Skip to content

Use assigned by for policy assignments#

Operational Excellence · Policy · Rule · 2021_06 · Awareness

Policy assignments should use assignedBy metadata.


When using the Azure Portal, policy assignment automatically set the assignedBy metadata. This metadata field is intended to indicate the person or team assigning the policy to a resource scope.

When automating policy management, it may be helpful to identify assignments managed by code.


Consider setting assignedBy metadata for each policy assignment.


Azure templates#

To deploy policy assignments that pass this rule:

  • Set the properties.metadata.assignedBy property with a valid value.

For example:

Azure Template snippet
    "comments": "Initiative assignment",
    "name": "assignment-001",
    "type": "Microsoft.Authorization/policyAssignments",
    "apiVersion": "2019-06-01",
    "properties": {
        "displayName": "Assignment 001",
        "description": "An example policy assignment.",
        "metadata": {
            "assignedBy": "DevOps pipeline"
        "enforcementMode": "Default"