last sync: 2025-Apr-29 17:15:48 UTC

Contributor

Azure BuiltIn RBAC Role definition

NameContributor
Privileged
Microsoft Learn
Idb24988ac-6180-42a0-ab88-20f7382dd24c
DescriptionGrants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
CategoryPrivileged
Microsoft Learn
CreatedOn2015-02-02 21:55:09 UTC
UpdatedOn2024-11-19 20:03:30 UTC
Permissions summary Effective control plane and data plane operations: 16444 (unique operations)
•action: 3713
•delete: 2519
•read: 7096
•write: 3116

Actions: 1
Resolved control plane operations from Actions: 16490
Effective control plane operations: 16444
•action: 3713
•delete: 2519
•read: 7096
•write: 3116

NotActions: 11
Resolved control plane operations from NotActions: 46
Effective denied control plane operations: 46

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3371
Actions
Operation Description
*wildcarded / no description
NotActions
Operation Description
Microsoft.Authorization/*/Deletewildcarded / no description
Microsoft.Authorization/*/Writewildcarded / no description
Microsoft.Authorization/elevateAccess/ActionGrants the caller User Access Administrator access at the tenant scope
Microsoft.Blueprint/blueprintAssignments/deleteDelete any blueprint artifacts
Microsoft.Blueprint/blueprintAssignments/writeCreate or update any blueprint artifacts
Microsoft.Compute/galleries/share/actionShares a Gallery to different scopes
Microsoft.Purview/consents/deleteDelete the Consent Resource.
Microsoft.Purview/consents/writeCreate or Update a Consent Resource.
Microsoft.Resources/deploymentStacks/manageDenySetting/actionManage the denySettings property of a deployment stack.
Microsoft.Subscription/cancel/actionCancels the Subscription
Microsoft.Subscription/enable/actionReactivates the Subscription
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
[Deprecated]: Configure Arc machines to create the default Microsoft Defender for Cloud pipeline using Azure Monitor Agent 3b1a8e0a-b2e1-48be-9365-28be2fbef550 Security Center Deprecated
[Deprecated]: Configure Arc machines to create the Microsoft Defender for Cloud user-defined pipeline using Azure Monitor Agent aba46665-c3a7-4319-ace1-a0282deebac2 Security Center Deprecated
[Deprecated]: Configure Azure Arc-enabled Linux machines with Log Analytics agents connected to default Log Analytics workspace bacd7fca-1938-443d-aad6-a786107b1bfb Monitoring Deprecated
[Deprecated]: Configure Azure Arc-enabled Windows machines with Log Analytics agents connected to default Log Analytics workspace 594c1276-f44f-482d-9910-71fac2ce5ae0 Monitoring Deprecated
[Deprecated]: Configure machines to create the Microsoft Defender for Cloud user-defined pipeline using Azure Monitor Agent c15c5978-ab6e-4599-a1c3-90a7918f5371 Security Center Deprecated
[Deprecated]: Configure virtual machines to be onboarded to Azure Automanage 270610db-8c04-438a-a739-e8e6745b22d3 Automanage Deprecated
[Deprecated]: Configure virtual machines to create the default Microsoft Defender for Cloud pipeline using Azure Monitor Agent 8b5ad9ab-3d44-4a6e-9ac3-75b04ea5fd28 Security Center Deprecated
[Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords ec49586f-4939-402d-a29e-6ff502b20592 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644 f19aa1c1-6b91-4c27-ae6a-970279f03db9 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the specified applications installed 4d1c04de-2172-403f-901b-90608c35c721 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Linux VMs that have accounts without passwords 3470477a-b35a-49db-aca5-1073d04524fe Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Linux VMs that have the specified applications installed 884b209a-963b-4520-8006-d20cb3c213e0 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows Server VMs on which Windows Serial Console is not enabled 7a031c68-d6ab-406e-a506-697a19c634b0 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Control Panel' ec7ac234-2af5-4729-94d2-c557c071799d Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - MSS (Legacy)' f1f4825d-58fb-4257-8016-8c00e3c9ed9d Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Network' 985285b7-b97a-419c-8d48-c88cc934c8d8 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - System' 40917425-69db-4018-8dae-2a0556cef899 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Accounts' e5b81f87-9185-4224-bf00-9f505e9f89f3 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Audit' 498b810c-59cd-4222-9338-352ba146ccf3 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Devices' 6481cc21-ed6e-4480-99dd-ea7c5222e897 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Interactive Logon' 3750712b-43d0-478e-9966-d2c26f6141b9 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Client' bbcdd8fa-b600-4ee3-85b8-d184e3339652 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Server' 86880e5c-df35-43c5-95ad-7e120635775e Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Access' f56a3ab2-89d1-44de-ac0d-2ada5962e22a Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security' 36e17963-7202-494a-80c3-f508211c826b Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Recovery console' ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Shutdown' 1f8c20ce-3414-4496-8b26-0e902a1541da Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System objects' 12ae2d24-3805-4b37-9fa9-465968bfbcfa Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System settings' 437a1f8f-8552-47a8-8b12-a2fee3269dd5 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - User Account Control' e425e402-a050-45e5-b010-bd3f934589fc Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Settings - Account Policies' e3d95ab7-f47a-49d8-a347-784177b6c94c Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Logon' c1e289c0-ffad-475d-a924-adc058765d65 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Management' 0a9991e6-21be-49f9-8916-a06d934bcf29 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking' 42a07bbf-ffcf-459a-b4b1-30ecd118a505 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Logon-Logoff' c04255ee-1b9f-42c1-abaa-bf1553f79930 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Object Access' 8e170edb-e0f5-497a-bb36-48b3280cec6a Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Policy Change' 97b595c8-fd10-400e-8543-28e2b9138b13 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Privilege Use' ce2370f6-0ac5-4d85-8ab4-10721cc640b0 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - System' f8b0158d-4766-490f-bea0-259e52dba473 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'User Rights Assignment' 815dcc9f-6662-43f2-9a03-1b83e9876f24 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Components' 7040a231-fb65-4412-8c0a-b365f4866c24 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Firewall Properties' 909c958d-1b99-4c74-b88f-46a5c5bc34f9 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group contains any of the specified members 144f1397-32f9-4598-8c88-118decc3ccba Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain all the specified members 93507a81-10a4-4af0-9ee2-34cf25a96e98 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain only specified members b821191b-3a12-44bc-9c38-212138a29ff3 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the DSC configuration is not compliant d38b4c26-9d2e-47d7-aefe-18d859a8706a Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the Log Analytics agent is not connected as expected 68511db2-bd02-41c4-ae6b-1900a012968a Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the remote connection status does not match the specified one 5bb36dda-8a78-4df9-affd-4f05a8612a8a Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the specified services are not installed and 'Running' 32b1e4d4-6cd5-47b4-a935-169da8a5c262 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit Guard is not enabled 6a7a2bcf-f9be-4e35-9734-4f9657a70f1d Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords 726671ac-c4de-4908-8c7d-6043ae62e3b6 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that are not joined to the specified domain 315c850a-272d-4502-8935-b79010405970 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that are not set to the specified time zone c21f7060-c148-41cf-a68b-0ab3e14c764c Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that contain certificates expiring within the specified number of days c5fbc59e-fb6f-494f-81e2-d99a671bdaa8 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not contain the specified certificates in Trusted Root 106ccbe4-a791-4f33-a44a-06796944b8d5 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days 356a906e-05e5-4625-8729-90771e0ee934 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day 16390df4-2f73-4b42-af13-c801066763df Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled 7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed 12f7e5d0-42a7-4630-80d8-54fb7cff9bd6 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell execution policy e0efc13a-122a-47c5-b817-2ccfe5d12615 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell modules installed 90ba2ee7-4ca8-4673-84d1-c851c50d3baf Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters 23020aa6-1135-4be2-bae2-149982b06eca Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption 8ff0b18b-262e-4512-857a-48ad0aeb9a78 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that have not restarted within the specified number of days f4b245d4-46c9-42be-9b1a-49e2b5b94194 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that have the specified applications installed f0633351-c7b2-41ff-9981-508fc08553c2 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs with a pending reboot c96f3246-4382-4264-bf6b-af0b35e23c3c Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows web servers that are not using secure communication protocols b2fc8f91-866d-4434-9089-5ebfe38d6fd8 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to enable Guest Configuration Policy on Linux VMs. fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to enable Guest Configuration Policy on Windows VMs. 0ecd903d-91e7-4726-83d3-a229d7f2e293 Guest Configuration Deprecated
[Preview]: Add user-assigned managed identity to enable Guest Configuration assignments on virtual machines f40c7c00-b4e3-4068-a315-5fe81347a904 Guest Configuration Preview
[Preview]: Assign Built-In User-Assigned Managed Identity to Virtual Machine Scale Sets 516187d4-ef64-4a1b-ad6b-a7348502976c Managed Identity Preview
[Preview]: Assign Built-In User-Assigned Managed Identity to Virtual Machines d367bd60-64ca-4364-98ea-276775bddd94 Managed Identity Preview
[Preview]: Configure Azure Defender for SQL agent on virtual machine 2ada9901-073c-444a-9a9a-91865174f0aa Security Center Preview
[Preview]: Deploy Microsoft Defender for Endpoint agent on Linux hybrid machines 4eb909e7-6d64-656d-6465-2eeb297a1625 Security Center Preview
[Preview]: Deploy Microsoft Defender for Endpoint agent on Linux virtual machines d30025d0-6d64-656d-6465-67688881b632 Security Center Preview
[Preview]: Deploy Microsoft Defender for Endpoint agent on Windows Azure Arc machines 37c043a6-6d64-656d-6465-b362dfeb354a Security Center Preview
[Preview]: Deploy Microsoft Defender for Endpoint agent on Windows virtual machines 1ec9c2c2-6d64-656d-6465-3ec3309b8579 Security Center Preview
[Preview]: Enable system-assigned identity to SQL VM 7148a409-0d59-4baa-925b-b3aae486a14e SQL Server Preview
[Preview]: Set prerequisite for Scheduling recurring updates on Azure virtual machines. 9905ca54-1471-49c6-8291-7582c04cd4d4 Azure Update Manager Preview
Add a tag to resource groups 726aca4c-86e9-4b04-b0c5-073027359532 Tags GA
Add a tag to resources 4f9dc7db-30c1-420c-b61a-e1d640128d26 Tags GA
Add or replace a tag on resource groups d157c373-a6c4-483d-aaad-570756956268 Tags GA
Add or replace a tag on resources 5ffd78d9-436d-4b41-a421-5baa819e3008 Tags GA
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration GA
Configure Advanced Threat Protection to be enabled on Azure database for MariaDB servers a6cf7411-da9e-49e2-aec0-cba0250eaf8c SQL GA
Configure Advanced Threat Protection to be enabled on Azure database for MySQL flexible servers 3d5ed4c2-5e50-4c76-932b-8982691b68ae Security Center GA
Configure Advanced Threat Protection to be enabled on Azure database for MySQL servers 80ed5239-4122-41ed-b54a-6f1fa7552816 SQL GA
Configure Advanced Threat Protection to be enabled on Azure database for PostgreSQL flexible servers 2a6ae02f-7590-40d7-88ba-b18e205a32fd Security Center GA
Configure Advanced Threat Protection to be enabled on Azure database for PostgreSQL servers db048e65-913c-49f9-bb5f-1084184671d3 SQL GA
Configure App Configuration stores to disable local authentication methods 72bc14af-4ab8-43af-b4e4-38e7983f9a1f App Configuration GA
Configure App Configuration to disable public network access 73290fa2-dfa7-4bbb-945d-a5e23b75df2c App Configuration GA
Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace da0fd392-9669-4ad4-b32c-ca46aaa6c21f Security Center GA
Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace 63d03cbd-47fd-4ee1-8a1c-9ddf07303de0 Security Center GA
Configure Azure Automation account to disable local authentication 30d1d58e-8f96-47a5-8564-499a3f3cca81 Automation GA
Configure Azure Automation accounts to disable public network access 23b36a7c-9d26-4288-a8fd-c1d2fa284d8c Automation GA
Configure Azure Cache for Redis Enterprise with private endpoints 1b1df1e6-d60f-4430-9390-2b0c83aae4a7 Cache GA
Configure Azure Databricks Workspaces with private endpoints 09210db3-d32c-4b2b-b4e1-f72ae920eb11 Azure Databricks GA
Configure Azure Device Update for IoT Hub accounts to disable public network access 27573ebe-7ef3-4472-a8e1-33aef9ea65c5 Internet of Things GA
Configure Azure Device Update for IoT Hub accounts to use private DNS zones a222b93a-e6c2-4c01-817f-21e092455b2a Internet of Things GA
Configure Azure Device Update for IoT Hub accounts with private endpoint 5b9d063f-c5fd-4750-a489-1258d1fefcbf Internet of Things GA
Configure Azure File Sync with private endpoints b35dddd9-daf7-423b-8375-5a5b86806d5a Storage GA
Configure Azure HDInsight clusters with private endpoints 2676090a-4baf-46ac-9085-4ac02cc50e3e HDInsight GA
Configure Azure IoT Hub to disable local authentication 9f8ba900-a70f-486e-9ffc-faf907305376 Internet of Things GA
Configure Azure Machine Learning Computes to disable local authentication methods a6f9a2d0-cff7-4855-83ad-4cd750666512 Machine Learning GA
Configure Azure Machine Learning Workspaces to disable public network access a10ee784-7409-4941-b091-663697637c0f Machine Learning GA
Configure Azure Managed Grafana workspaces to disable email settings f757d603-5178-4168-ac45-5223f681023f Managed Grafana GA
Configure Azure Managed Grafana workspaces to disable public network access 67529aa1-5285-4b1c-8e6f-5ccd861ac98e Managed Grafana GA
Configure Azure Managed Grafana workspaces to disable service account cc4dfa24-c7df-47e4-80ff-3728adb3f9a0 Managed Grafana GA
Configure Azure Managed Grafana workspaces with private endpoints bc33de80-97cd-4c11-b6b4-d075e03c7d60 Managed Grafana GA
Configure Azure Monitor Private Link Scope to block access to non private link resources bec5db8e-c4e3-40f9-a545-e0bd00065c82 Monitoring GA
Configure Azure Monitor Private Link Scopes with private endpoints e8185402-357b-4768-8058-f620bc0ae6b5 Monitoring GA
Configure Azure Synapse Workspace Dedicated SQL minimum TLS version 8b5c654c-fb07-471b-aa8f-15fea733f140 Synapse GA
Configure Azure Synapse workspaces to disable public network access 5c8cad01-ef30-4891-b230-652dadb4876a Synapse GA
Configure Azure Synapse workspaces with private endpoints 3b3b0c27-08d2-4b32-879d-19930bee3266 Synapse GA
Configure Azure Virtual Desktop hostpools with private endpoints 7b331e6b-6096-4395-a754-758a64505f19 Desktop Virtualization GA
Configure Azure Virtual Desktop workspaces with private endpoints 02aa841c-42e8-492f-a43d-1f2c67e58d41 Desktop Virtualization GA
Configure Batch accounts to disable local authentication 4dbc2f5c-51cf-4e38-9179-c7028eed2274 Batch GA
Configure Batch accounts to disable public network access c520cefc-285f-40f3-86e2-2efc38ef1f64 Batch GA
Configure Batch accounts with private endpoints 0ef5aac7-c064-427a-b87b-d47b3ddcaf73 Batch GA
Configure Cognitive Services accounts to disable local authentication methods 14de9e63-1b31-492e-a5a3-c3f7fd57f555 Cognitive Services GA
Configure Cognitive Services accounts to disable public network access 47ba1dd7-28d9-4b07-a8d5-9813bed64e0c Cognitive Services GA
Configure container registries to disable anonymous authentication. cced2946-b08a-44fe-9fd9-e4ed8a779897 Container Registry GA
Configure container registries to disable ARM audience token authentication. 785596ed-054f-41bc-aaec-7f3d0ba05725 Container Registry GA
Configure container registries to disable local admin account. 79fdfe03-ffcb-4e55-b4d0-b925b8241759 Container Registry GA
Configure Container registries to disable public network access a3701552-92ea-433e-9d17-33b7f1208fc9 Container Registry GA
Configure container registries to disable repository scoped access token. a9b426fe-8856-4945-8600-18c5dd1cca2a Container Registry GA
Configure Container registries with private endpoints d85c6833-7d33-4cf5-a915-aaa2de84405f Container Registry GA
Configure CosmosDB accounts to disable public network access da69ba51-aaf1-41e5-8651-607cd0b37088 Cosmos DB GA
Configure CosmosDB accounts with private endpoints b609e813-3156-4079-91fa-a8494c1471c4 Cosmos DB GA
Configure disk access resources with private endpoints 582bd7a6-a5f6-4dc6-b9dc-9cb81fe0d4c5 Compute GA
Configure installation of Flux extension on Kubernetes cluster f9175d5f-abc8-1dc3-bd3c-5d7476ada3d1 Kubernetes GA
Configure IoT Hub device provisioning instances to use private DNS zones aaa64d2d-2fa3-45e5-b332-0b031b9b30e8 Internet of Things GA
Configure IoT Hub device provisioning service instances to disable public network access 859dfc91-ea35-43a6-8256-31271c363794 Internet of Things GA
Configure IoT Hub device provisioning service instances with private endpoints 9b75ea5b-c796-4c99-aaaf-21c204daac43 Internet of Things GA
Configure Kubernetes clusters with Flux v2 configuration using Bucket source and secrets in KeyVault 5174c1db-ca42-e0d4-b320-4f1cf6a1fa93 Kubernetes GA
Configure Kubernetes clusters with Flux v2 configuration using Git repository and HTTPS CA Certificate 2630c91f-8a20-8f43-14a2-2485b648e2a9 Kubernetes GA
Configure Kubernetes clusters with Flux v2 configuration using Git repository and HTTPS secrets bf1a31be-3b79-5ba8-c9e0-9a8c9ad9f749 Kubernetes GA
Configure Kubernetes clusters with Flux v2 configuration using Git repository and local secrets b6c7fd52-4723-5f4d-a157-3d39bd16a1d7 Kubernetes GA
Configure Kubernetes clusters with Flux v2 configuration using Git repository and SSH secrets 9e980dca-f3e1-8da3-6717-ad37b1ca6b27 Kubernetes GA
Configure Kubernetes clusters with Flux v2 configuration using public Git repository 83ea2fd1-9eaf-2f6d-f672-cd7b2ac798f6 Kubernetes GA
Configure Kubernetes clusters with specified Flux v2 Bucket source using local secrets b8c1d6c1-6137-97c6-9c34-d4627e54ca26 Kubernetes GA
Configure Kubernetes clusters with specified GitOps configuration using HTTPS secrets a6f560f4-f582-4b67-b123-a37dcd1bf7ea Kubernetes GA
Configure Kubernetes clusters with specified GitOps configuration using no secrets 1d61c4d2-aef2-432b-87fc-7f96b019b7e1 Kubernetes GA
Configure Kubernetes clusters with specified GitOps configuration using SSH secrets c050047b-b21b-4822-8a2d-c1e37c3c0c6a Kubernetes GA
Configure Log Analytics workspace and automation account to centralize logs and monitoring 8e3e61b3-0b32-22d5-4edf-55f87fdb5955 Monitoring GA
Configure managed disks to disable public network access 8426280e-b5be-43d9-979e-653d12a08638 Compute GA
Configure network security groups to enable traffic analytics e920df7f-9a64-4066-9b58-52684c02a091 Network GA
Configure network security groups to use specific workspace, storage account and flowlog retention policy for traffic analytics 5e1cd26a-5090-4fdb-9d6a-84a90335e22d Network GA
Configure Packet Core Control Plane diagnostic access to use authentication type Microsoft EntraID 7508b186-60e2-4518-bf70-3d7fbaba1f3a Mobile Network GA
Configure periodic checking for missing system updates on azure virtual machines 59efceea-0c96-497e-a4a1-4eb2290dac15 Azure Update Manager GA
Configure private endpoint connections on Azure Automation accounts c0c3130e-7dda-4187-aed0-ee4a472eaa60 Automation GA
Configure private endpoints for App Configuration 614ffa75-862c-456e-ad8b-eaa1b0844b07 App Configuration GA
Configure Private Link for Azure AD with private endpoints b923afcf-4c3a-4ed6-8386-1ff64b68de47 Azure Active Directory GA
Configure secure communication protocols(TLS 1.1 or TLS 1.2) on Windows machines 828ba269-bf7f-4082-83dd-633417bc391d Guest Configuration GA
Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace c859b78a-a128-4376-a838-e97ce6625d16 Security Center GA
Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace 04754ef9-9ae3-4477-bf17-86ef50026304 Security Center GA
Configure subscriptions to set up preview features e624c84f-2923-4437-9fd9-4115c6da3888 General GA
Configure Synapse Workspaces to use only Microsoft Entra identities for authentication 738949be-6fd2-46b9-b969-99b53712b192 Synapse GA
Configure Synapse Workspaces to use only Microsoft Entra identities for authentication during workspace creation c3624673-d2ff-48e0-b28c-5de1c6767c3c Synapse GA
Configure the Microsoft Defender for SQL Log Analytics workspace 242300d6-1bfc-4d64-8d01-cee583709ebd Security Center GA
Configure virtual machines to be onboarded to Azure Automanage f889cab7-da27-4c41-a3b0-de1f6f87c550 Automanage GA
Configure virtual machines to be onboarded to Azure Automanage with Custom Configuration Profile b025cfb4-3702-47c2-9110-87fe0cfcc99b Automanage GA
Configure virtual network to enable Flow Log and Traffic Analytics 3e9965dc-cc13-47ca-8259-a4252fd0cf7b Network GA
Configure virtual networks to enforce workspace, storage account and retention interval for Flow logs and Traffic Analytics 052c180e-287d-44c3-86ef-01aeae2d9774 Network GA
Create and assign a built-in user-assigned managed identity 09963c90-6ee7-4215-8d26-1cc660a1682f Security Center GA
Deploy - Configure Azure IoT Hubs to use private DNS zones c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02 Internet of Things GA
Deploy - Configure Azure IoT Hubs with private endpoints bf684997-3909-404e-929c-d4a38ed23b2e Internet of Things GA
Deploy - Configure diagnostic settings to an Event Hub to be enabled on Azure Key Vault Managed HSM a6d2c800-5230-4a40-bff3-8268b4987d42 Key Vault GA
Deploy - Configure IoT Central to use private DNS zones d627d7c6-ded5-481a-8f2e-7e16b1e6faf6 Internet of Things GA
Deploy - Configure IoT Central with private endpoints c854b0f0-02d0-4f94-9b42-fd175fbd4d49 Internet of Things GA
Deploy a flow log resource with target network security group 0db34a60-64f4-4bf6-bd44-f95c16cf34b9 Network GA
Deploy a Flow Log resource with target virtual network cd6f7aff-2845-4dab-99f2-6d1754a754b0 Network GA
Deploy associations for a custom provider c15c281f-ea5c-44cd-90b8-fc3c14d13f0c Custom Provider GA
Deploy associations for a managed application 17763ad9-70c0-4794-9397-53d765932634 Managed Application GA
Deploy Diagnostic Settings for Azure SQL Database to Event Hub 9a7c7a7d-49e5-4213-bea8-6a502b6272e0 SQL GA
Deploy Diagnostic Settings for Batch Account to Event Hub db51110f-0865-4a6e-b274-e2e07a5b2cd7 Monitoring GA
Deploy Diagnostic Settings for Data Lake Analytics to Event Hub 4daddf25-4823-43d4-88eb-2419eb6dcc08 Monitoring GA
Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub e8d096bc-85de-4c5f-8cfb-857bd1b9d62d Monitoring GA
Deploy Diagnostic Settings for Event Hub to Event Hub ef7b61ef-b8e4-4c91-8e78-6946c6b0023f Monitoring GA
Deploy Diagnostic Settings for Key Vault to Event Hub ed7c8c13-51e7-49d1-8a43-8490431a0da2 Key Vault GA
Deploy Diagnostic Settings for Logic Apps to Event Hub a1dae6c7-13f3-48ea-a149-ff8442661f60 Monitoring GA
Deploy Diagnostic Settings for Search Services to Event Hub 3d5da587-71bd-41f5-ac95-dd3330c2d58d Monitoring GA
Deploy Diagnostic Settings for Service Bus to Event Hub 6b51af03-9277-49a9-a3f8-1c69c9ff7403 Monitoring GA
Deploy Diagnostic Settings for Stream Analytics to Event Hub edf3780c-3d70-40fe-b17e-ab72013dafca Monitoring GA
Deploy export to Event Hub as a trusted service for Microsoft Defender for Cloud data af9f6c70-eb74-4189-8d15-e4f11a7ebfd4 Security Center GA
Deploy export to Event Hub for Microsoft Defender for Cloud data cdfcce10-4578-4ecd-9703-530938e4abcb Security Center GA
Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data ffb6f416-7bd2-4488-8828-56585fef2be9 Security Center GA
Deploy Planned Maintenance to schedule and control upgrades for your Azure Kubernetes Service (AKS) cluster e1352e44-d34d-4e4d-a22e-451a15f759a1 Kubernetes GA
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration GA
Deploy Workflow Automation for Microsoft Defender for Cloud alerts f1525828-9a90-4fcf-be48-268cdd02361e Security Center GA
Deploy Workflow Automation for Microsoft Defender for Cloud recommendations 73d6ab6c-2475-4850-afd6-43795f3492ef Security Center GA
Deploy Workflow Automation for Microsoft Defender for Cloud regulatory compliance 509122b9-ddd9-47ba-a5f1-d0dac20be63c Security Center GA
Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace. 8e7da0a5-0a0e-4bbc-bfc0-7773c018b616 Security Center GA
Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with default workspace. 6df2fee6-a9ed-4fef-bced-e13be1b25f1c Security Center GA
Inherit a tag from the resource group cd3aa116-8754-49c9-a813-ad46512ece54 Tags GA
Inherit a tag from the resource group if missing ea3f2387-9b95-492a-a190-fcdc54f7b070 Tags GA
Inherit a tag from the subscription b27a0cbd-a167-4dfa-ae64-4337be671140 Tags GA
Inherit a tag from the subscription if missing 40df99da-1232-49b1-a39a-6da8d878f469 Tags GA
Modify - Configure Azure File Sync to disable public network access 0e07b2e9-6cd9-4c40-9ccb-52817b95133b Storage GA
Modify - Configure Azure IoT Hubs to disable public network access 114eec6e-5e59-4bad-999d-6eceeb39d582 Internet of Things GA
Modify - Configure IoT Central to disable public network access d02e48d5-28d9-40d3-8ab8-301932a6f9cb Internet of Things GA
Modify API Management to disable username and password authentication 1b0d74ac-4b43-4c39-a15f-594385adc38d API Management GA
Protect your data with authentication requirements when exporting or uploading to a disk or snapshot. c3921d55-b741-4d16-8d56-7f16e99e6892 Compute GA
Schedule recurring updates using Azure Update Manager ba0df93e-e4ac-479a-aac2-134bbae39a1a Azure Update Manager GA
History
Date/Time (UTC ymd) (i) Change Change detail
2024-11-20 18:52:37 change: NotActions NotActions: 'add Microsoft.Subscription/cancel/action; add Microsoft.Subscription/enable/action'
2024-05-16 18:05:17 change: NotActions NotActions: 'add Microsoft.Resources/deploymentStacks/manageDenySetting/action'
2023-07-10 18:02:27 change: Description, NotActions New Description: 'Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.'
Old Description: 'Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC.',
NotActions: 'add Microsoft.Purview/consents/write; add Microsoft.Purview/consents/delete'
2020-11-11 15:02:47 change: NotActions NotActions: 'add Microsoft.Compute/galleries/share/action'
JSON
api-version=2023-07-01-preview
Condition none