az blueprint assignment
Note
This reference is part of the blueprint extension for the Azure CLI (version 2.50.0 or higher). The extension will automatically install the first time you run an az blueprint assignment command. Learn more about extensions.
This command group is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release. Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint.
Commands to manage blueprint assignment.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az blueprint assignment create |
Create a blueprint assignment. |
Extension | GA |
| az blueprint assignment delete |
Delete a blueprint assignment. |
Extension | Preview |
| az blueprint assignment list |
List blueprint assignments within a subscription. |
Extension | Preview |
| az blueprint assignment show |
Get a blueprint assignment. |
Extension | Preview |
| az blueprint assignment update |
Update a blueprint assignment. |
Extension | GA |
| az blueprint assignment wait |
Place the CLI in a waiting state until a condition of the Blueprint Assignment is met. |
Extension | GA |
| az blueprint assignment who |
Get Blueprint Servie Principal Name objectId. |
Extension | Preview |
az blueprint assignment create
Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint. This command is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release.
Create a blueprint assignment.
az blueprint assignment create --name
[--blueprint-version]
[--description]
[--display-name]
[--identity-type {None, SystemAssigned, UserAssigned}]
[--location]
[--locks-excluded-principals]
[--locks-mode {AllResourcesDoNotDelete, AllResourcesReadOnly, None}]
[--management-group]
[--parameters]
[--resource-group-value]
[--subscription]
[--user-assigned-identity]Examples
Assignment with system-assigned managed identity
az blueprint assignment create --subscription MySubscription --name \
MyBlueprintAssignment --location eastus --identity-type SystemAssigned \
--description "Enforce pre-defined MyBlueprint to this subscription." \
--blueprint-version "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/provid \
ers/Microsoft.Blueprint/blueprints/MyBlueprint/versions/v2" \
--resource-group-value artifact_name=rg-art-1 name=rg1 location=westus \
--resource-group-value artifact_name=rg-art-2 name=rg2 location=eastus \
--parameters "path/to/parameter/file" \Assignment with user-assigned managed identity
az blueprint assignment create --subscription MySubscription --name \
MyBlueprintAssignment --location eastus --identity-type UserAssigned \
--user-assigned-identity "/subscriptions/00000000-0000-0000-0000-000000000000 \
/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity"\
--description "Enforce pre-defined MyBlueprint to this subscription." \
--blueprint-version "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup \
/providers/Microsoft.Blueprint/blueprints/MyBlueprint/versions/v2" \
--resource-group-value artifact_name=rg-art-1 name=rg1 location=eastus \
--parameters "path/to/parameter/file" \Required Parameters
Name of the blueprint assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Resource ID of the published version of a blueprint definition.
Multi-line explain this resource.
One-liner string explain this resource.
Type of the managed identity.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
| Default value: | SystemAssigned |
| Accepted values: | None, SystemAssigned, UserAssigned |
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted.
Lock mode.
| Property | Value |
|---|---|
| Accepted values: | AllResourcesDoNotDelete, AllResourcesReadOnly, None |
Use management group for the target scope of the blueprint assignment. It is reserved for future use. Use --subscription instead.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Blueprint assignment parameter values. It can be a JSON string or JSON file path.
Key=Value pairs for a resource group. Keys include 'artifact_name'(required), 'name', 'location'.
Use subscription for the target scope of the blueprint assignment. Default susbcription will be used if option not specified.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
The user-assigned managed identity associated with the resource.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az blueprint assignment delete
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint. This command is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release.
Delete a blueprint assignment.
az blueprint assignment delete --name
[--delete-behavior {all, none}]
[--management-group]
[--subscription]
[--yes]Examples
Delete an assignment
az blueprint assignment delete --subscription MySubscription --name MyBlueprintAssignmentRequired Parameters
Name of the blueprint assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
When deleteBehavior=all, the resources that were created by the blueprint assignment will be deleted.
| Property | Value |
|---|---|
| Accepted values: | all, none |
Use management group for the scope of the blueprint.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az blueprint assignment list
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint. This command is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release.
List blueprint assignments within a subscription.
az blueprint assignment list [--management-group]
[--max-items]
[--next-token]
[--subscription]Examples
List assignments
az blueprint assignment list --subscription MySubscriptionOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Use management group for the scope of the blueprint.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az blueprint assignment show
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint. This command is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release.
Get a blueprint assignment.
az blueprint assignment show --name
[--management-group]
[--subscription]Examples
Show an assignment
az blueprint assignment show --subscription MySubscription --name MyBlueprintAssignmentRequired Parameters
Name of the blueprint assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Use management group for the scope of the blueprint.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az blueprint assignment update
Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint. This command is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release.
Update a blueprint assignment.
az blueprint assignment update --name
[--blueprint-version]
[--description]
[--display-name]
[--identity-type {None, SystemAssigned, UserAssigned}]
[--location]
[--locks-excluded-principals]
[--locks-mode {AllResourcesDoNotDelete, AllResourcesReadOnly, None}]
[--management-group]
[--parameters]
[--resource-group-value]
[--subscription]
[--user-assigned-identity]Required Parameters
Name of the blueprint assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Resource ID of the published version of a blueprint definition.
Multi-line explain this resource.
One-liner string explain this resource.
Type of the managed identity.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
| Accepted values: | None, SystemAssigned, UserAssigned |
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
List of AAD principals excluded from blueprint locks. Up to 5 principals are permitted.
Lock mode.
| Property | Value |
|---|---|
| Accepted values: | AllResourcesDoNotDelete, AllResourcesReadOnly, None |
Use management group for the target scope of the blueprint assignment. It is reserved for future use. Use --subscription instead.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Blueprint assignment parameter values. It can be a JSON string or JSON file path.
Key=Value pairs for a resource group. Keys include 'artifact_name'(required), 'name', 'location'.
Use subscription for the target scope of the blueprint assignment. Default susbcription will be used if option not specified.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
The user-assigned managed identity associated with the resource.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az blueprint assignment wait
Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint. This command is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release.
Place the CLI in a waiting state until a condition of the Blueprint Assignment is met.
az blueprint assignment wait --name
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--management-group]
[--subscription]
[--timeout]
[--updated]Examples
Pause executing next line of CLI script until the Blueprint Assignment is successfully provisioned.
az blueprint assignment wait --subscription MySubscription \ --name MyBlueprintAssignment --createdRequired Parameters
Name of the blueprint assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
Use management group for the target scope of the blueprint assignment. It is reserved for future use. Use --subscription instead.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Use subscription for the target scope of the blueprint assignment. Default susbcription will be used if option not specified.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az blueprint assignment who
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint. This command is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release.
Get Blueprint Servie Principal Name objectId.
az blueprint assignment who --name
[--management-group]
[--subscription]Examples
Get SPN objectId
az blueprint assignment who --subscription MySubscription --name MyBlueprintAssignmentRequired Parameters
Name of the blueprint assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Use management group for the scope of the blueprint.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
