Skip to content

Use assigned by for policy assignments#

Operational Excellence · Policy · Azure.Policy.AssignmentAssignedBy

Policy assignments should use assignedBy metadata.

Description#

When using the Azure Portal, policy assignment automatically set the assignedBy metadata. This metadata field is intended to indicate the person or team assigning the policy to a resource scope.

When automating policy management, it may be helpful to identify assignments managed by code.

Recommendation#

Consider setting assignedBy metadata for each policy assignment.

Examples#

Azure templates#

To deploy policy assignments that pass this rule:

  • Set the properties.metadata.assignedBy property with a valid value.

For example:

{
    "comments": "Initiative assignment",
    "name": "assignment-001",
    "type": "Microsoft.Authorization/policyAssignments",
    "apiVersion": "2019-06-01",
    "properties": {
        "displayName": "Assignment 001",
        "description": "An example policy assignment.",
        "metadata": {
            "assignedBy": "DevOps pipeline"
        },
        "enforcementMode": "Default"
    }
}

Last update: 2021-09-24