You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/governance/policy/how-to/remediate-resources.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,8 +17,8 @@ understand and accomplish remediation with Azure Policy.
17
17
18
18
When Azure Policy starts a template deployment when evaluating **deployIfNotExists** policies or modifies a resource when evaluating **modify** policies, it does so using
19
19
a [managed identity](../../../active-directory/managed-identities-azure-resources/overview.md) that is associated with the policy assignment.
20
-
Policy assignments can either use a system assigned managed identity that is created by the policy service or a user assigned identity provided by the user. The managed identity needs to be granted the appropriate roles required for remediating resources
21
-
to grant the managed identity. If the managed identity is missing roles, an error is displayed
20
+
Policy assignments can either use a system assigned managed identity that is created by the policy service or a user assigned identity provided by the user. The managed identity needs to be assigned the minimum role(s) required to remediate resources.
21
+
If the managed identity is missing roles, an error is displayed
22
22
during the assignment of the policy or an initiative. When using the portal, Azure Policy
23
23
automatically grants the managed identity the listed roles once assignment starts. When using SDK,
24
24
the roles must manually be granted to the managed identity. The _location_ of the managed identity
0 commit comments