Remediation Task Structure
Azure Policy remediation tasks help bring non-compliant resources into compliance based on policy definitions and assignments. Resources not compliant with a deployIfNotExists
or modify
definition can be remediated by deploying templates or making modifications, using the identity specified in the policy assignment.
New or updated resources that match a deployIfNotExists
or modify
assignment are automatically remediated. Remediation tasks are automatically deleted 60 days after the last modification.
Remediation tasks are created using JSON, containing elements such as:
Policy Assignment ID: Full path of the policy or initiative.
Policy Definition ID: Specifies the policy definition if the assignment is part of an initiative.
Resource Count & Parallel Deployments: Defines how many resources to remediate and how many can be handled simultaneously.
Failure Threshold: Optionally stops remediation if failures exceed a specified percentage.
Remediation Filters: Optional, such as filtering by region.
Resource Discovery Mode: Identifies non-compliant resources, with options like
ExistingNonCompliant
orReEvaluateCompliance
.Provisioning State & Deployment Summary: Provides status and deployment details for the task.
For example, the following JSON represents a remediation task:
{
"id": "/subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/remediations/remediateNotCompliant",
"apiVersion": "2021-10-01",
"name": "remediateNotCompliant",
"type": "Microsoft.PolicyInsights/remediations",
"properties": {
"policyAssignmentId": "/subscriptions/{subID}/providers/Microsoft.Authorization/policyAssignments/resourceShouldBeCompliantInit",
"policyDefinitionReferenceId": "requiredTags",
"resourceCount": 42,
"parallelDeployments": 6,
"failureThreshold": { "percentage": 0.1 }
}
}
Last updated