Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
- Latest
- 2025-05-01
- 2025-03-01
- 2025-01-01
- 2024-10-01
- 2024-07-01
- 2024-05-01
- 2024-03-01
- 2024-01-01
- 2024-01-01-preview
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-04-01-preview
- 2022-02-01-preview
- 2022-01-01
- 2021-05-01-preview
- 2021-02-01-preview
Bicep resource definition
The networkManagers/securityAdminConfigurations/ruleCollections/rules resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2022-11-01' = {
name: 'string'
kind: 'string'
// For remaining properties, see Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects
}
Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects
Set the kind property to specify the type of object.
For Custom, use:
{
kind: 'Custom'
properties: {
access: 'string'
description: 'string'
destinationPortRanges: [
'string'
]
destinations: [
{
addressPrefix: 'string'
addressPrefixType: 'string'
}
]
direction: 'string'
priority: int
protocol: 'string'
sourcePortRanges: [
'string'
]
sources: [
{
addressPrefix: 'string'
addressPrefixType: 'string'
}
]
}
}
For Default, use:
{
kind: 'Default'
properties: {
flag: 'string'
}
}
Property Values
Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules
| Name | Description | Value |
|---|---|---|
| kind | Set to 'Custom' for type AdminRule. Set to 'Default' for type DefaultAdminRule. | 'Custom' 'Default' (required) |
| name | The resource name | string (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: networkManagers/securityAdminConfigurations/ruleCollections |
AddressPrefixItem
| Name | Description | Value |
|---|---|---|
| addressPrefix | Address prefix. | string |
| addressPrefixType | Address prefix type. | 'IPPrefix' 'ServiceTag' |
AdminPropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | Indicates the access allowed for this particular rule | 'Allow' 'AlwaysAllow' 'Deny' (required) |
| description | A description for this rule. Restricted to 140 chars. | string |
| destinationPortRanges | The destination port ranges. | string[] |
| destinations | The destination address prefixes. CIDR or destination IP ranges. | AddressPrefixItem[] |
| direction | Indicates if the traffic matched against the rule in inbound or outbound. | 'Inbound' 'Outbound' (required) |
| priority | The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int Constraints: Min value = 1 Max value = 4096 (required) |
| protocol | Network protocol this rule applies to. | 'Ah' 'Any' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
| sourcePortRanges | The source port ranges. | string[] |
| sources | The CIDR or source IP ranges. | AddressPrefixItem[] |
AdminRule
| Name | Description | Value |
|---|---|---|
| kind | Whether the rule is custom or default. | 'Custom' (required) |
| properties | Indicates the properties of the security admin rule | AdminPropertiesFormat |
DefaultAdminPropertiesFormat
| Name | Description | Value |
|---|---|---|
| flag | Default rule flag. | string |
DefaultAdminRule
| Name | Description | Value |
|---|---|---|
| kind | Whether the rule is custom or default. | 'Default' (required) |
| properties | Indicates the properties of the security admin rule | DefaultAdminPropertiesFormat |
Usage Examples
Bicep Samples
A basic example of deploying Network Manager Admin Rule.
param resourceName string = 'acctest0001'
param location string = 'westeurope'
resource networkManager 'Microsoft.Network/networkManagers@2022-09-01' = {
name: resourceName
location: location
properties: {
description: ''
networkManagerScopeAccesses: [
'SecurityAdmin'
]
networkManagerScopes: {
managementGroups: []
subscriptions: [
subscription().id
]
}
}
}
resource networkGroup 'Microsoft.Network/networkManagers/networkGroups@2022-09-01' = {
parent: networkManager
name: resourceName
properties: {}
}
resource securityAdminConfiguration 'Microsoft.Network/networkManagers/securityAdminConfigurations@2022-09-01' = {
parent: networkManager
name: resourceName
properties: {
applyOnNetworkIntentPolicyBasedServices: []
}
}
resource ruleCollection 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections@2022-09-01' = {
parent: securityAdminConfiguration
name: resourceName
properties: {
appliesToGroups: [
{
networkGroupId: networkGroup.id
}
]
}
}
resource rule 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2022-09-01' = {
parent: ruleCollection
name: resourceName
kind: 'Custom'
properties: {
access: 'Deny'
destinationPortRanges: []
destinations: []
direction: 'Outbound'
priority: 1
protocol: 'Tcp'
sourcePortRanges: []
sources: []
}
}
ARM template resource definition
The networkManagers/securityAdminConfigurations/ruleCollections/rules resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules resource, add the following JSON to your template.
{
"name": "string",
"kind": "string"
// For remaining properties, see Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects
}
Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects
Set the kind property to specify the type of object.
For Custom, use:
{
"kind": "Custom",
"properties": {
"access": "string",
"description": "string",
"destinationPortRanges": [ "string" ],
"destinations": [
{
"addressPrefix": "string",
"addressPrefixType": "string"
}
],
"direction": "string",
"priority": "int",
"protocol": "string",
"sourcePortRanges": [ "string" ],
"sources": [
{
"addressPrefix": "string",
"addressPrefixType": "string"
}
]
}
}
For Default, use:
{
"kind": "Default",
"properties": {
"flag": "string"
}
}
Property Values
Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2022-11-01' |
| kind | Set to 'Custom' for type AdminRule. Set to 'Default' for type DefaultAdminRule. | 'Custom' 'Default' (required) |
| name | The resource name | string (required) |
| type | The resource type | 'Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules' |
AddressPrefixItem
| Name | Description | Value |
|---|---|---|
| addressPrefix | Address prefix. | string |
| addressPrefixType | Address prefix type. | 'IPPrefix' 'ServiceTag' |
AdminPropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | Indicates the access allowed for this particular rule | 'Allow' 'AlwaysAllow' 'Deny' (required) |
| description | A description for this rule. Restricted to 140 chars. | string |
| destinationPortRanges | The destination port ranges. | string[] |
| destinations | The destination address prefixes. CIDR or destination IP ranges. | AddressPrefixItem[] |
| direction | Indicates if the traffic matched against the rule in inbound or outbound. | 'Inbound' 'Outbound' (required) |
| priority | The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int Constraints: Min value = 1 Max value = 4096 (required) |
| protocol | Network protocol this rule applies to. | 'Ah' 'Any' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
| sourcePortRanges | The source port ranges. | string[] |
| sources | The CIDR or source IP ranges. | AddressPrefixItem[] |
AdminRule
| Name | Description | Value |
|---|---|---|
| kind | Whether the rule is custom or default. | 'Custom' (required) |
| properties | Indicates the properties of the security admin rule | AdminPropertiesFormat |
DefaultAdminPropertiesFormat
| Name | Description | Value |
|---|---|---|
| flag | Default rule flag. | string |
DefaultAdminRule
| Name | Description | Value |
|---|---|---|
| kind | Whether the rule is custom or default. | 'Default' (required) |
| properties | Indicates the properties of the security admin rule | DefaultAdminPropertiesFormat |
Usage Examples
Terraform (AzAPI provider) resource definition
The networkManagers/securityAdminConfigurations/ruleCollections/rules resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
name = "string"
kind = "string"
// For remaining properties, see Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects
}
Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules objects
Set the kind property to specify the type of object.
For Custom, use:
{
kind = "Custom"
properties = {
access = "string"
description = "string"
destinationPortRanges = [
"string"
]
destinations = [
{
addressPrefix = "string"
addressPrefixType = "string"
}
]
direction = "string"
priority = int
protocol = "string"
sourcePortRanges = [
"string"
]
sources = [
{
addressPrefix = "string"
addressPrefixType = "string"
}
]
}
}
For Default, use:
{
kind = "Default"
properties = {
flag = "string"
}
}
Property Values
Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules
| Name | Description | Value |
|---|---|---|
| kind | Set to 'Custom' for type AdminRule. Set to 'Default' for type DefaultAdminRule. | 'Custom' 'Default' (required) |
| name | The resource name | string (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: networkManagers/securityAdminConfigurations/ruleCollections |
| type | The resource type | "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2022-11-01" |
AddressPrefixItem
| Name | Description | Value |
|---|---|---|
| addressPrefix | Address prefix. | string |
| addressPrefixType | Address prefix type. | 'IPPrefix' 'ServiceTag' |
AdminPropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | Indicates the access allowed for this particular rule | 'Allow' 'AlwaysAllow' 'Deny' (required) |
| description | A description for this rule. Restricted to 140 chars. | string |
| destinationPortRanges | The destination port ranges. | string[] |
| destinations | The destination address prefixes. CIDR or destination IP ranges. | AddressPrefixItem[] |
| direction | Indicates if the traffic matched against the rule in inbound or outbound. | 'Inbound' 'Outbound' (required) |
| priority | The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int Constraints: Min value = 1 Max value = 4096 (required) |
| protocol | Network protocol this rule applies to. | 'Ah' 'Any' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
| sourcePortRanges | The source port ranges. | string[] |
| sources | The CIDR or source IP ranges. | AddressPrefixItem[] |
AdminRule
| Name | Description | Value |
|---|---|---|
| kind | Whether the rule is custom or default. | 'Custom' (required) |
| properties | Indicates the properties of the security admin rule | AdminPropertiesFormat |
DefaultAdminPropertiesFormat
| Name | Description | Value |
|---|---|---|
| flag | Default rule flag. | string |
DefaultAdminRule
| Name | Description | Value |
|---|---|---|
| kind | Whether the rule is custom or default. | 'Default' (required) |
| properties | Indicates the properties of the security admin rule | DefaultAdminPropertiesFormat |
Usage Examples
Terraform Samples
A basic example of deploying Network Manager Admin Rule.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
azurerm = {
source = "hashicorp/azurerm"
}
}
}
provider "azurerm" {
features {
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westeurope"
}
data "azurerm_client_config" "current" {
}
data "azapi_resource" "subscription" {
type = "Microsoft.Resources/subscriptions@2021-01-01"
resource_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
response_export_values = ["*"]
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "networkManager" {
type = "Microsoft.Network/networkManagers@2022-09-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
description = ""
networkManagerScopeAccesses = [
"SecurityAdmin",
]
networkManagerScopes = {
managementGroups = [
]
subscriptions = [
data.azapi_resource.subscription.id,
]
}
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "securityAdminConfiguration" {
type = "Microsoft.Network/networkManagers/securityAdminConfigurations@2022-09-01"
parent_id = azapi_resource.networkManager.id
name = var.resource_name
body = {
properties = {
applyOnNetworkIntentPolicyBasedServices = []
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "networkGroup" {
type = "Microsoft.Network/networkManagers/networkGroups@2022-09-01"
parent_id = azapi_resource.networkManager.id
name = var.resource_name
body = {
properties = {
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "ruleCollection" {
type = "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections@2022-09-01"
parent_id = azapi_resource.securityAdminConfiguration.id
name = var.resource_name
body = {
properties = {
appliesToGroups = [
{
networkGroupId = azapi_resource.networkGroup.id
},
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "rule" {
type = "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules@2022-09-01"
parent_id = azapi_resource.ruleCollection.id
name = var.resource_name
body = {
kind = "Custom"
properties = {
access = "Deny"
destinationPortRanges = []
destinations = []
direction = "Outbound"
priority = 1
protocol = "Tcp"
sourcePortRanges = []
sources = []
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}