Document Details
Programmatically Create
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
windows_first
⚠️
powershell_heavy
⚠️
windows_tools
⚠️
missing_linux_example
Summary:
The documentation demonstrates a Windows bias by prioritizing Windows and PowerShell tools and instructions. PowerShell is introduced and explained before Azure CLI, and the prerequisite steps focus on Windows-centric tools (e.g., ARMClient, PowerShell module) and provide a Windows-specific Azure CLI installation link. There are no explicit Linux or macOS installation instructions or examples, and some commands (such as PowerShell) are not cross-platform by default. The use of ARMClient, which is not natively available on Linux, further reinforces the bias.
Recommendations:
- Provide Azure CLI installation instructions for Linux and macOS alongside the Windows link in the prerequisites.
- Clearly indicate that Azure PowerShell is cross-platform, or provide equivalent Bash or shell script examples for Linux/macOS users.
- Include Linux/macOS-specific notes or examples where file paths, environment variables, or command syntax may differ.
- Mention alternative tools to ARMClient that are natively available or easily installable on Linux/macOS, or provide Docker-based usage instructions.
- Ensure that all code snippets and instructions are tested and applicable on both Windows and Linux/macOS platforms, or clearly label any platform-specific steps.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-07-12 23:44 | #41 | in_progress | ❌ Biased |
| 2025-07-12 00:58 | #8 | cancelled | ✅ Clean |
| 2025-07-10 05:06 | #7 | processing | ✅ Clean |
Flagged Code Snippets
For more information about registering and viewing resource providers, see [Resource Providers and Types](../../../azure-resource-manager/management/resource-providers-and-types.md).
1. If you haven't already, install Azure CLI. You can get the latest version at [Install Azure CLI on Windows](/cli/azure/install-azure-cli-windows).
## Create and assign a policy definition
The first step toward better visibility of your resources is to create and assign policies over your resources. The next step is to learn how to programmatically create and assign a policy. The example policy audits storage accounts that are open to all public networks using PowerShell, Azure CLI, and HTTP requests.
### Create and assign a policy definition with PowerShell
1. Use the following JSON snippet to create a JSON file with the name AuditStorageAccounts.json.
The command creates a policy definition named _Audit Storage Accounts Open to Public Networks_. For more information about other parameters that you can use, see [New-AzPolicyDefinition](/powershell/module/az.resources/new-azpolicydefinition).
When called without location parameters, `New-AzPolicyDefinition` defaults to saving the policy definition in the selected subscription of the sessions context. To save the definition to a different location, use the following parameters:
- **SubscriptionId** - Save to a different subscription. Requires a _GUID_ value.
- **ManagementGroupName** - Save to a management group. Requires a _string_ value.
1. After you create your policy definition, you can create a policy assignment by running the following commands:
Replace _ContosoRG_ with the name of your intended resource group.
The `Scope` parameter on `New-AzPolicyAssignment` works with management group, subscription, resource group, or a single resource. The parameter uses a full resource path, which the `ResourceId` property on `Get-AzResourceGroup` returns. The pattern for `Scope` for each container is as follows. Replace `{rName}`, `{rgName}`, `{subId}`, and `{mgName}` with your resource name, resource group name, subscription ID, and management group name, respectively. `{rType}` would be replaced with the _resource type_ of the resource, such as `Microsoft.Compute/virtualMachines` for a virtual machine.
- Resource - `/subscriptions/{subID}/resourceGroups/{rgName}/providers/{rType}/{rName}`
- Resource group - `/subscriptions/{subId}/resourceGroups/{rgName}`
- Subscription - `/subscriptions/{subId}`
- Management group - `/providers/Microsoft.Management/managementGroups/{mgName}`
For more information about managing resource policies using the Resource Manager PowerShell module, see [Az.Resources](/powershell/module/az.resources/#policy).
### Create and assign a policy definition using ARMClient
Use the following procedure to create a policy definition.
1. Copy the following JSON snippet to create a JSON file. You'll call the file in the next step.
The `scope` parameter on `az policy assignment create` works with management group, subscription, resource group, or a single resource. The parameter uses a full resource path. The pattern for `scope` for each container is as follows. Replace `{rName}`, `{rgName}`, `{subId}`, and `{mgName}` with your resource name, resource group name, subscription ID, and management group name, respectively. `{rType}` would be replaced with the _resource type_ of the resource, such as `Microsoft.Compute/virtualMachines` for a virtual machine.
- Resource - `/subscriptions/{subID}/resourceGroups/{rgName}/providers/{rType}/{rName}`
- Resource group - `/subscriptions/{subID}/resourceGroups/{rgName}`
- Subscription - `/subscriptions/{subID}`
- Management group - `/providers/Microsoft.Management/managementGroups/{mgName}`
You can get the Azure Policy Definition ID by using PowerShell with the following command: