Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The assessments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/assessments resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/assessments@2020-01-01' = {
scope: resourceSymbolicName or scope
name: 'string'
properties: {
additionalData: {
{customized property}: 'string'
}
metadata: {
assessmentType: 'string'
categories: [
'string'
]
description: 'string'
displayName: 'string'
implementationEffort: 'string'
partnerData: {
partnerName: 'string'
productName: 'string'
secret: 'string'
}
preview: bool
remediationDescription: 'string'
severity: 'string'
threats: [
'string'
]
userImpact: 'string'
}
partnersData: {
partnerName: 'string'
secret: 'string'
}
resourceDetails: {
source: 'string'
// For remaining properties, see ResourceDetails objects
}
status: {
cause: 'string'
code: 'string'
description: 'string'
}
}
}
ResourceDetails objects
Set the source property to specify the type of object.
For Azure, use:
{
source: 'Azure'
}
For OnPremiseSql, use:
{
databaseName: 'string'
machineName: 'string'
serverName: 'string'
source: 'OnPremiseSql'
sourceComputerId: 'string'
vmuuid: 'string'
workspaceId: 'string'
}
Property Values
Microsoft.Security/assessments
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| properties | Describes properties of an assessment. | SecurityAssessmentProperties |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
AssessmentStatus
| Name | Description | Value |
|---|---|---|
| cause | Programmatic code for the cause of the assessment status | string |
| code | Programmatic code for the status of the assessment | 'Healthy' 'NotApplicable' 'Unhealthy' (required) |
| description | Human readable description of the assessment status | string |
AzureResourceDetails
| Name | Description | Value |
|---|---|---|
| source | The platform where the assessed resource resides | 'Azure' (required) |
OnPremiseSqlResourceDetails
| Name | Description | Value |
|---|---|---|
| databaseName | The Sql database name installed on the machine | string (required) |
| machineName | The name of the machine | string (required) |
| serverName | The Sql server name installed on the machine | string (required) |
| source | The platform where the assessed resource resides | 'OnPremiseSql' (required) |
| sourceComputerId | The oms agent Id installed on the machine | string (required) |
| vmuuid | The unique Id of the machine | string (required) |
| workspaceId | Azure resource Id of the workspace the machine is attached to | string (required) |
ResourceDetails
| Name | Description | Value |
|---|---|---|
| source | Set to 'Azure' for type AzureResourceDetails. Set to 'OnPremiseSql' for type OnPremiseSqlResourceDetails. | 'Azure' 'OnPremiseSql' (required) |
SecurityAssessmentMetadataPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| productName | Name of the product of the partner that created the assessment | string |
| secret | Secret to authenticate the partner and verify it created the assessment - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentMetadataProperties
| Name | Description | Value |
|---|---|---|
| assessmentType | BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition | 'BuiltIn' 'CustomerManaged' 'CustomPolicy' 'VerifiedPartner' (required) |
| categories | String array containing any of: 'Compute' 'Data' 'IdentityAndAccess' 'IoT' 'Networking' |
|
| description | Human readable description of the assessment | string |
| displayName | User friendly display name of the assessment | string (required) |
| implementationEffort | The implementation effort required to remediate this assessment | 'High' 'Low' 'Moderate' |
| partnerData | Describes the partner that created the assessment | SecurityAssessmentMetadataPartnerData |
| preview | True if this assessment is in preview release status | bool |
| remediationDescription | Human readable description of what you should do to mitigate this security issue | string |
| severity | The severity level of the assessment | 'High' 'Low' 'Medium' (required) |
| threats | String array containing any of: 'accountBreach' 'dataExfiltration' 'dataSpillage' 'denialOfService' 'elevationOfPrivilege' 'maliciousInsider' 'missingCoverage' 'threatResistance' |
|
| userImpact | The user impact of the assessment | 'High' 'Low' 'Moderate' |
SecurityAssessmentPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| secret | secret to authenticate the partner - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentProperties
| Name | Description | Value |
|---|---|---|
| additionalData | Additional data regarding the assessment | SecurityAssessmentPropertiesAdditionalData |
| metadata | Describes properties of an assessment metadata. | SecurityAssessmentMetadataProperties |
| partnersData | Data regarding 3rd party partner integration | SecurityAssessmentPartnerData |
| resourceDetails | Details of the resource that was assessed | ResourceDetails (required) |
| status | The result of the assessment | AssessmentStatus (required) |
SecurityAssessmentPropertiesAdditionalData
| Name | Description | Value |
|---|
ARM template resource definition
The assessments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/assessments resource, add the following JSON to your template.
{
"type": "Microsoft.Security/assessments",
"apiVersion": "2020-01-01",
"name": "string",
"properties": {
"additionalData": {
"{customized property}": "string"
},
"metadata": {
"assessmentType": "string",
"categories": [ "string" ],
"description": "string",
"displayName": "string",
"implementationEffort": "string",
"partnerData": {
"partnerName": "string",
"productName": "string",
"secret": "string"
},
"preview": "bool",
"remediationDescription": "string",
"severity": "string",
"threats": [ "string" ],
"userImpact": "string"
},
"partnersData": {
"partnerName": "string",
"secret": "string"
},
"resourceDetails": {
"source": "string"
// For remaining properties, see ResourceDetails objects
},
"status": {
"cause": "string",
"code": "string",
"description": "string"
}
}
}
ResourceDetails objects
Set the source property to specify the type of object.
For Azure, use:
{
"source": "Azure"
}
For OnPremiseSql, use:
{
"databaseName": "string",
"machineName": "string",
"serverName": "string",
"source": "OnPremiseSql",
"sourceComputerId": "string",
"vmuuid": "string",
"workspaceId": "string"
}
Property Values
Microsoft.Security/assessments
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2020-01-01' |
| name | The resource name | string (required) |
| properties | Describes properties of an assessment. | SecurityAssessmentProperties |
| type | The resource type | 'Microsoft.Security/assessments' |
AssessmentStatus
| Name | Description | Value |
|---|---|---|
| cause | Programmatic code for the cause of the assessment status | string |
| code | Programmatic code for the status of the assessment | 'Healthy' 'NotApplicable' 'Unhealthy' (required) |
| description | Human readable description of the assessment status | string |
AzureResourceDetails
| Name | Description | Value |
|---|---|---|
| source | The platform where the assessed resource resides | 'Azure' (required) |
OnPremiseSqlResourceDetails
| Name | Description | Value |
|---|---|---|
| databaseName | The Sql database name installed on the machine | string (required) |
| machineName | The name of the machine | string (required) |
| serverName | The Sql server name installed on the machine | string (required) |
| source | The platform where the assessed resource resides | 'OnPremiseSql' (required) |
| sourceComputerId | The oms agent Id installed on the machine | string (required) |
| vmuuid | The unique Id of the machine | string (required) |
| workspaceId | Azure resource Id of the workspace the machine is attached to | string (required) |
ResourceDetails
| Name | Description | Value |
|---|---|---|
| source | Set to 'Azure' for type AzureResourceDetails. Set to 'OnPremiseSql' for type OnPremiseSqlResourceDetails. | 'Azure' 'OnPremiseSql' (required) |
SecurityAssessmentMetadataPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| productName | Name of the product of the partner that created the assessment | string |
| secret | Secret to authenticate the partner and verify it created the assessment - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentMetadataProperties
| Name | Description | Value |
|---|---|---|
| assessmentType | BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition | 'BuiltIn' 'CustomerManaged' 'CustomPolicy' 'VerifiedPartner' (required) |
| categories | String array containing any of: 'Compute' 'Data' 'IdentityAndAccess' 'IoT' 'Networking' |
|
| description | Human readable description of the assessment | string |
| displayName | User friendly display name of the assessment | string (required) |
| implementationEffort | The implementation effort required to remediate this assessment | 'High' 'Low' 'Moderate' |
| partnerData | Describes the partner that created the assessment | SecurityAssessmentMetadataPartnerData |
| preview | True if this assessment is in preview release status | bool |
| remediationDescription | Human readable description of what you should do to mitigate this security issue | string |
| severity | The severity level of the assessment | 'High' 'Low' 'Medium' (required) |
| threats | String array containing any of: 'accountBreach' 'dataExfiltration' 'dataSpillage' 'denialOfService' 'elevationOfPrivilege' 'maliciousInsider' 'missingCoverage' 'threatResistance' |
|
| userImpact | The user impact of the assessment | 'High' 'Low' 'Moderate' |
SecurityAssessmentPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| secret | secret to authenticate the partner - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentProperties
| Name | Description | Value |
|---|---|---|
| additionalData | Additional data regarding the assessment | SecurityAssessmentPropertiesAdditionalData |
| metadata | Describes properties of an assessment metadata. | SecurityAssessmentMetadataProperties |
| partnersData | Data regarding 3rd party partner integration | SecurityAssessmentPartnerData |
| resourceDetails | Details of the resource that was assessed | ResourceDetails (required) |
| status | The result of the assessment | AssessmentStatus (required) |
SecurityAssessmentPropertiesAdditionalData
| Name | Description | Value |
|---|
Usage Examples
Terraform (AzAPI provider) resource definition
The assessments resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/assessments resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/assessments@2020-01-01"
name = "string"
parent_id = "string"
body = {
properties = {
additionalData = {
{customized property} = "string"
}
metadata = {
assessmentType = "string"
categories = [
"string"
]
description = "string"
displayName = "string"
implementationEffort = "string"
partnerData = {
partnerName = "string"
productName = "string"
secret = "string"
}
preview = bool
remediationDescription = "string"
severity = "string"
threats = [
"string"
]
userImpact = "string"
}
partnersData = {
partnerName = "string"
secret = "string"
}
resourceDetails = {
source = "string"
// For remaining properties, see ResourceDetails objects
}
status = {
cause = "string"
code = "string"
description = "string"
}
}
}
}
ResourceDetails objects
Set the source property to specify the type of object.
For Azure, use:
{
source = "Azure"
}
For OnPremiseSql, use:
{
databaseName = "string"
machineName = "string"
serverName = "string"
source = "OnPremiseSql"
sourceComputerId = "string"
vmuuid = "string"
workspaceId = "string"
}
Property Values
Microsoft.Security/assessments
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | Describes properties of an assessment. | SecurityAssessmentProperties |
| type | The resource type | "Microsoft.Security/assessments@2020-01-01" |
AssessmentStatus
| Name | Description | Value |
|---|---|---|
| cause | Programmatic code for the cause of the assessment status | string |
| code | Programmatic code for the status of the assessment | 'Healthy' 'NotApplicable' 'Unhealthy' (required) |
| description | Human readable description of the assessment status | string |
AzureResourceDetails
| Name | Description | Value |
|---|---|---|
| source | The platform where the assessed resource resides | 'Azure' (required) |
OnPremiseSqlResourceDetails
| Name | Description | Value |
|---|---|---|
| databaseName | The Sql database name installed on the machine | string (required) |
| machineName | The name of the machine | string (required) |
| serverName | The Sql server name installed on the machine | string (required) |
| source | The platform where the assessed resource resides | 'OnPremiseSql' (required) |
| sourceComputerId | The oms agent Id installed on the machine | string (required) |
| vmuuid | The unique Id of the machine | string (required) |
| workspaceId | Azure resource Id of the workspace the machine is attached to | string (required) |
ResourceDetails
| Name | Description | Value |
|---|---|---|
| source | Set to 'Azure' for type AzureResourceDetails. Set to 'OnPremiseSql' for type OnPremiseSqlResourceDetails. | 'Azure' 'OnPremiseSql' (required) |
SecurityAssessmentMetadataPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| productName | Name of the product of the partner that created the assessment | string |
| secret | Secret to authenticate the partner and verify it created the assessment - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentMetadataProperties
| Name | Description | Value |
|---|---|---|
| assessmentType | BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition | 'BuiltIn' 'CustomerManaged' 'CustomPolicy' 'VerifiedPartner' (required) |
| categories | String array containing any of: 'Compute' 'Data' 'IdentityAndAccess' 'IoT' 'Networking' |
|
| description | Human readable description of the assessment | string |
| displayName | User friendly display name of the assessment | string (required) |
| implementationEffort | The implementation effort required to remediate this assessment | 'High' 'Low' 'Moderate' |
| partnerData | Describes the partner that created the assessment | SecurityAssessmentMetadataPartnerData |
| preview | True if this assessment is in preview release status | bool |
| remediationDescription | Human readable description of what you should do to mitigate this security issue | string |
| severity | The severity level of the assessment | 'High' 'Low' 'Medium' (required) |
| threats | String array containing any of: 'accountBreach' 'dataExfiltration' 'dataSpillage' 'denialOfService' 'elevationOfPrivilege' 'maliciousInsider' 'missingCoverage' 'threatResistance' |
|
| userImpact | The user impact of the assessment | 'High' 'Low' 'Moderate' |
SecurityAssessmentPartnerData
| Name | Description | Value |
|---|---|---|
| partnerName | Name of the company of the partner | string (required) |
| secret | secret to authenticate the partner - write only | string Constraints: Sensitive value. Pass in as a secure parameter. (required) |
SecurityAssessmentProperties
| Name | Description | Value |
|---|---|---|
| additionalData | Additional data regarding the assessment | SecurityAssessmentPropertiesAdditionalData |
| metadata | Describes properties of an assessment metadata. | SecurityAssessmentMetadataProperties |
| partnersData | Data regarding 3rd party partner integration | SecurityAssessmentPartnerData |
| resourceDetails | Details of the resource that was assessed | ResourceDetails (required) |
| status | The result of the assessment | AssessmentStatus (required) |
SecurityAssessmentPropertiesAdditionalData
| Name | Description | Value |
|---|
Usage Examples
Terraform Samples
A basic example of deploying Security Center Assessment for Azure Security Center.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
data "azapi_client_config" "current" {}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westus"
}
variable "admin_password" {
type = string
sensitive = true
description = "The administrator password for the virtual machine scale set"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "assessmentMetadata" {
type = "Microsoft.Security/assessmentMetadata@2021-06-01"
parent_id = "/subscriptions/${data.azapi_client_config.current.subscription_id}"
name = "fdaaa62c-1d42-45ab-be2f-2af194dd1700"
body = {
properties = {
assessmentType = "CustomerManaged"
description = "Test Description"
displayName = "Test Display Name"
severity = "Medium"
}
}
}
resource "azapi_resource" "pricing" {
type = "Microsoft.Security/pricings@2023-01-01"
parent_id = "/subscriptions/${data.azapi_client_config.current.subscription_id}"
name = "VirtualMachines"
body = {
properties = {
extensions = []
pricingTier = "Standard"
subPlan = "P2"
}
}
}
resource "azapi_resource" "virtualNetwork" {
type = "Microsoft.Network/virtualNetworks@2024-05-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-vnet"
location = var.location
body = {
properties = {
addressSpace = {
addressPrefixes = ["10.0.0.0/16"]
}
dhcpOptions = {
dnsServers = []
}
privateEndpointVNetPolicies = "Disabled"
}
}
}
resource "azapi_resource" "subnet" {
type = "Microsoft.Network/virtualNetworks/subnets@2024-05-01"
parent_id = azapi_resource.virtualNetwork.id
name = "internal"
body = {
properties = {
addressPrefix = "10.0.2.0/24"
defaultOutboundAccess = true
delegations = []
privateEndpointNetworkPolicies = "Disabled"
privateLinkServiceNetworkPolicies = "Enabled"
serviceEndpointPolicies = []
serviceEndpoints = []
}
}
}
resource "azapi_resource" "virtualMachineScaleSet" {
type = "Microsoft.Compute/virtualMachineScaleSets@2024-11-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-vmss"
location = var.location
body = {
properties = {
additionalCapabilities = {}
doNotRunExtensionsOnOverprovisionedVMs = false
orchestrationMode = "Uniform"
overprovision = true
singlePlacementGroup = true
upgradePolicy = {
mode = "Manual"
}
virtualMachineProfile = {
diagnosticsProfile = {
bootDiagnostics = {
enabled = false
storageUri = ""
}
}
extensionProfile = {
extensionsTimeBudget = "PT1H30M"
}
networkProfile = {
networkInterfaceConfigurations = [{
name = "example"
properties = {
dnsSettings = {
dnsServers = []
}
enableAcceleratedNetworking = false
enableIPForwarding = false
ipConfigurations = [{
name = "internal"
properties = {
applicationGatewayBackendAddressPools = []
applicationSecurityGroups = []
loadBalancerBackendAddressPools = []
loadBalancerInboundNatPools = []
primary = true
privateIPAddressVersion = "IPv4"
subnet = {
id = azapi_resource.subnet.id
}
}
}]
primary = true
}
}]
}
osProfile = {
adminPassword = var.admin_password
adminUsername = "adminuser"
allowExtensionOperations = true
computerNamePrefix = "${var.resource_name}-vmss"
linuxConfiguration = {
disablePasswordAuthentication = false
provisionVMAgent = true
ssh = {
publicKeys = []
}
}
secrets = []
}
priority = "Regular"
storageProfile = {
dataDisks = []
imageReference = {
offer = "0001-com-ubuntu-server-jammy"
publisher = "Canonical"
sku = "22_04-lts"
version = "latest"
}
osDisk = {
caching = "ReadWrite"
createOption = "FromImage"
managedDisk = {
storageAccountType = "Standard_LRS"
}
osType = "Linux"
writeAcceleratorEnabled = false
}
}
}
}
sku = {
capacity = 1
name = "Standard_B1s"
}
}
}
resource "azapi_resource" "assessment" {
type = "Microsoft.Security/assessments@2020-01-01"
parent_id = azapi_resource.virtualMachineScaleSet.id
name = "fdaaa62c-1d42-45ab-be2f-2af194dd1700"
body = {
properties = {
additionalData = {}
resourceDetails = {
source = "Azure"
}
status = {
cause = ""
code = "Healthy"
description = ""
}
}
}
}