describes properties of an assessment metadata. | SecurityAssessmentMetadataProperties |
| partnersData | Data regarding 3rd party partner integration | SecurityAssessmentPartnerData |
| resourceDetails | Details of the resource that was assessed | CommonResourceDetails (required) |
| risk | External model of risk result | SecurityAssessmentPropertiesBaseRisk |
| status | The result of the assessment | AssessmentStatusOrAssessmentStatusResponse (required) |
Usage Examples
Terraform Samples
A basic example of deploying Security Center Assessment for Azure Security Center.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
data "azapi_client_config" "current" {}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westus"
}
variable "admin_password" {
type = string
sensitive = true
description = "The administrator password for the virtual machine scale set"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "assessmentMetadata" {
type = "Microsoft.Security/assessmentMetadata@2021-06-01"
parent_id = "/subscriptions/${data.azapi_client_config.current.subscription_id}"
name = "fdaaa62c-1d42-45ab-be2f-2af194dd1700"
body = {
properties = {
assessmentType = "CustomerManaged"
description = "Test Description"
displayName = "Test Display Name"
severity = "Medium"
}
}
}
resource "azapi_resource" "pricing" {
type = "Microsoft.Security/pricings@2023-01-01"
parent_id = "/subscriptions/${data.azapi_client_config.current.subscription_id}"
name = "VirtualMachines"
body = {
properties = {
extensions = []
pricingTier = "Standard"
subPlan = "P2"
}
}
}
resource "azapi_resource" "virtualNetwork" {
type = "Microsoft.Network/virtualNetworks@2024-05-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-vnet"
location = var.location
body = {
properties = {
addressSpace = {
addressPrefixes = ["10.0.0.0/16"]
}
dhcpOptions = {
dnsServers = []
}
privateEndpointVNetPolicies = "Disabled"
}
}
}
resource "azapi_resource" "subnet" {
type = "Microsoft.Network/virtualNetworks/subnets@2024-05-01"
parent_id = azapi_resource.virtualNetwork.id
name = "internal"
body = {
properties = {
addressPrefix = "10.0.2.0/24"
defaultOutboundAccess = true
delegations = []
privateEndpointNetworkPolicies = "Disabled"
privateLinkServiceNetworkPolicies = "Enabled"
serviceEndpointPolicies = []
serviceEndpoints = []
}
}
}
resource "azapi_resource" "virtualMachineScaleSet" {
type = "Microsoft.Compute/virtualMachineScaleSets@2024-11-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-vmss"
location = var.location
body = {
properties = {
additionalCapabilities = {}
doNotRunExtensionsOnOverprovisionedVMs = false
orchestrationMode = "Uniform"
overprovision = true
singlePlacementGroup = true
upgradePolicy = {
mode = "Manual"
}
virtualMachineProfile = {
diagnosticsProfile = {
bootDiagnostics = {
enabled = false
storageUri = ""
}
}
extensionProfile = {
extensionsTimeBudget = "PT1H30M"
}
networkProfile = {
networkInterfaceConfigurations = [{
name = "example"
properties = {
dnsSettings = {
dnsServers = []
}
enableAcceleratedNetworking = false
enableIPForwarding = false
ipConfigurations = [{
name = "internal"
properties = {
applicationGatewayBackendAddressPools = []
applicationSecurityGroups = []
loadBalancerBackendAddressPools = []
loadBalancerInboundNatPools = []
primary = true
privateIPAddressVersion = "IPv4"
subnet = {
id = azapi_resource.subnet.id
}
}
}]
primary = true
}
}]
}
osProfile = {
adminPassword = var.admin_password
adminUsername = "adminuser"
allowExtensionOperations = true
computerNamePrefix = "${var.resource_name}-vmss"
linuxConfiguration = {
disablePasswordAuthentication = false
provisionVMAgent = true
ssh = {
publicKeys = []
}
}
secrets = []
}
priority = "Regular"
storageProfile = {
dataDisks = []
imageReference = {
offer = "0001-com-ubuntu-server-jammy"
publisher = "Canonical"
sku = "22_04-lts"
version = "latest"
}
osDisk = {
caching = "ReadWrite"
createOption = "FromImage"
managedDisk = {
storageAccountType = "Standard_LRS"
}
osType = "Linux"
writeAcceleratorEnabled = false
}
}
}
}
sku = {
capacity = 1
name = "Standard_B1s"
}
}
}
resource "azapi_resource" "assessment" {
type = "Microsoft.Security/assessments@2020-01-01"
parent_id = azapi_resource.virtualMachineScaleSet.id
name = "fdaaa62c-1d42-45ab-be2f-2af194dd1700"
body = {
properties = {
additionalData = {}
resourceDetails = {
source = "Azure"
}
status = {
cause = ""
code = "Healthy"
description = ""
}
}
}
}
Feedback
Was this page helpful?