Share via

Standard Assignments - Create

Service:
Defender for Cloud
API Version:
2024-08-01

This operation creates or updates a standard assignment with the given scope and name. standard assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.

PUT https://management.azure.com/{resourceId}/providers/Microsoft.Security/standardAssignments/{standardAssignmentName}?api-version=2024-08-01

URI Parameters

Name In Required Type Description
resourceId
 path True

string

The identifier of the resource.
standardAssignmentName
 path True

string

pattern: [{]?[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$

The standard assignments assignment key - unique key for the standard assignment
api-version
 query True

string

minLength: 1

The API version to use for this operation.

Request Body

Name Type Description
properties.assignedStandard

AssignedStandardItem

Standard item with key as applied to this standard assignment over the given scope
properties.attestationData

AttestationData

Additional data about assignment that has Attest effect
properties.description

string

Description of the standardAssignment
properties.displayName

string

Display name of the standardAssignment
properties.effect

effect

Expected effect of this assignment (Audit/Exempt/Attest)
properties.excludedScopes

string[]

Excluded scopes, filter out the descendants of the scope (on management scopes)
properties.exemptionData

ExemptionData

Additional data about assignment that has Exempt effect
properties.expiresOn

string (date-time)

Expiration date of this assignment as a full ISO date
properties.metadata

StandardAssignmentMetadata

The standard assignment metadata.

Responses

Name Type Description
200 OK

StandardAssignment

OK - Standard assignment was successfully updated
201 Created

StandardAssignment

Created - Returns information about the new standard assignment.
Other Status Codes

ErrorResponse

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Put an audit standard assignment
Put exemption standard assignment

Put an audit standard assignment

Sample request

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a8?api-version=2024-08-01

{
  "properties": {
    "displayName": "ASC Default",
    "description": "Set of policies monitored by Azure Security Center for cross cloud",
    "assignedStandard": {
      "id": "/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8"
    },
    "effect": "Audit",
    "excludedScopes": []
  }
}

Sample response

Status code:
200 
{
  "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
  "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
  "type": "Microsoft.Security/standardAssignments",
  "properties": {
    "displayName": "ASC Default",
    "description": "Set of policies monitored by Azure Security Center for cross cloud",
    "assignedStandard": {
      "id": "/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8"
    },
    "effect": "Audit",
    "excludedScopes": [],
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}
Status code:
201 
{
  "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
  "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
  "type": "Microsoft.Security/standardAssignments",
  "properties": {
    "displayName": "ASC Default",
    "description": "Set of policies monitored by Azure Security Center for cross cloud",
    "assignedStandard": {
      "id": "/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8"
    },
    "effect": "Audit",
    "excludedScopes": [],
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}

Put exemption standard assignment

Sample request

PUT https://management.azure.com/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ANAT_TEST_RG/providers/Microsoft.Compute/virtualMachines/anatTestE2LA/providers/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a8?api-version=2024-08-01

{
  "properties": {
    "displayName": "Test exemption",
    "description": "Exemption description",
    "assignedStandard": {
      "id": "/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8"
    },
    "effect": "Exempt",
    "expiresOn": "2022-05-01T19:50:47.083633Z",
    "exemptionData": {
      "exemptionCategory": "waiver",
      "assignedAssessment": {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      }
    }
  }
}

Sample response

Status code:
200 
{
  "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ANAT_TEST_RG/providers/Microsoft.Compute/virtualMachines/anatTestE2LA/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
  "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
  "type": "Microsoft.Security/standardAssignments",
  "properties": {
    "displayName": "Test exemption",
    "description": "Exemption description",
    "assignedStandard": {
      "id": "/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8"
    },
    "effect": "Exempt",
    "expiresOn": "2022-05-01T19:50:47.083633Z",
    "exemptionData": {
      "exemptionCategory": "waiver",
      "assignedAssessment": {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      }
    },
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}
Status code:
201 
{
  "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ANAT_TEST_RG/providers/Microsoft.Compute/virtualMachines/anatTestE2LA/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
  "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
  "type": "Microsoft.Security/standardAssignments",
  "properties": {
    "displayName": "Test exemption",
    "description": "Exemption description",
    "assignedStandard": {
      "id": "/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8"
    },
    "effect": "Exempt",
    "expiresOn": "2022-05-01T19:50:47.083633Z",
    "exemptionData": {
      "exemptionCategory": "waiver",
      "assignedAssessment": {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      }
    },
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}

Definitions

Name Description
AssignedAssessmentItem

Describe the properties of a security assessment object reference (by key)
AssignedStandardItem

Describe the properties of a of a standard assignments object reference
attestationComplianceState

Attest category of this assignment
AttestationData

Additional data about assignment that has Attest effect
AttestationEvidence

Describe the properties of a assignment attestation
effect

Expected effect of this assignment (Audit/Exempt/Attest)
ErrorAdditionalInfo

The resource management error additional info.
ErrorDetail

The error detail.
ErrorResponse

Error response
exemptionCategory

Exemption category of this assignment
ExemptionData

Additional data about assignment that has Exempt effect
StandardAssignment

Security Assignment on a resource group over a given scope
StandardAssignmentMetadata

The standard assignment metadata

AssignedAssessmentItem

Object

Describe the properties of a security assessment object reference (by key)

Name Type Description
assessmentKey

string

Unique key to a security assessment object

AssignedStandardItem

Object

Describe the properties of a of a standard assignments object reference

Name Type Description
id

string

Full resourceId of the Microsoft.Security/standard object

attestationComplianceState

Enumeration

Attest category of this assignment

Value Description
unknown
compliant
nonCompliant

AttestationData

Object

Additional data about assignment that has Attest effect

Name Type Description
assignedAssessment

AssignedAssessmentItem

Component item with key as applied to this standard assignment over the given scope
complianceDate

string (date-time)

Attestation compliance date
complianceState

attestationComplianceState

Attest category of this assignment
evidence

AttestationEvidence[]

Array of links to attestation evidence

AttestationEvidence

Object

Describe the properties of a assignment attestation

Name Type Description
description

string

The description of the evidence
sourceUrl

string

The source url of the evidence

effect

Enumeration

Expected effect of this assignment (Audit/Exempt/Attest)

Value Description
Audit
Exempt
Attest

ErrorAdditionalInfo

Object

The resource management error additional info.

Name Type Description
info

object

The additional info.
type

string

The additional info type.

ErrorDetail

Object

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.
code

string

The error code.
details

ErrorDetail[]

The error details.
message

string

The error message.
target

string

The error target.

ErrorResponse

Object

Error response

Name Type Description
error

ErrorDetail

The error object.

exemptionCategory

Enumeration

Exemption category of this assignment

Value Description
waiver
mitigated

ExemptionData

Object

Additional data about assignment that has Exempt effect

Name Type Description
assignedAssessment

AssignedAssessmentItem

Component item with key as applied to this standard assignment over the given scope
exemptionCategory

exemptionCategory

Exemption category of this assignment

StandardAssignment

Object

Security Assignment on a resource group over a given scope

Name Type Description
id

string

Resource Id
name

string

Resource name
properties.assignedStandard

AssignedStandardItem

Standard item with key as applied to this standard assignment over the given scope
properties.attestationData

AttestationData

Additional data about assignment that has Attest effect
properties.description

string

Description of the standardAssignment
properties.displayName

string

Display name of the standardAssignment
properties.effect

effect

Expected effect of this assignment (Audit/Exempt/Attest)
properties.excludedScopes

string[]

Excluded scopes, filter out the descendants of the scope (on management scopes)
properties.exemptionData

ExemptionData

Additional data about assignment that has Exempt effect
properties.expiresOn

string (date-time)

Expiration date of this assignment as a full ISO date
properties.metadata

StandardAssignmentMetadata

The standard assignment metadata.
type

string

Resource type

StandardAssignmentMetadata

Object

The standard assignment metadata

Name Type Description
createdBy

string

Standard assignment Created by object id (GUID)
createdOn

string (date-time)

Standard assignment creation date
lastUpdatedBy

string

Standard assignment last updated by object id (GUID)
lastUpdatedOn

string (date-time)

Standard assignment last update date