Share via

Policy Set Definitions - Get Built In

Service:
Policy
API Version:
2025-11-01

This operation retrieves the built-in policy set definition with the given name.

GET https://management.azure.com/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}?api-version=2025-11-01
With optional parameters: 
GET https://management.azure.com/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}?api-version=2025-11-01&$expand={$expand}

URI Parameters

Name In Required Type Description
policySetDefinitionName
 path True

string

pattern: ^[^<>*%&:\?.+/]*[^<>*%&:\?.+/ ]+$

The name of the policy set definition to get.
api-version
 query True

string

minLength: 1

The API version to use for this operation.
$expand
 query

string

Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.

Responses

Name Type Description
200 OK

PolicySetDefinition

Azure operation completed successfully.
Other Status Codes

ErrorResponse

An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Retrieve a built-in policy set definition

Sample request

GET https://management.azure.com/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8?api-version=2025-11-01

Sample response

Status code:
200 
{
  "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
  "properties": {
    "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.",
    "displayName": "[Preview]: Enable Monitoring in Azure Security Center",
    "metadata": {
      "category": "Security Center"
    },
    "parameters": {},
    "policyDefinitions": [
      {
        "definitionVersion": "1.*.*",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16",
        "policyDefinitionReferenceId": "RefId1"
      },
      {
        "definitionVersion": "1.*.*",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d",
        "policyDefinitionReferenceId": "RefId2"
      },
      {
        "definitionVersion": "1.*.*",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60",
        "policyDefinitionReferenceId": "RefId3"
      },
      {
        "definitionVersion": "1.*.*",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759",
        "policyDefinitionReferenceId": "RefId4"
      },
      {
        "definitionVersion": "1.*.*",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c",
        "policyDefinitionReferenceId": "RefId5"
      },
      {
        "definitionVersion": "1.*.*",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc",
        "policyDefinitionReferenceId": "RefId6"
      },
      {
        "definitionVersion": "1.*.*",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed",
        "policyDefinitionReferenceId": "RefId7"
      },
      {
        "definitionVersion": "1.*.*",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15",
        "policyDefinitionReferenceId": "RefId8"
      },
      {
        "definitionVersion": "1.*.*",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
        "policyDefinitionReferenceId": "RefId9"
      },
      {
        "definitionVersion": "1.*.*",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d",
        "policyDefinitionReferenceId": "RefId10"
      }
    ],
    "policyType": "BuiltIn",
    "version": "1.2.1",
    "versions": [
      "1.2.1",
      "1.0.0"
    ]
  }
}

Definitions

Name Description
createdByType

The type of identity that created the resource.
ErrorAdditionalInfo

The resource management error additional info.
ErrorDetail

The error detail.
ErrorResponse

Error response
ParameterDefinitionsValue

The definition of a parameter that can be provided to the policy.
ParameterDefinitionsValueMetadata

General metadata for the parameter.
ParameterType

The data type of the parameter.
ParameterValuesValue

The value of a parameter.
PolicyDefinitionGroup

The policy definition group.
PolicyDefinitionReference

The policy definition reference.
PolicySetDefinition

The policy set definition.
PolicyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
systemData

Metadata pertaining to creation and last modification of the resource.

createdByType

Enumeration

The type of identity that created the resource.

Value Description
User
Application
ManagedIdentity
Key

ErrorAdditionalInfo

Object

The resource management error additional info.

Name Type Description
info

object

The additional info.
type

string

The additional info type.

ErrorDetail

Object

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.
code

string

The error code.
details

ErrorDetail[]

The error details.
message

string

The error message.
target

string

The error target.

ErrorResponse

Object

Error response

Name Type Description
error

ErrorDetail

The error object.

ParameterDefinitionsValue

Object

The definition of a parameter that can be provided to the policy.

Name Type Description
allowedValues

AllowedValues[]

The allowed values for the parameter.
defaultValue

The default value for the parameter if no value is provided.
metadata

ParameterDefinitionsValueMetadata

General metadata for the parameter.
schema

Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
type

ParameterType

The data type of the parameter.

ParameterDefinitionsValueMetadata

Object

General metadata for the parameter.

Name Type Description
assignPermissions

boolean

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
description

string

The description of the parameter.
displayName

string

The display name for the parameter.
strongType

string

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

ParameterType

Enumeration

The data type of the parameter.

Value Description
String

The string parameter type.
Array

The array parameter type.
Object

The object parameter type.
Boolean

The boolean parameter type.
Integer

The integer parameter type.
Float

The float parameter type.
DateTime

The date-time parameter type.

ParameterValuesValue

Object

The value of a parameter.

Name Type Description
value

The value of the parameter.

PolicyDefinitionGroup

Object

The policy definition group.

Name Type Description
additionalMetadataId

string

A resource ID of a resource that contains additional metadata about the group.
category

string

The group's category.
description

string

The group's description.
displayName

string

The group's display name.
name

string

The name of the group.

PolicyDefinitionReference

Object

The policy definition reference.

Name Type Description
definitionVersion

string

The version of the policy definition to use.
effectiveDefinitionVersion

string

The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.
groupNames

string[]

The name of the groups that this policy definition reference belongs to.
latestDefinitionVersion

string

The latest version of the policy definition available. This is only present if requested via the $expand query parameter.
parameters

<string,  ParameterValuesValue>

The parameter values for the referenced policy rule. The keys are the parameter names.
policyDefinitionId

string

The ID of the policy definition or policy set definition.
policyDefinitionReferenceId

string

A unique id (within the policy set definition) for this policy definition reference.

PolicySetDefinition

Object

The policy set definition.

Name Type Description
id

string (arm-id)

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
name

string

The name of the resource
properties.description

string

The policy set definition description.
properties.displayName

string

The display name of the policy set definition.
properties.metadata

The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
properties.parameters

<string,  ParameterDefinitionsValue>

The policy set definition parameters that can be used in policy definition references.
properties.policyDefinitionGroups

PolicyDefinitionGroup[]

The metadata describing groups of policy definition references within the policy set definition.
properties.policyDefinitions

PolicyDefinitionReference[]

An array of policy definition references.
properties.policyType

PolicyType

The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
properties.version

string

The policy set definition version in #.#.# format.
properties.versions

string[]

A list of available versions for this policy set definition.
systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.
type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

PolicyType

Enumeration

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

Value Description
NotSpecified

The not specified policy definition type.
BuiltIn

The built in policy definition type.
Custom

The custom policy definition type.
Static

The static policy definition type.

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string (date-time)

The timestamp of resource creation (UTC).
createdBy

string

The identity that created the resource.
createdByType

createdByType

The type of identity that created the resource.
lastModifiedAt

string (date-time)

The timestamp of resource last modification (UTC)
lastModifiedBy

string

The identity that last modified the resource.
lastModifiedByType

createdByType

The type of identity that last modified the resource.