Start-AzPolicyRemediation
Creates and starts a policy remediation for a policy assignment.
Syntax
CreateBySubscriptionId (Default)
Start-AzPolicyRemediation
-Name <String>
-PolicyAssignmentId <String>
[-SubscriptionId <String>]
[-FailureThresholdPercentage <Single>]
[-FilterLocation <String[]>]
[-FilterResourceId <String[]>]
[-ParallelDeployment <Int32>]
[-PolicyDefinitionReferenceId <String>]
[-ResourceCount <Int32>]
[-ResourceDiscoveryMode <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
CreateByResourceGroup
Start-AzPolicyRemediation
-Name <String>
-ResourceGroupName <String>
-PolicyAssignmentId <String>
[-SubscriptionId <String>]
[-FailureThresholdPercentage <Single>]
[-FilterLocation <String[]>]
[-FilterResourceId <String[]>]
[-ParallelDeployment <Int32>]
[-PolicyDefinitionReferenceId <String>]
[-ResourceCount <Int32>]
[-ResourceDiscoveryMode <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
CreateByResourceId
Start-AzPolicyRemediation
-Name <String>
-ResourceId <String>
-PolicyAssignmentId <String>
[-FailureThresholdPercentage <Single>]
[-FilterLocation <String[]>]
[-FilterResourceId <String[]>]
[-ParallelDeployment <Int32>]
[-PolicyDefinitionReferenceId <String>]
[-ResourceCount <Int32>]
[-ResourceDiscoveryMode <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
CreateByScope
Start-AzPolicyRemediation
-Name <String>
-PolicyAssignmentId <String>
-Scope <String>
[-FailureThresholdPercentage <Single>]
[-FilterLocation <String[]>]
[-FilterResourceId <String[]>]
[-ParallelDeployment <Int32>]
[-PolicyDefinitionReferenceId <String>]
[-ResourceCount <Int32>]
[-ResourceDiscoveryMode <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
CreateByManagementGroup
Start-AzPolicyRemediation
-Name <String>
-ManagementGroupId <String>
-PolicyAssignmentId <String>
[-FailureThresholdPercentage <Single>]
[-FilterLocation <String[]>]
[-FilterResourceId <String[]>]
[-ParallelDeployment <Int32>]
[-PolicyDefinitionReferenceId <String>]
[-ResourceCount <Int32>]
[-ResourceDiscoveryMode <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
CreateViaIdentity
Start-AzPolicyRemediation
-InputObject <IPolicyInsightsIdentity>
-PolicyAssignmentId <String>
[-FailureThresholdPercentage <Single>]
[-FilterLocation <String[]>]
[-FilterResourceId <String[]>]
[-ParallelDeployment <Int32>]
[-PolicyDefinitionReferenceId <String>]
[-ResourceCount <Int32>]
[-ResourceDiscoveryMode <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Start-AzPolicyRemediation cmdlet creates a policy remediation for a particular policy assignment.
All non-compliant resources at or below the remediation's scope will be remediated.
This cmdlet can also be used to restart a previously created Remediation that is in a terminal state.
Remediation is only supported for policies with the 'deployIfNotExists' and 'modify' effect.
Examples
$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309"
Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -NoWait
This command creates a new policy remediation in the current context's subscription for the provided policy assignment.
The cmdlet will return immediately after the remediation is created without waiting for the remediation to complete.
$policyAssignmentId = "/providers/Microsoft.Management/managementGroups/mg1/providers/Microsoft.Authorization/policyAssignments/pa1"
Start-AzPolicyRemediation -ManagementGroupId "mg1" -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -FilterLocation "westus","eastus"
This command creates a new policy remediation in management group 'mg1' for the given policy assignment.
Only resources in the 'westus' or 'eastus' locations will be remediated.
$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/resourceGroups/myRG/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309"
Start-AzPolicyRemediation -ResourceGroupName "myRG" -PolicyAssignmentId $policyAssignmentId -PolicyDefinitionReferenceId "0349234412441" -Name "remediation1"
This command creates a new policy remediation in resource group 'myRG' for the given policy assignment.
The policy assignment assigns a policy set definition (also known as an initiative).
The policy definition reference ID indicates which policy within the initiative should be remediated.
$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309"
$job = Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -AsJob
$job | Wait-Job
$remediation = $job | Receive-Job
This command starts a new policy remediation in the current context's subscription with the provided policy assignment.
It will wait for the remediation to complete before returning the final remediation status.
$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309"
Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -ResourceDiscoveryMode ReEvaluateCompliance
This command creates a new policy remediation in the current context's subscription with the provided policy assignment.
The compliance state of resources in the subscription will be re-evaluated against the policy assignment and non-compliant resources will be remediated.
$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309"
Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -ResourceCount 10000
$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309"
Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -ParallelDeploymentCount 30
$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309"
Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -FailureThreshold 0.5
Parameters
-AsJob
Run cmdlet in the background.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The DefaultProfile parameter is not functional.
Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Parameter properties
Type: PSObject
Default value: None Supports wildcards: False DontShow: False Aliases: AzureRMContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-FailureThresholdPercentage
A number between 0.0 to 1.0 representing the percentage failure threshold.
The remediation will fail if the percentage of failed remediation operations (i.e.
failed deployments) exceeds this threshold.
Parameter properties
Type: Single
Default value: None Supports wildcards: False DontShow: False Aliases: FailureThreshold
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-FilterLocation
The resource locations that should be included in the remediation.
Resources that don't reside in these locations will not be remediated.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False Aliases: LocationFilter
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-FilterResourceId
The IDs of the resources that will be remediated.
Can specify at most 100 IDs.
This filter cannot be used when ReEvaluateCompliance is set to ReEvaluateCompliance.
This filter cannot be empty if provided, or the remediation won't target any resources.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Identity Parameter
Type: Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.Models.IPolicyInsightsIdentity
Default value: None Supports wildcards: False DontShow: False
CreateViaIdentity
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-ManagementGroupId
Management group ID.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: ManagementGroupName
Parameter sets
CreateByManagementGroup
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
The name of the remediation.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: RemediationName
Parameter sets
CreateBySubscriptionId
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CreateByResourceGroup
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CreateByResourceId
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CreateByScope
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CreateByManagementGroup
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-NoWait
Run the command asynchronously.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ParallelDeployment
Determines how many resources to remediate at any given time.
Can be used to increase or reduce the pace of the remediation.
If not provided, the default parallel deployments value is used.
Parameter properties
Type: Int32
Default value: None Supports wildcards: False DontShow: False Aliases: ParallelDeploymentCount
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-PolicyAssignmentId
The resource ID of the policy assignment that should be remediated.
E.g.
'/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments/{assignmentName}'.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-PolicyDefinitionReferenceId
The policy definition reference ID of the individual definition that should be remediated.
Required when the policy assignment being remediated assigns a policy set definition.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceCount
Determines the max number of non-compliant resources that can be remediated by the remediation job.
If not provided, the default resource count is used.
Parameter properties
Type: Int32
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceDiscoveryMode
Describes how the remediation task will discover resources that need to be remediated.
ReEvaluateCompliance is not supported when remediating management group scopes.
Defaults to ExistingNonCompliant if not specified.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
Resource group name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
CreateByResourceGroup
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceId
ID of the resource that the remediation is being created for.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: Id
Parameter sets
CreateByResourceId
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Scope
Scope of the resource.
E.g.
'/subscriptions/{subscriptionId}/resourceGroups/{rgName}'.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
CreateByScope
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SubscriptionId
The ID of the target subscription.
Uses current subscription if one isn't provided.
Parameter properties
Type: String
Default value: (Get-AzContext).Subscription.Id Supports wildcards: False DontShow: False
Parameter sets
CreateBySubscriptionId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CreateByResourceGroup
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.Models.IPolicyInsightsIdentity
Outputs
Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.Models.IRemediation
