Remediations - Create Or Update At Management Group

Reference

Service:: Policy

API Version:: 2021-10-01

Creates or updates a remediation at management group scope.

PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.PolicyInsights/remediations/{remediationName}?api-version=2021-10-01

URI Parameters

Name	In	Required	Type	Description
managementGroupId	path	True	string	Management group ID.
managementGroupsNamespace	path	True	ManagementGroupsNamespaceType	The namespace for Microsoft Management RP; only "Microsoft.Management" is allowed.
remediationName	path	True	string	The name of the remediation.
api-version	query	True	string	Client Api Version.

Request Body

Name	Type	Description
properties.failureThreshold	FailureThreshold	The remediation failure threshold settings
properties.filters	RemediationFilters	The filters that will be applied to determine which resources to remediate.
properties.parallelDeployments	integer	Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. If not provided, the default parallel deployments value is used.
properties.policyAssignmentId	string	The resource ID of the policy assignment that should be remediated.
properties.policyDefinitionReferenceId	string	The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
properties.resourceCount	integer	Determines the max number of resources that can be remediated by the remediation job. If not provided, the default resource count is used.
properties.resourceDiscoveryMode	ResourceDiscoveryMode	The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.

Responses

Name	Type	Description
200 OK	Remediation	The updated remediation.
201 Created	Remediation	The created remediation.
Other Status Codes	ErrorResponse	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Create remediation at management group scope

Sample request

PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/financeMg/providers/Microsoft.PolicyInsights/remediations/storageRemediation?api-version=2021-10-01

{
  "properties": {
    "policyAssignmentId": "/providers/microsoft.management/managementGroups/financeMg/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5"
  }
}

import com.azure.core.util.Context;
import com.azure.resourcemanager.policyinsights.fluent.models.RemediationInner;

/** Samples for Remediations CreateOrUpdateAtManagementGroup. */
public final class Main {
    /*
     * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2021-10-01/examples/Remediations_CreateManagementGroupScope.json
     */
    /**
     * Sample code: Create remediation at management group scope.
     *
     * @param manager Entry point to PolicyInsightsManager.
     */
    public static void createRemediationAtManagementGroupScope(
        com.azure.resourcemanager.policyinsights.PolicyInsightsManager manager) {
        manager
            .remediations()
            .createOrUpdateAtManagementGroupWithResponse(
                "financeMg",
                "storageRemediation",
                new RemediationInner()
                    .withPolicyAssignmentId(
                        "/providers/microsoft.management/managementGroups/financeMg/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5"),
                Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.policyinsights import PolicyInsightsClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-policyinsights
# USAGE
    python remediations_create_management_group_scope.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = PolicyInsightsClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.remediations.create_or_update_at_management_group(
        management_group_id="financeMg",
        remediation_name="storageRemediation",
        parameters={
            "properties": {
                "policyAssignmentId": "/providers/microsoft.management/managementGroups/financeMg/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5"
            }
        },
    )
    print(response)


# x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2021-10-01/examples/Remediations_CreateManagementGroupScope.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicyinsights_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/policyinsights/armpolicyinsights"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/05a9cdab363b8ec824094ee73950c04594325172/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2021-10-01/examples/Remediations_CreateManagementGroupScope.json
func ExampleRemediationsClient_CreateOrUpdateAtManagementGroup() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicyinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewRemediationsClient().CreateOrUpdateAtManagementGroup(ctx, "financeMg", "storageRemediation", armpolicyinsights.Remediation{
		Properties: &armpolicyinsights.RemediationProperties{
			PolicyAssignmentID: to.Ptr("/providers/microsoft.management/managementGroups/financeMg/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Remediation = armpolicyinsights.Remediation{
	// 	Name: to.Ptr("storageRemediation"),
	// 	Type: to.Ptr("Microsoft.PolicyInsights/remediations"),
	// 	ID: to.Ptr("/providers/microsoft.management/managementGroups/financeMg/providers/microsoft.policyinsights/remediations/storageRemediation"),
	// 	Properties: &armpolicyinsights.RemediationProperties{
	// 		CorrelationID: to.Ptr("a14e1d60-dae9-4771-b4be-a556d69e77a6"),
	// 		CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-09-12T20:58:58.753Z"); return t}()),
	// 		DeploymentStatus: &armpolicyinsights.RemediationDeploymentSummary{
	// 			FailedDeployments: to.Ptr[int32](0),
	// 			SuccessfulDeployments: to.Ptr[int32](0),
	// 			TotalDeployments: to.Ptr[int32](2),
	// 		},
	// 		LastUpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-09-12T20:58:58.753Z"); return t}()),
	// 		PolicyAssignmentID: to.Ptr("/providers/microsoft.management/managementGroups/financeMg/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5"),
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		ResourceDiscoveryMode: to.Ptr(armpolicyinsights.ResourceDiscoveryModeExistingNonCompliant),
	// 		StatusMessage: to.Ptr("Remediation extended status"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyInsightsClient } = require("@azure/arm-policyinsights");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a remediation at management group scope.
 *
 * @summary Creates or updates a remediation at management group scope.
 * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2021-10-01/examples/Remediations_CreateManagementGroupScope.json
 */
async function createRemediationAtManagementGroupScope() {
  const subscriptionId =
    process.env["POLICYINSIGHTS_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const managementGroupId = "financeMg";
  const remediationName = "storageRemediation";
  const parameters = {
    policyAssignmentId:
      "/providers/microsoft.management/managementGroups/financeMg/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
  };
  const credential = new DefaultAzureCredential();
  const client = new PolicyInsightsClient(credential, subscriptionId);
  const result = await client.remediations.createOrUpdateAtManagementGroup(
    managementGroupId,
    remediationName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "properties": {
    "policyAssignmentId": "/providers/microsoft.management/managementGroups/financeMg/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
    "provisioningState": "Accepted",
    "createdOn": "2018-09-12T20:58:58.7531298Z",
    "lastUpdatedOn": "2018-09-12T20:58:58.7531298Z",
    "resourceDiscoveryMode": "ExistingNonCompliant",
    "deploymentStatus": {
      "totalDeployments": 2,
      "successfulDeployments": 0,
      "failedDeployments": 0
    },
    "statusMessage": "Remediation extended status",
    "correlationId": "a14e1d60-dae9-4771-b4be-a556d69e77a6"
  },
  "id": "/providers/microsoft.management/managementGroups/financeMg/providers/microsoft.policyinsights/remediations/storageRemediation",
  "name": "storageRemediation",
  "type": "Microsoft.PolicyInsights/remediations"
}

Status code:: 201

{
  "properties": {
    "policyAssignmentId": "/providers/microsoft.management/managementGroups/financeMg/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
    "provisioningState": "Accepted",
    "createdOn": "2018-09-12T20:58:58.7531298Z",
    "lastUpdatedOn": "2018-09-12T20:58:58.7531298Z",
    "resourceDiscoveryMode": "ExistingNonCompliant",
    "deploymentStatus": {
      "totalDeployments": 2,
      "successfulDeployments": 0,
      "failedDeployments": 0
    },
    "statusMessage": "Remediation extended status",
    "correlationId": "a14e1d60-dae9-4771-b4be-a556d69e77a6"
  },
  "id": "/providers/microsoft.management/managementGroups/financeMg/providers/microsoft.policyinsights/remediations/storageRemediation",
  "name": "storageRemediation",
  "type": "Microsoft.PolicyInsights/remediations",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
    "createdByType": "User",
    "createdAt": "2018-09-13T21:51:09.075918Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2018-09-13T21:52:10.0011706Z"
  }
}

Definitions

Name	Description
createdByType	The type of identity that created the resource.
ErrorDefinition	Error definition.
ErrorResponse	Error response.
FailureThreshold	The remediation failure threshold settings
ManagementGroupsNamespaceType	The namespace for Microsoft Management RP; only "Microsoft.Management" is allowed.
Remediation	The remediation definition.
RemediationDeploymentSummary	The deployment status summary for all deployments created by the remediation.
RemediationFilters	The filters that will be applied to determine which resources to remediate.
ResourceDiscoveryMode	The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.
systemData	Metadata pertaining to creation and last modification of the resource.
TypedErrorInfo	Scenario specific error details.

createdByType

The type of identity that created the resource.

Name	Type	Description
Application	string
Key	string
ManagedIdentity	string
User	string

ErrorDefinition

Error definition.

Name	Type	Description
additionalInfo	TypedErrorInfo[]	Additional scenario specific error details.
code	string	Service specific error code which serves as the substatus for the HTTP error code.
details	ErrorDefinition[]	Internal error details.
message	string	Description of the error.
target	string	The target of the error.

ErrorResponse

Error response.

Name	Type	Description
error	ErrorDefinition	The error details.

FailureThreshold

The remediation failure threshold settings

Name	Type	Description
percentage	number	A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold.

ManagementGroupsNamespaceType

The namespace for Microsoft Management RP; only "Microsoft.Management" is allowed.

Name	Type	Description
Microsoft.Management	string

Remediation

The remediation definition.

Name	Type	Description
id	string	The ID of the remediation.
name	string	The name of the remediation.
properties.correlationId	string	The remediation correlation Id. Can be used to find events related to the remediation in the activity log.
properties.createdOn	string	The time at which the remediation was created.
properties.deploymentStatus	RemediationDeploymentSummary	The deployment status summary for all deployments created by the remediation.
properties.failureThreshold	FailureThreshold	The remediation failure threshold settings
properties.filters	RemediationFilters	The filters that will be applied to determine which resources to remediate.
properties.lastUpdatedOn	string	The time at which the remediation was last updated.
properties.parallelDeployments	integer	Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. If not provided, the default parallel deployments value is used.
properties.policyAssignmentId	string	The resource ID of the policy assignment that should be remediated.
properties.policyDefinitionReferenceId	string	The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
properties.provisioningState	string	The status of the remediation. This refers to the entire remediation task, not individual deployments. Allowed values are Evaluating, Canceled, Cancelling, Failed, Complete, or Succeeded.
properties.resourceCount	integer	Determines the max number of resources that can be remediated by the remediation job. If not provided, the default resource count is used.
properties.resourceDiscoveryMode	ResourceDiscoveryMode	The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.
properties.statusMessage	string	The remediation status message. Provides additional details regarding the state of the remediation.
systemData	systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.
type	string	The type of the remediation.

RemediationDeploymentSummary

The deployment status summary for all deployments created by the remediation.

Name	Type	Description
failedDeployments	integer	The number of deployments required by the remediation that have failed.
successfulDeployments	integer	The number of deployments required by the remediation that have succeeded.
totalDeployments	integer	The number of deployments required by the remediation.

RemediationFilters

The filters that will be applied to determine which resources to remediate.

Name	Type	Description
locations	string[]	The resource locations that will be remediated.

ResourceDiscoveryMode

The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.

Name	Type	Description
ExistingNonCompliant	string	Remediate resources that are already known to be non-compliant.
ReEvaluateCompliance	string	Re-evaluate the compliance state of resources and then remediate the resources found to be non-compliant.

systemData

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.

TypedErrorInfo

Scenario specific error details.

Name	Type	Description
info		The scenario specific error details.
type	string	The type of included error details.

Share via

Remediations - Create Or Update At Management Group

URI Parameters

Request Body

Responses

Security

azure_auth

Scopes

Examples

Create remediation at management group scope

Sample request

Sample response

Definitions

createdByType

ErrorDefinition

ErrorResponse

FailureThreshold

ManagementGroupsNamespaceType

Remediation

RemediationDeploymentSummary

RemediationFilters

ResourceDiscoveryMode

systemData

TypedErrorInfo

Additional resources