Microsoft Azure – Add Assignment to Custom Policy Initiative

In this article, we will add an assignment to an already existing custom policy initiative definition using azure PowerShell commands. Here policy assignment is a kind of instructions to apply or stop the action of policies on Azure resources. We can restrict a few executions, update, creations, modifications by applying the policy assignments to select scope or resource. Few policy assignments require default parameters, this should be sorted before applying the assignment to scope.

Implementation:

Use the following command to verify the policy Initiative definition

Get-AzPolicySetDefinition `
| Where-Object { $_.Properties.displayname -eq "<add_policy_initiative_name>" }

Example:

Get-AzPolicySetDefinition `
| Where-Object { $_.Properties.displayname -eq "Azure Custom Policy Initiative Definition" }

Then, store policy Initiative definition to variable let’s say “$initiative”

$initiative = Get-AzPolicySetDefinition `
| Where-Object { $_.Properties.displayname -eq "<add_policy_initiative_name>" }

Example:

$initiative = Get-AzPolicySetDefinition `
| Where-Object { $_.Properties.displayname -eq "Azure Custom Policy Initiative Definition" }

Get scope in which you want to assign:

If your scope is resource group, then use this below command:

$scope = (Get-AzResourceGroup -Name '<add_resource_group_name>').resourceid

use this below command to verify your select resource id :

$scope.resourceid

If your scope is tenant, then use this below command:

$scope = (Get-AzTenant).Id

Now, add Assignment to an Initiative definition on a select scope

New-AzPolicyAssignment `
-Name 'Initiative-Assignment-01' -PolicySetDefinition $initiative -Scope $scope

Output:

That’s it!. The assignment to a Custom Policy Initiative is done.