0
votes

I would like to deploy a policy exemption via ARM template for a policy assignment that I have in place. The objective is to exempt a particular resource group from a given subscription so the resources which are belonging to that resource group will be exempted from the compliance report.

I am referring the Microsoft Azure documentation (given below the link and sample structure of ARM JSON) to understand how to structure the ARM template but I do not find information on where to define the scope for the exemption.

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/exemption-structure

    "id": "/subscriptions/{subId}/resourceGroups/ExemptRG/providers/Microsoft.Authorization/policyExemptions/resourceIsNotApplicable",
    "name": "resourceIsNotApplicable",
    "type": "Microsoft.Authorization/policyExemptions",
    "properties": {
        "displayName": "This resource is scheduled for deletion",
        "description": "This resources is planned to be deleted by end of quarter and has been granted a waiver to the policy.",
        "metadata": {
            "requestedBy": "Storage team",
            "approvedBy": "IA",
            "approvedOn": "2020-07-26T08:02:32.0000000Z",
            "ticketRef": "4baf214c-8d54-4646-be3f-eb6ec7b9bc4f"
        },
        "policyAssignmentId": "/subscriptions/{mySubscriptionID}/providers/Microsoft.Authorization/policyAssignments/resourceShouldBeCompliantInit",
        "policyDefinitionReferenceIds": [
            "requiredTags",
            "allowedLocations"
        ],
        "exemptionCategory": "waiver",
        "expiresOn": "2020-12-31T23:59:00.0000000Z"
    }
}
1

1 Answers

1
votes

The scope of the exemption is defined in the scope at which it is created. So for the above example of an existing exemption, the scope of the exemption is the ExampleRG resource group.

From the documentation, Microsoft notes: A policy exemption is created as a child object on the resource hierarchy or the individual resource granted the exemption, so the target isn't included in the exemption definition.