Policy Definitions - Get Built In
This operation retrieves the built-in policy definition with the given name.
GET https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}?api-version=2025-11-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
policy
|
path | True |
string pattern: ^[^<>*%&:\?.+/]*[^<>*%&:\?.+/ ]+$ |
The name of the built-in policy definition to get. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
Azure operation completed successfully. |
|
| Other Status Codes |
An unexpected error response. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
Retrieve a built-in policy definition
Sample request
GET https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1?api-version=2025-11-01
Sample response
{
"name": "7433c107-6db4-4ad1-b57a-a76dce0154a1",
"type": "Microsoft.Authorization/policyDefinitions",
"id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
"properties": {
"description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.",
"displayName": "Allowed storage account SKUs",
"mode": "All",
"parameters": {
"listOfAllowedSKUs": {
"type": "Array",
"metadata": {
"description": "The list of SKUs that can be specified for storage accounts.",
"displayName": "Allowed SKUs",
"strongType": "StorageSKUs"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"equals": "Microsoft.Storage/storageAccounts",
"field": "type"
},
{
"not": {
"field": "Microsoft.Storage/storageAccounts/sku.name",
"in": "[parameters('listOfAllowedSKUs')]"
}
}
]
},
"then": {
"effect": "Deny"
}
},
"policyType": "BuiltIn",
"version": "1.2.1",
"versions": [
"1.2.1",
"1.0.0"
]
}
}Definitions
| Name | Description |
|---|---|
|
created |
The type of identity that created the resource. |
|
Error |
The resource management error additional info. |
|
Error |
The error detail. |
|
Error |
Error response |
|
External |
The settings of an external endpoint providing evaluation results. |
|
External |
The details of the source of external evaluation results required by the policy during enforcement evaluation. |
|
Parameter |
The definition of a parameter that can be provided to the policy. |
|
Parameter |
General metadata for the parameter. |
|
Parameter |
The data type of the parameter. |
|
Policy |
The policy definition. |
|
Policy |
The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. |
|
system |
Metadata pertaining to creation and last modification of the resource. |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| User | |
| Application | |
| ManagedIdentity | |
| Key |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
ErrorDetail
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorResponse
Error response
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
ExternalEvaluationEndpointSettings
The settings of an external endpoint providing evaluation results.
| Name | Type | Description |
|---|---|---|
| details |
|
The details of the endpoint. |
| kind |
string |
The kind of the endpoint. |
ExternalEvaluationEnforcementSettings
The details of the source of external evaluation results required by the policy during enforcement evaluation.
| Name | Type | Description |
|---|---|---|
| endpointSettings |
The settings of an external endpoint providing evaluation results. |
|
| missingTokenAction |
string |
What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported. |
| resultLifespan |
string |
The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. |
| roleDefinitionIds |
string[] |
An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. |
ParameterDefinitionsValue
The definition of a parameter that can be provided to the policy.
| Name | Type | Description |
|---|---|---|
| allowedValues |
Allowed |
The allowed values for the parameter. |
| defaultValue |
|
The default value for the parameter if no value is provided. |
| metadata |
General metadata for the parameter. |
|
| schema |
|
Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/. |
| type |
The data type of the parameter. |
ParameterDefinitionsValueMetadata
General metadata for the parameter.
| Name | Type | Description |
|---|---|---|
| assignPermissions |
boolean |
Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope. |
| description |
string |
The description of the parameter. |
| displayName |
string |
The display name for the parameter. |
| strongType |
string |
Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from. |
ParameterType
The data type of the parameter.
| Value | Description |
|---|---|
| String |
The string parameter type. |
| Array |
The array parameter type. |
| Object |
The object parameter type. |
| Boolean |
The boolean parameter type. |
| Integer |
The integer parameter type. |
| Float |
The float parameter type. |
| DateTime |
The date-time parameter type. |
PolicyDefinition
The policy definition.
| Name | Type | Default value | Description |
|---|---|---|---|
| id |
string (arm-id) |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
|
| name |
string |
The name of the resource |
|
| properties.description |
string |
The policy definition description. |
|
| properties.displayName |
string |
The display name of the policy definition. |
|
| properties.externalEvaluationEnforcementSettings |
The details of the source of external evaluation results required by the policy during enforcement evaluation. |
||
| properties.metadata |
|
The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. |
|
| properties.mode |
string |
Indexed |
The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. |
| properties.parameters |
<string,
Parameter |
The parameter definitions for parameters used in the policy rule. The keys are the parameter names. |
|
| properties.policyRule |
|
The policy rule. |
|
| properties.policyType |
The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. |
||
| properties.version |
string |
The policy definition version in #.#.# format. |
|
| properties.versions |
string[] |
A list of available versions for this policy definition. |
|
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
||
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
PolicyType
The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
| Value | Description |
|---|---|
| NotSpecified |
The not specified policy definition type. |
| BuiltIn |
The built in policy definition type. |
| Custom |
The custom policy definition type. |
| Static |
The static policy definition type. |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string (date-time) |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string (date-time) |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |