Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Azure Classic
  3. API Docs
  4. management
  5. GroupPolicyAssignment

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi
pulumi/pulumi-azure

azure.management.GroupPolicyAssignment

Explore with Pulumi AI

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi
pulumi/pulumi-azure

Manages a Policy Assignment to a Management Group.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.management.Group("example", {displayName: "Some Management Group"});
const exampleDefinition = new azure.policy.Definition("example", {
    name: "only-deploy-in-westeurope",
    policyType: "Custom",
    mode: "All",
    displayName: "my-policy-definition",
    managementGroupId: example.id,
    policyRule: ` {
    "if": {
      "not": {
        "field": "location",
        "equals": "westeurope"
      }
    },
    "then": {
      "effect": "Deny"
    }
  }
`,
});
const exampleGroupPolicyAssignment = new azure.management.GroupPolicyAssignment("example", {
    name: "example-policy",
    policyDefinitionId: exampleDefinition.id,
    managementGroupId: example.id,
});
Copy
import pulumi
import pulumi_azure as azure

example = azure.management.Group("example", display_name="Some Management Group")
example_definition = azure.policy.Definition("example",
    name="only-deploy-in-westeurope",
    policy_type="Custom",
    mode="All",
    display_name="my-policy-definition",
    management_group_id=example.id,
    policy_rule=""" {
    "if": {
      "not": {
        "field": "location",
        "equals": "westeurope"
      }
    },
    "then": {
      "effect": "Deny"
    }
  }
""")
example_group_policy_assignment = azure.management.GroupPolicyAssignment("example",
    name="example-policy",
    policy_definition_id=example_definition.id,
    management_group_id=example.id)
Copy
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/management"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/policy"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := management.NewGroup(ctx, "example", &management.GroupArgs{
			DisplayName: pulumi.String("Some Management Group"),
		})
		if err != nil {
			return err
		}
		exampleDefinition, err := policy.NewDefinition(ctx, "example", &policy.DefinitionArgs{
			Name:              pulumi.String("only-deploy-in-westeurope"),
			PolicyType:        pulumi.String("Custom"),
			Mode:              pulumi.String("All"),
			DisplayName:       pulumi.String("my-policy-definition"),
			ManagementGroupId: example.ID(),
			PolicyRule: pulumi.String(` {
    "if": {
      "not": {
        "field": "location",
        "equals": "westeurope"
      }
    },
    "then": {
      "effect": "Deny"
    }
  }
`),
		})
		if err != nil {
			return err
		}
		_, err = management.NewGroupPolicyAssignment(ctx, "example", &management.GroupPolicyAssignmentArgs{
			Name:               pulumi.String("example-policy"),
			PolicyDefinitionId: exampleDefinition.ID(),
			ManagementGroupId:  example.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = new Azure.Management.Group("example", new()
    {
        DisplayName = "Some Management Group",
    });

    var exampleDefinition = new Azure.Policy.Definition("example", new()
    {
        Name = "only-deploy-in-westeurope",
        PolicyType = "Custom",
        Mode = "All",
        DisplayName = "my-policy-definition",
        ManagementGroupId = example.Id,
        PolicyRule = @" {
    ""if"": {
      ""not"": {
        ""field"": ""location"",
        ""equals"": ""westeurope""
      }
    },
    ""then"": {
      ""effect"": ""Deny""
    }
  }
",
    });

    var exampleGroupPolicyAssignment = new Azure.Management.GroupPolicyAssignment("example", new()
    {
        Name = "example-policy",
        PolicyDefinitionId = exampleDefinition.Id,
        ManagementGroupId = example.Id,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.management.Group;
import com.pulumi.azure.management.GroupArgs;
import com.pulumi.azure.policy.Definition;
import com.pulumi.azure.policy.DefinitionArgs;
import com.pulumi.azure.management.GroupPolicyAssignment;
import com.pulumi.azure.management.GroupPolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Group("example", GroupArgs.builder()
            .displayName("Some Management Group")
            .build());

        var exampleDefinition = new Definition("exampleDefinition", DefinitionArgs.builder()
            .name("only-deploy-in-westeurope")
            .policyType("Custom")
            .mode("All")
            .displayName("my-policy-definition")
            .managementGroupId(example.id())
            .policyRule("""
 {
    "if": {
      "not": {
        "field": "location",
        "equals": "westeurope"
      }
    },
    "then": {
      "effect": "Deny"
    }
  }
            """)
            .build());

        var exampleGroupPolicyAssignment = new GroupPolicyAssignment("exampleGroupPolicyAssignment", GroupPolicyAssignmentArgs.builder()
            .name("example-policy")
            .policyDefinitionId(exampleDefinition.id())
            .managementGroupId(example.id())
            .build());

    }
}
Copy
resources:
  example:
    type: azure:management:Group
    properties:
      displayName: Some Management Group
  exampleDefinition:
    type: azure:policy:Definition
    name: example
    properties:
      name: only-deploy-in-westeurope
      policyType: Custom
      mode: All
      displayName: my-policy-definition
      managementGroupId: ${example.id}
      policyRule: |2
         {
            "if": {
              "not": {
                "field": "location",
                "equals": "westeurope"
              }
            },
            "then": {
              "effect": "Deny"
            }
          }
  exampleGroupPolicyAssignment:
    type: azure:management:GroupPolicyAssignment
    name: example
    properties:
      name: example-policy
      policyDefinitionId: ${exampleDefinition.id}
      managementGroupId: ${example.id}
Copy

Create GroupPolicyAssignment Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new GroupPolicyAssignment(name: string, args: GroupPolicyAssignmentArgs, opts?: CustomResourceOptions);
@overload
def GroupPolicyAssignment(resource_name: str,
                          args: GroupPolicyAssignmentArgs,
                          opts: Optional[ResourceOptions] = None)

@overload
def GroupPolicyAssignment(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          management_group_id: Optional[str] = None,
                          policy_definition_id: Optional[str] = None,
                          metadata: Optional[str] = None,
                          identity: Optional[GroupPolicyAssignmentIdentityArgs] = None,
                          location: Optional[str] = None,
                          enforce: Optional[bool] = None,
                          description: Optional[str] = None,
                          name: Optional[str] = None,
                          non_compliance_messages: Optional[Sequence[GroupPolicyAssignmentNonComplianceMessageArgs]] = None,
                          not_scopes: Optional[Sequence[str]] = None,
                          overrides: Optional[Sequence[GroupPolicyAssignmentOverrideArgs]] = None,
                          parameters: Optional[str] = None,
                          display_name: Optional[str] = None,
                          resource_selectors: Optional[Sequence[GroupPolicyAssignmentResourceSelectorArgs]] = None)
func NewGroupPolicyAssignment(ctx *Context, name string, args GroupPolicyAssignmentArgs, opts ...ResourceOption) (*GroupPolicyAssignment, error)
public GroupPolicyAssignment(string name, GroupPolicyAssignmentArgs args, CustomResourceOptions? opts = null)
public GroupPolicyAssignment(String name, GroupPolicyAssignmentArgs args)
public GroupPolicyAssignment(String name, GroupPolicyAssignmentArgs args, CustomResourceOptions options)

type: azure:management:GroupPolicyAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. GroupPolicyAssignmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. GroupPolicyAssignmentArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. GroupPolicyAssignmentArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. GroupPolicyAssignmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. GroupPolicyAssignmentArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var groupPolicyAssignmentResource = new Azure.Management.GroupPolicyAssignment("groupPolicyAssignmentResource", new()
{
    ManagementGroupId = "string",
    PolicyDefinitionId = "string",
    Metadata = "string",
    Identity = new Azure.Management.Inputs.GroupPolicyAssignmentIdentityArgs
    {
        Type = "string",
        IdentityIds = new[]
        {
            "string",
        },
        PrincipalId = "string",
        TenantId = "string",
    },
    Location = "string",
    Enforce = false,
    Description = "string",
    Name = "string",
    NonComplianceMessages = new[]
    {
        new Azure.Management.Inputs.GroupPolicyAssignmentNonComplianceMessageArgs
        {
            Content = "string",
            PolicyDefinitionReferenceId = "string",
        },
    },
    NotScopes = new[]
    {
        "string",
    },
    Overrides = new[]
    {
        new Azure.Management.Inputs.GroupPolicyAssignmentOverrideArgs
        {
            Value = "string",
            Selectors = new[]
            {
                new Azure.Management.Inputs.GroupPolicyAssignmentOverrideSelectorArgs
                {
                    Ins = new[]
                    {
                        "string",
                    },
                    Kind = "string",
                    NotIns = new[]
                    {
                        "string",
                    },
                },
            },
        },
    },
    Parameters = "string",
    DisplayName = "string",
    ResourceSelectors = new[]
    {
        new Azure.Management.Inputs.GroupPolicyAssignmentResourceSelectorArgs
        {
            Selectors = new[]
            {
                new Azure.Management.Inputs.GroupPolicyAssignmentResourceSelectorSelectorArgs
                {
                    Kind = "string",
                    Ins = new[]
                    {
                        "string",
                    },
                    NotIns = new[]
                    {
                        "string",
                    },
                },
            },
            Name = "string",
        },
    },
});
Copy
example, err := management.NewGroupPolicyAssignment(ctx, "groupPolicyAssignmentResource", &management.GroupPolicyAssignmentArgs{
	ManagementGroupId:  pulumi.String("string"),
	PolicyDefinitionId: pulumi.String("string"),
	Metadata:           pulumi.String("string"),
	Identity: &management.GroupPolicyAssignmentIdentityArgs{
		Type: pulumi.String("string"),
		IdentityIds: pulumi.StringArray{
			pulumi.String("string"),
		},
		PrincipalId: pulumi.String("string"),
		TenantId:    pulumi.String("string"),
	},
	Location:    pulumi.String("string"),
	Enforce:     pulumi.Bool(false),
	Description: pulumi.String("string"),
	Name:        pulumi.String("string"),
	NonComplianceMessages: management.GroupPolicyAssignmentNonComplianceMessageArray{
		&management.GroupPolicyAssignmentNonComplianceMessageArgs{
			Content:                     pulumi.String("string"),
			PolicyDefinitionReferenceId: pulumi.String("string"),
		},
	},
	NotScopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Overrides: management.GroupPolicyAssignmentOverrideArray{
		&management.GroupPolicyAssignmentOverrideArgs{
			Value: pulumi.String("string"),
			Selectors: management.GroupPolicyAssignmentOverrideSelectorArray{
				&management.GroupPolicyAssignmentOverrideSelectorArgs{
					Ins: pulumi.StringArray{
						pulumi.String("string"),
					},
					Kind: pulumi.String("string"),
					NotIns: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
		},
	},
	Parameters:  pulumi.String("string"),
	DisplayName: pulumi.String("string"),
	ResourceSelectors: management.GroupPolicyAssignmentResourceSelectorArray{
		&management.GroupPolicyAssignmentResourceSelectorArgs{
			Selectors: management.GroupPolicyAssignmentResourceSelectorSelectorArray{
				&management.GroupPolicyAssignmentResourceSelectorSelectorArgs{
					Kind: pulumi.String("string"),
					Ins: pulumi.StringArray{
						pulumi.String("string"),
					},
					NotIns: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Name: pulumi.String("string"),
		},
	},
})
Copy
var groupPolicyAssignmentResource = new GroupPolicyAssignment("groupPolicyAssignmentResource", GroupPolicyAssignmentArgs.builder()
    .managementGroupId("string")
    .policyDefinitionId("string")
    .metadata("string")
    .identity(GroupPolicyAssignmentIdentityArgs.builder()
        .type("string")
        .identityIds("string")
        .principalId("string")
        .tenantId("string")
        .build())
    .location("string")
    .enforce(false)
    .description("string")
    .name("string")
    .nonComplianceMessages(GroupPolicyAssignmentNonComplianceMessageArgs.builder()
        .content("string")
        .policyDefinitionReferenceId("string")
        .build())
    .notScopes("string")
    .overrides(GroupPolicyAssignmentOverrideArgs.builder()
        .value("string")
        .selectors(GroupPolicyAssignmentOverrideSelectorArgs.builder()
            .ins("string")
            .kind("string")
            .notIns("string")
            .build())
        .build())
    .parameters("string")
    .displayName("string")
    .resourceSelectors(GroupPolicyAssignmentResourceSelectorArgs.builder()
        .selectors(GroupPolicyAssignmentResourceSelectorSelectorArgs.builder()
            .kind("string")
            .ins("string")
            .notIns("string")
            .build())
        .name("string")
        .build())
    .build());
Copy
group_policy_assignment_resource = azure.management.GroupPolicyAssignment("groupPolicyAssignmentResource",
    management_group_id="string",
    policy_definition_id="string",
    metadata="string",
    identity={
        "type": "string",
        "identity_ids": ["string"],
        "principal_id": "string",
        "tenant_id": "string",
    },
    location="string",
    enforce=False,
    description="string",
    name="string",
    non_compliance_messages=[{
        "content": "string",
        "policy_definition_reference_id": "string",
    }],
    not_scopes=["string"],
    overrides=[{
        "value": "string",
        "selectors": [{
            "ins": ["string"],
            "kind": "string",
            "not_ins": ["string"],
        }],
    }],
    parameters="string",
    display_name="string",
    resource_selectors=[{
        "selectors": [{
            "kind": "string",
            "ins": ["string"],
            "not_ins": ["string"],
        }],
        "name": "string",
    }])
Copy
const groupPolicyAssignmentResource = new azure.management.GroupPolicyAssignment("groupPolicyAssignmentResource", {
    managementGroupId: "string",
    policyDefinitionId: "string",
    metadata: "string",
    identity: {
        type: "string",
        identityIds: ["string"],
        principalId: "string",
        tenantId: "string",
    },
    location: "string",
    enforce: false,
    description: "string",
    name: "string",
    nonComplianceMessages: [{
        content: "string",
        policyDefinitionReferenceId: "string",
    }],
    notScopes: ["string"],
    overrides: [{
        value: "string",
        selectors: [{
            ins: ["string"],
            kind: "string",
            notIns: ["string"],
        }],
    }],
    parameters: "string",
    displayName: "string",
    resourceSelectors: [{
        selectors: [{
            kind: "string",
            ins: ["string"],
            notIns: ["string"],
        }],
        name: "string",
    }],
});
Copy
type: azure:management:GroupPolicyAssignment
properties:
    description: string
    displayName: string
    enforce: false
    identity:
        identityIds:
            - string
        principalId: string
        tenantId: string
        type: string
    location: string
    managementGroupId: string
    metadata: string
    name: string
    nonComplianceMessages:
        - content: string
          policyDefinitionReferenceId: string
    notScopes:
        - string
    overrides:
        - selectors:
            - ins:
                - string
              kind: string
              notIns:
                - string
          value: string
    parameters: string
    policyDefinitionId: string
    resourceSelectors:
        - name: string
          selectors:
            - ins:
                - string
              kind: string
              notIns:
                - string
Copy

GroupPolicyAssignment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The GroupPolicyAssignment resource accepts the following input properties:

ManagementGroupId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
PolicyDefinitionId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
Description string
A description which should be used for this Policy Assignment.
DisplayName string
The Display Name for this Policy Assignment.
Enforce bool
Specifies if this Policy should be enforced or not? Defaults to true.
Identity GroupPolicyAssignmentIdentity

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

Location Changes to this property will trigger replacement. string
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
Metadata string
A JSON mapping of any Metadata for this Policy.
Name Changes to this property will trigger replacement. string
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
NonComplianceMessages List<GroupPolicyAssignmentNonComplianceMessage>
One or more non_compliance_message blocks as defined below.
NotScopes List<string>
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
Overrides List<GroupPolicyAssignmentOverride>
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
Parameters string
A JSON mapping of any Parameters for this Policy.
ResourceSelectors List<GroupPolicyAssignmentResourceSelector>
One or more resource_selectors blocks as defined below to filter polices by resource properties.
ManagementGroupId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
PolicyDefinitionId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
Description string
A description which should be used for this Policy Assignment.
DisplayName string
The Display Name for this Policy Assignment.
Enforce bool
Specifies if this Policy should be enforced or not? Defaults to true.
Identity GroupPolicyAssignmentIdentityArgs

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

Location Changes to this property will trigger replacement. string
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
Metadata string
A JSON mapping of any Metadata for this Policy.
Name Changes to this property will trigger replacement. string
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
NonComplianceMessages []GroupPolicyAssignmentNonComplianceMessageArgs
One or more non_compliance_message blocks as defined below.
NotScopes []string
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
Overrides []GroupPolicyAssignmentOverrideArgs
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
Parameters string
A JSON mapping of any Parameters for this Policy.
ResourceSelectors []GroupPolicyAssignmentResourceSelectorArgs
One or more resource_selectors blocks as defined below to filter polices by resource properties.
managementGroupId
This property is required.
Changes to this property will trigger replacement.
String
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
policyDefinitionId
This property is required.
Changes to this property will trigger replacement.
String
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
description String
A description which should be used for this Policy Assignment.
displayName String
The Display Name for this Policy Assignment.
enforce Boolean
Specifies if this Policy should be enforced or not? Defaults to true.
identity GroupPolicyAssignmentIdentity

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

location Changes to this property will trigger replacement. String
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
metadata String
A JSON mapping of any Metadata for this Policy.
name Changes to this property will trigger replacement. String
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
nonComplianceMessages List<GroupPolicyAssignmentNonComplianceMessage>
One or more non_compliance_message blocks as defined below.
notScopes List<String>
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
overrides List<GroupPolicyAssignmentOverride>
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
parameters String
A JSON mapping of any Parameters for this Policy.
resourceSelectors List<GroupPolicyAssignmentResourceSelector>
One or more resource_selectors blocks as defined below to filter polices by resource properties.
managementGroupId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
policyDefinitionId
This property is required.
Changes to this property will trigger replacement.
string
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
description string
A description which should be used for this Policy Assignment.
displayName string
The Display Name for this Policy Assignment.
enforce boolean
Specifies if this Policy should be enforced or not? Defaults to true.
identity GroupPolicyAssignmentIdentity

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

location Changes to this property will trigger replacement. string
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
metadata string
A JSON mapping of any Metadata for this Policy.
name Changes to this property will trigger replacement. string
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
nonComplianceMessages GroupPolicyAssignmentNonComplianceMessage[]
One or more non_compliance_message blocks as defined below.
notScopes string[]
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
overrides GroupPolicyAssignmentOverride[]
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
parameters string
A JSON mapping of any Parameters for this Policy.
resourceSelectors GroupPolicyAssignmentResourceSelector[]
One or more resource_selectors blocks as defined below to filter polices by resource properties.
management_group_id
This property is required.
Changes to this property will trigger replacement.
str
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
policy_definition_id
This property is required.
Changes to this property will trigger replacement.
str
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
description str
A description which should be used for this Policy Assignment.
display_name str
The Display Name for this Policy Assignment.
enforce bool
Specifies if this Policy should be enforced or not? Defaults to true.
identity GroupPolicyAssignmentIdentityArgs

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

location Changes to this property will trigger replacement. str
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
metadata str
A JSON mapping of any Metadata for this Policy.
name Changes to this property will trigger replacement. str
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
non_compliance_messages Sequence[GroupPolicyAssignmentNonComplianceMessageArgs]
One or more non_compliance_message blocks as defined below.
not_scopes Sequence[str]
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
overrides Sequence[GroupPolicyAssignmentOverrideArgs]
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
parameters str
A JSON mapping of any Parameters for this Policy.
resource_selectors Sequence[GroupPolicyAssignmentResourceSelectorArgs]
One or more resource_selectors blocks as defined below to filter polices by resource properties.
managementGroupId
This property is required.
Changes to this property will trigger replacement.
String
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
policyDefinitionId
This property is required.
Changes to this property will trigger replacement.
String
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
description String
A description which should be used for this Policy Assignment.
displayName String
The Display Name for this Policy Assignment.
enforce Boolean
Specifies if this Policy should be enforced or not? Defaults to true.
identity Property Map

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

location Changes to this property will trigger replacement. String
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
metadata String
A JSON mapping of any Metadata for this Policy.
name Changes to this property will trigger replacement. String
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
nonComplianceMessages List<Property Map>
One or more non_compliance_message blocks as defined below.
notScopes List<String>
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
overrides List<Property Map>
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
parameters String
A JSON mapping of any Parameters for this Policy.
resourceSelectors List<Property Map>
One or more resource_selectors blocks as defined below to filter polices by resource properties.

Outputs

All input properties are implicitly available as output properties. Additionally, the GroupPolicyAssignment resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing GroupPolicyAssignment Resource

Get an existing GroupPolicyAssignment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GroupPolicyAssignmentState, opts?: CustomResourceOptions): GroupPolicyAssignment
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        display_name: Optional[str] = None,
        enforce: Optional[bool] = None,
        identity: Optional[GroupPolicyAssignmentIdentityArgs] = None,
        location: Optional[str] = None,
        management_group_id: Optional[str] = None,
        metadata: Optional[str] = None,
        name: Optional[str] = None,
        non_compliance_messages: Optional[Sequence[GroupPolicyAssignmentNonComplianceMessageArgs]] = None,
        not_scopes: Optional[Sequence[str]] = None,
        overrides: Optional[Sequence[GroupPolicyAssignmentOverrideArgs]] = None,
        parameters: Optional[str] = None,
        policy_definition_id: Optional[str] = None,
        resource_selectors: Optional[Sequence[GroupPolicyAssignmentResourceSelectorArgs]] = None) -> GroupPolicyAssignment
func GetGroupPolicyAssignment(ctx *Context, name string, id IDInput, state *GroupPolicyAssignmentState, opts ...ResourceOption) (*GroupPolicyAssignment, error)
public static GroupPolicyAssignment Get(string name, Input<string> id, GroupPolicyAssignmentState? state, CustomResourceOptions? opts = null)
public static GroupPolicyAssignment get(String name, Output<String> id, GroupPolicyAssignmentState state, CustomResourceOptions options)
resources:  _:    type: azure:management:GroupPolicyAssignment    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Description string
A description which should be used for this Policy Assignment.
DisplayName string
The Display Name for this Policy Assignment.
Enforce bool
Specifies if this Policy should be enforced or not? Defaults to true.
Identity GroupPolicyAssignmentIdentity

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

Location Changes to this property will trigger replacement. string
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
ManagementGroupId Changes to this property will trigger replacement. string
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
Metadata string
A JSON mapping of any Metadata for this Policy.
Name Changes to this property will trigger replacement. string
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
NonComplianceMessages List<GroupPolicyAssignmentNonComplianceMessage>
One or more non_compliance_message blocks as defined below.
NotScopes List<string>
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
Overrides List<GroupPolicyAssignmentOverride>
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
Parameters string
A JSON mapping of any Parameters for this Policy.
PolicyDefinitionId Changes to this property will trigger replacement. string
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
ResourceSelectors List<GroupPolicyAssignmentResourceSelector>
One or more resource_selectors blocks as defined below to filter polices by resource properties.
Description string
A description which should be used for this Policy Assignment.
DisplayName string
The Display Name for this Policy Assignment.
Enforce bool
Specifies if this Policy should be enforced or not? Defaults to true.
Identity GroupPolicyAssignmentIdentityArgs

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

Location Changes to this property will trigger replacement. string
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
ManagementGroupId Changes to this property will trigger replacement. string
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
Metadata string
A JSON mapping of any Metadata for this Policy.
Name Changes to this property will trigger replacement. string
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
NonComplianceMessages []GroupPolicyAssignmentNonComplianceMessageArgs
One or more non_compliance_message blocks as defined below.
NotScopes []string
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
Overrides []GroupPolicyAssignmentOverrideArgs
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
Parameters string
A JSON mapping of any Parameters for this Policy.
PolicyDefinitionId Changes to this property will trigger replacement. string
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
ResourceSelectors []GroupPolicyAssignmentResourceSelectorArgs
One or more resource_selectors blocks as defined below to filter polices by resource properties.
description String
A description which should be used for this Policy Assignment.
displayName String
The Display Name for this Policy Assignment.
enforce Boolean
Specifies if this Policy should be enforced or not? Defaults to true.
identity GroupPolicyAssignmentIdentity

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

location Changes to this property will trigger replacement. String
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
managementGroupId Changes to this property will trigger replacement. String
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
metadata String
A JSON mapping of any Metadata for this Policy.
name Changes to this property will trigger replacement. String
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
nonComplianceMessages List<GroupPolicyAssignmentNonComplianceMessage>
One or more non_compliance_message blocks as defined below.
notScopes List<String>
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
overrides List<GroupPolicyAssignmentOverride>
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
parameters String
A JSON mapping of any Parameters for this Policy.
policyDefinitionId Changes to this property will trigger replacement. String
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
resourceSelectors List<GroupPolicyAssignmentResourceSelector>
One or more resource_selectors blocks as defined below to filter polices by resource properties.
description string
A description which should be used for this Policy Assignment.
displayName string
The Display Name for this Policy Assignment.
enforce boolean
Specifies if this Policy should be enforced or not? Defaults to true.
identity GroupPolicyAssignmentIdentity

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

location Changes to this property will trigger replacement. string
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
managementGroupId Changes to this property will trigger replacement. string
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
metadata string
A JSON mapping of any Metadata for this Policy.
name Changes to this property will trigger replacement. string
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
nonComplianceMessages GroupPolicyAssignmentNonComplianceMessage[]
One or more non_compliance_message blocks as defined below.
notScopes string[]
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
overrides GroupPolicyAssignmentOverride[]
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
parameters string
A JSON mapping of any Parameters for this Policy.
policyDefinitionId Changes to this property will trigger replacement. string
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
resourceSelectors GroupPolicyAssignmentResourceSelector[]
One or more resource_selectors blocks as defined below to filter polices by resource properties.
description str
A description which should be used for this Policy Assignment.
display_name str
The Display Name for this Policy Assignment.
enforce bool
Specifies if this Policy should be enforced or not? Defaults to true.
identity GroupPolicyAssignmentIdentityArgs

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

location Changes to this property will trigger replacement. str
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
management_group_id Changes to this property will trigger replacement. str
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
metadata str
A JSON mapping of any Metadata for this Policy.
name Changes to this property will trigger replacement. str
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
non_compliance_messages Sequence[GroupPolicyAssignmentNonComplianceMessageArgs]
One or more non_compliance_message blocks as defined below.
not_scopes Sequence[str]
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
overrides Sequence[GroupPolicyAssignmentOverrideArgs]
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
parameters str
A JSON mapping of any Parameters for this Policy.
policy_definition_id Changes to this property will trigger replacement. str
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
resource_selectors Sequence[GroupPolicyAssignmentResourceSelectorArgs]
One or more resource_selectors blocks as defined below to filter polices by resource properties.
description String
A description which should be used for this Policy Assignment.
displayName String
The Display Name for this Policy Assignment.
enforce Boolean
Specifies if this Policy should be enforced or not? Defaults to true.
identity Property Map

An identity block as defined below.

Note: The location field must also be specified when identity is specified.

location Changes to this property will trigger replacement. String
The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.
managementGroupId Changes to this property will trigger replacement. String
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
metadata String
A JSON mapping of any Metadata for this Policy.
name Changes to this property will trigger replacement. String
The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.
nonComplianceMessages List<Property Map>
One or more non_compliance_message blocks as defined below.
notScopes List<String>
Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.
overrides List<Property Map>
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
parameters String
A JSON mapping of any Parameters for this Policy.
policyDefinitionId Changes to this property will trigger replacement. String
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
resourceSelectors List<Property Map>
One or more resource_selectors blocks as defined below to filter polices by resource properties.

Supporting Types

GroupPolicyAssignmentIdentity
, GroupPolicyAssignmentIdentityArgs

Type This property is required. string
The Type of Managed Identity which should be added to this Policy Definition. Possible values are SystemAssigned and UserAssigned.
IdentityIds List<string>

A list of User Managed Identity IDs which should be assigned to the Policy Definition.

NOTE: This is required when type is set to UserAssigned.

PrincipalId string
The Principal ID of the Policy Assignment for this Management Group.
TenantId string
The Tenant ID of the Policy Assignment for this Management Group.
Type This property is required. string
The Type of Managed Identity which should be added to this Policy Definition. Possible values are SystemAssigned and UserAssigned.
IdentityIds []string

A list of User Managed Identity IDs which should be assigned to the Policy Definition.

NOTE: This is required when type is set to UserAssigned.

PrincipalId string
The Principal ID of the Policy Assignment for this Management Group.
TenantId string
The Tenant ID of the Policy Assignment for this Management Group.
type This property is required. String
The Type of Managed Identity which should be added to this Policy Definition. Possible values are SystemAssigned and UserAssigned.
identityIds List<String>

A list of User Managed Identity IDs which should be assigned to the Policy Definition.

NOTE: This is required when type is set to UserAssigned.

principalId String
The Principal ID of the Policy Assignment for this Management Group.
tenantId String
The Tenant ID of the Policy Assignment for this Management Group.
type This property is required. string
The Type of Managed Identity which should be added to this Policy Definition. Possible values are SystemAssigned and UserAssigned.
identityIds string[]

A list of User Managed Identity IDs which should be assigned to the Policy Definition.

NOTE: This is required when type is set to UserAssigned.

principalId string
The Principal ID of the Policy Assignment for this Management Group.
tenantId string
The Tenant ID of the Policy Assignment for this Management Group.
type This property is required. str
The Type of Managed Identity which should be added to this Policy Definition. Possible values are SystemAssigned and UserAssigned.
identity_ids Sequence[str]

A list of User Managed Identity IDs which should be assigned to the Policy Definition.

NOTE: This is required when type is set to UserAssigned.

principal_id str
The Principal ID of the Policy Assignment for this Management Group.
tenant_id str
The Tenant ID of the Policy Assignment for this Management Group.
type This property is required. String
The Type of Managed Identity which should be added to this Policy Definition. Possible values are SystemAssigned and UserAssigned.
identityIds List<String>

A list of User Managed Identity IDs which should be assigned to the Policy Definition.

NOTE: This is required when type is set to UserAssigned.

principalId String
The Principal ID of the Policy Assignment for this Management Group.
tenantId String
The Tenant ID of the Policy Assignment for this Management Group.

GroupPolicyAssignmentNonComplianceMessage
, GroupPolicyAssignmentNonComplianceMessageArgs

Content This property is required. string
The non-compliance message text. When assigning policy sets (initiatives), unless policy_definition_reference_id is specified then this message will be the default for all policies.
PolicyDefinitionReferenceId string
When assigning policy sets (initiatives), this is the ID of the policy definition that the non-compliance message applies to.
Content This property is required. string
The non-compliance message text. When assigning policy sets (initiatives), unless policy_definition_reference_id is specified then this message will be the default for all policies.
PolicyDefinitionReferenceId string
When assigning policy sets (initiatives), this is the ID of the policy definition that the non-compliance message applies to.
content This property is required. String
The non-compliance message text. When assigning policy sets (initiatives), unless policy_definition_reference_id is specified then this message will be the default for all policies.
policyDefinitionReferenceId String
When assigning policy sets (initiatives), this is the ID of the policy definition that the non-compliance message applies to.
content This property is required. string
The non-compliance message text. When assigning policy sets (initiatives), unless policy_definition_reference_id is specified then this message will be the default for all policies.
policyDefinitionReferenceId string
When assigning policy sets (initiatives), this is the ID of the policy definition that the non-compliance message applies to.
content This property is required. str
The non-compliance message text. When assigning policy sets (initiatives), unless policy_definition_reference_id is specified then this message will be the default for all policies.
policy_definition_reference_id str
When assigning policy sets (initiatives), this is the ID of the policy definition that the non-compliance message applies to.
content This property is required. String
The non-compliance message text. When assigning policy sets (initiatives), unless policy_definition_reference_id is specified then this message will be the default for all policies.
policyDefinitionReferenceId String
When assigning policy sets (initiatives), this is the ID of the policy definition that the non-compliance message applies to.

GroupPolicyAssignmentOverride
, GroupPolicyAssignmentOverrideArgs

Value This property is required. string
Specifies the value to override the policy property. Possible values for policyEffect override listed policy effects.
Selectors List<GroupPolicyAssignmentOverrideSelector>
One or more override_selector block as defined below.
Value This property is required. string
Specifies the value to override the policy property. Possible values for policyEffect override listed policy effects.
Selectors []GroupPolicyAssignmentOverrideSelector
One or more override_selector block as defined below.
value This property is required. String
Specifies the value to override the policy property. Possible values for policyEffect override listed policy effects.
selectors List<GroupPolicyAssignmentOverrideSelector>
One or more override_selector block as defined below.
value This property is required. string
Specifies the value to override the policy property. Possible values for policyEffect override listed policy effects.
selectors GroupPolicyAssignmentOverrideSelector[]
One or more override_selector block as defined below.
value This property is required. str
Specifies the value to override the policy property. Possible values for policyEffect override listed policy effects.
selectors Sequence[GroupPolicyAssignmentOverrideSelector]
One or more override_selector block as defined below.
value This property is required. String
Specifies the value to override the policy property. Possible values for policyEffect override listed policy effects.
selectors List<Property Map>
One or more override_selector block as defined below.

GroupPolicyAssignmentOverrideSelector
, GroupPolicyAssignmentOverrideSelectorArgs

Ins List<string>
Kind string
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
NotIns List<string>
Ins []string
Kind string
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
NotIns []string
ins List<String>
kind String
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
notIns List<String>
ins string[]
kind string
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
notIns string[]
ins Sequence[str]
kind str
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
not_ins Sequence[str]
ins List<String>
kind String
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
notIns List<String>

GroupPolicyAssignmentResourceSelector
, GroupPolicyAssignmentResourceSelectorArgs

Selectors This property is required. List<GroupPolicyAssignmentResourceSelectorSelector>
One or more resource_selector block as defined below.
Name string
Specifies a name for the resource selector.
Selectors This property is required. []GroupPolicyAssignmentResourceSelectorSelector
One or more resource_selector block as defined below.
Name string
Specifies a name for the resource selector.
selectors This property is required. List<GroupPolicyAssignmentResourceSelectorSelector>
One or more resource_selector block as defined below.
name String
Specifies a name for the resource selector.
selectors This property is required. GroupPolicyAssignmentResourceSelectorSelector[]
One or more resource_selector block as defined below.
name string
Specifies a name for the resource selector.
selectors This property is required. Sequence[GroupPolicyAssignmentResourceSelectorSelector]
One or more resource_selector block as defined below.
name str
Specifies a name for the resource selector.
selectors This property is required. List<Property Map>
One or more resource_selector block as defined below.
name String
Specifies a name for the resource selector.

GroupPolicyAssignmentResourceSelectorSelector
, GroupPolicyAssignmentResourceSelectorSelectorArgs

Kind This property is required. string
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
Ins List<string>
NotIns List<string>
Kind This property is required. string
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
Ins []string
NotIns []string
kind This property is required. String
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
ins List<String>
notIns List<String>
kind This property is required. string
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
ins string[]
notIns string[]
kind This property is required. str
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
ins Sequence[str]
not_ins Sequence[str]
kind This property is required. String
Specifies which characteristic will narrow down the set of evaluated resources. Possible values are resourceLocation, resourceType and resourceWithoutLocation.
ins List<String>
notIns List<String>

Import

Management Group Policy Assignments can be imported using the resource id, e.g.

$ pulumi import azure:management/groupPolicyAssignment:GroupPolicyAssignment example /providers/Microsoft.Management/managementGroups/group1/providers/Microsoft.Authorization/policyAssignments/assignment1
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Azure Classic pulumi/pulumi-azure
License
Apache-2.0
Notes
This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi
pulumi/pulumi-azure