Security Standards - Create Or Update

Creates or updates a security standard over a given scope

PUT https://management.azure.com/{scope}/providers/Microsoft.Security/securityStandards/{standardId}?api-version=2024-08-01

URI Parameters

Name In Required Type Description
scope
path True

string

The scope of the security standard. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'

standardId
path True

string

The Security Standard key - unique key for the standard type

Regex pattern: [{]?[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$

api-version
query True

string

The API version to use for this operation.

Request Body

Name Type Description
properties.assessments

PartialAssessmentProperties[]

List of assessment keys to apply to standard scope.

properties.cloudProviders

StandardSupportedCloud[]

List of all standard supported clouds.

properties.description

string

Description of the standard

properties.displayName

string

Display name of the standard, equivalent to the standardId

properties.metadata

StandardMetadata

The security standard metadata.

properties.policySetDefinitionId

string

The policy set definition id associated with the standard.

Responses

Name Type Description
200 OK

SecurityStandard

Security standard successfully updated

201 Created

SecurityStandard

Created

Other Status Codes

ErrorResponse

Error response describing why the operation failed

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Create or update security standard over management group scope
Create or update security standard over security connector scope
Create or update security standard over subscription scope

Create or update security standard over management group scope

Sample request

PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/securityStandards/8bb8be0a-6010-4789-812f-e4d661c4ed0e?api-version=2024-08-01

{
  "properties": {
    "displayName": "Azure Test Security Standard 1",
    "description": "description of Azure Test Security Standard 1",
    "assessments": [
      {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      },
      {
        "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648"
      }
    ],
    "cloudProviders": [
      "GCP"
    ],
    "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions"
  }
}

Sample response

{
  "id": "/providers/Microsoft.Management/managementGroups/contoso/resourceGroups/myResourceGroup/provider/Microsoft.Security/securityStandards/8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "type": "Microsoft.Security/securityStandards",
  "properties": {
    "displayName": "Azure Test Security Standard 1",
    "standardType": "Custom",
    "description": "description of Azure Test Security Standard 1",
    "assessments": [
      {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      },
      {
        "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648"
      }
    ],
    "cloudProviders": [
      "GCP"
    ],
    "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions",
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}
{
  "id": "/providers/Microsoft.Management/managementGroups/contoso/resourceGroups/myResourceGroup/provider/Microsoft.Security/securityStandards/8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "type": "Microsoft.Security/securityStandards",
  "properties": {
    "displayName": "Azure Test Security Standard 1",
    "standardType": "Custom",
    "description": "description of Azure Test Security Standard 1",
    "assessments": [
      {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      },
      {
        "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648"
      }
    ],
    "cloudProviders": [
      "GCP"
    ],
    "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions",
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}

Create or update security standard over security connector scope

Sample request

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/securityStandards/8bb8be0a-6010-4789-812f-e4d661c4ed0e?api-version=2024-08-01

{
  "properties": {
    "displayName": "Azure Test Security Standard 1",
    "description": "description of Azure Test Security Standard 1",
    "assessments": [
      {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      },
      {
        "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648"
      }
    ],
    "cloudProviders": [
      "GCP"
    ]
  }
}

Sample response

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/resourceGroups/myResourceGroup/provider/Microsoft.Security/securityStandards/8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "type": "Microsoft.Security/securityStandards",
  "properties": {
    "displayName": "Azure Test Security Standard 1",
    "standardType": "Custom",
    "description": "description of Azure Test Security Standard 1",
    "assessments": [
      {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      },
      {
        "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648"
      }
    ],
    "cloudProviders": [
      "GCP"
    ],
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}
{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/resourceGroups/myResourceGroup/provider/Microsoft.Security/securityStandards/8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "type": "Microsoft.Security/securityStandards",
  "properties": {
    "displayName": "Azure Test Security Standard 1",
    "description": "description of Azure Test Security Standard 1",
    "assessments": [
      {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      },
      {
        "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648"
      }
    ],
    "cloudProviders": [
      "GCP"
    ],
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}

Create or update security standard over subscription scope

Sample request

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityStandards/8bb8be0a-6010-4789-812f-e4d661c4ed0e?api-version=2024-08-01

{
  "properties": {
    "displayName": "Azure Test Security Standard 1",
    "description": "description of Azure Test Security Standard 1",
    "assessments": [
      {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      },
      {
        "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648"
      }
    ],
    "cloudProviders": [
      "GCP"
    ],
    "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions"
  }
}

Sample response

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myResourceGroup/provider/Microsoft.Security/securityStandards/8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "type": "Microsoft.Security/securityStandards",
  "properties": {
    "displayName": "Azure Test Security Standard 1",
    "standardType": "Custom",
    "description": "description of Azure Test Security Standard 1",
    "assessments": [
      {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      },
      {
        "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648"
      }
    ],
    "cloudProviders": [
      "GCP"
    ],
    "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions",
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}
{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myResourceGroup/provider/Microsoft.Security/securityStandards/8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e",
  "type": "Microsoft.Security/securityStandards",
  "properties": {
    "displayName": "Azure Test Security Standard 1",
    "standardType": "Custom",
    "description": "description of Azure Test Security Standard 1",
    "assessments": [
      {
        "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f"
      },
      {
        "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648"
      }
    ],
    "cloudProviders": [
      "GCP"
    ],
    "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions",
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}

Definitions

Name Description
ErrorAdditionalInfo

The resource management error additional info.

ErrorDetail

The error detail.

ErrorResponse

Error response

PartialAssessmentProperties

Describes properties of an assessment as related to the standard

SecurityStandard

Security Standard on a resource

StandardMetadata

The standard metadata

StandardSupportedCloud

The cloud that the standard is supported on.

standardType

Standard type (Custom or Default or Compliance only currently)

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

ErrorDetail

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

ErrorDetail[]

The error details.

message

string

The error message.

target

string

The error target.

ErrorResponse

Error response

Name Type Description
error

ErrorDetail

The error object.

PartialAssessmentProperties

Describes properties of an assessment as related to the standard

Name Type Description
assessmentKey

string

The assessment key

SecurityStandard

Security Standard on a resource

Name Type Description
id

string

Resource Id

name

string

Resource name

properties.assessments

PartialAssessmentProperties[]

List of assessment keys to apply to standard scope.

properties.cloudProviders

StandardSupportedCloud[]

List of all standard supported clouds.

properties.description

string

Description of the standard

properties.displayName

string

Display name of the standard, equivalent to the standardId

properties.metadata

StandardMetadata

The security standard metadata.

properties.policySetDefinitionId

string

The policy set definition id associated with the standard.

properties.standardType

standardType

Standard type (Custom or Default or Compliance only currently)

type

string

Resource type

StandardMetadata

The standard metadata

Name Type Description
createdBy

string

Standard Created by object id (GUID)

createdOn

string

Standard creation date

lastUpdatedBy

string

Standard last updated by object id (GUID)

lastUpdatedOn

string

Standard last update date

StandardSupportedCloud

The cloud that the standard is supported on.

Name Type Description
AWS

string

Azure

string

GCP

string

standardType

Standard type (Custom or Default or Compliance only currently)

Name Type Description
Compliance

string

Custom

string

Default

string