Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
az policy assignment identity
Managed identity of the policy assignment.
The system or user assigned managed identity used by the enclosing policy assignment for remediation tasks.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az policy assignment identity assign |
Assign a managed identity. |
Core | GA |
| az policy assignment identity remove |
Remove the managed identity. |
Core | GA |
| az policy assignment identity show |
Retrieve the managed identity. |
Core | GA |
az policy assignment identity assign
Replacing an existing identity will change in a future release of the resource commands. It will require first removing the existing identity.
Assign a managed identity.
Assign the system or user assigned managed identity to the policy assignment matching the given name and scope.
az policy assignment identity assign --name
[--acquire-policy-token]
[--change-reference]
[--identity-scope]
[--mi-system-assigned --system-assigned]
[--mi-user-assigned --user-assigned]
[--resource-group]
[--role]
[--scope]Examples
Add a system assigned managed identity to a policy assignment
az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignmentAdd a system assigned managed identity to a policy assignment and grant it the Contributor role for a resource group
az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment --role Contributor --identity-scope /subscriptions/{subscriptionId}/resourceGroups/MyResourceGroupAdd a user assigned managed identity to a policy assignment
az policy assignment identity assign --user-assigned MyAssignedId -g MyResourceGroup -n MyPolicyAssignmentRequired Parameters
The name of the policy assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Scope that the system assigned identity can access.
Set the system managed identity.
| Property | Value |
|---|---|
| Parameter group: | Parameters.identity Arguments |
Set the user managed identity. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Parameters.identity Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Role name or id that will be assigned to the managed identity.
The scope of the policy assignment.
az policy assignment identity remove
Removing a user assigned identity will change in a future release of the resource commands. It will require providing the --mi-user-assigned switch.
Remove the managed identity.
Remove the system or user assigned managed identity from the policy assignment matching the given name and scope.
az policy assignment identity remove --name
[--acquire-policy-token]
[--change-reference]
[--mi-system-assigned --system-assigned]
[--mi-user-assigned --user-assigned]
[--resource-group]
[--scope]Examples
Remove user assigned managed identity from a policy assignment
az policy assignment identity remove --name MyPolicyAssignment --user-assignedRequired Parameters
The name of the policy assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Remove the system managed identity.
| Property | Value |
|---|---|
| Parameter group: | Parameters.identity Arguments |
Remove the user managed identity. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Parameters.identity Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The scope of the policy assignment.
az policy assignment identity show
Retrieve the managed identity.
Retrieve and show the details of the system or user assigned managed identity of the policy assignment matching the given name and scope.
az policy assignment identity show --name
[--resource-group]
[--scope]Examples
Show a policy assignment's managed identity
az policy assignment identity show --name MyPolicyAssignment --scope '/providers/Microsoft.Management/managementGroups/{managementGroupName}'Required Parameters
The name of the policy assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The scope of the policy assignment.
Feedback
Was this page helpful?