Merge pull request #111056 from DCtheGeek/dmc-policy-assignmentscopes

Add notScopes to assignments

Author: PRMerger14

articles/governance/policy/concepts/assignment-structure.md

@@ -1,7 +1,7 @@
 ---
 title: Details of the policy assignment structure
 description: Describes the policy assignment definition used by Azure Policy to relate policy definitions and parameters to resources for evaluation.
-ms.date: 09/23/2019
+ms.date: 04/15/2020
 ms.topic: conceptual
 ---
 # Azure Policy assignment structure
@@ -17,6 +17,7 @@ You use JSON to create a policy assignment. The policy assignment contains eleme
 - description
 - metadata
 - enforcement mode
+- excluded scopes
 - policy definition
 - parameters
 
@@ -31,6 +32,7 @@ For example, the following JSON shows a policy assignment in _DoNotEnforce_ mode
             "assignedBy": "Cloud Center of Excellence"
         },
         "enforcementMode": "DoNotEnforce",
+        "notScopes": [],
         "policyDefinitionId": "/subscriptions/{mySubscriptionID}/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
         "parameters": {
             "prefix": {
@@ -72,6 +74,14 @@ If **enforcementMode** isn't specified in a policy or initiative definition, the
 used. [Remediation tasks](../how-to/remediate-resources.md) can be started for [deployIfNotExists](./effects.md#deployifnotexists)
 policies, even when **enforcementMode** is set to _DoNotEnforce_.
 
+## Excluded scopes
+
+The **scope** of the assignment includes all child resource containers and child resources. If a
+child resource container or child resource shouldn't have the definition applied, each can be
+excluded from evaluation by setting **notScopes**. This property is an array to enable excluding one
+or more resource containers or resources from evaluation. **notScopes** can be added or updated
+after creation of the initial assignment.
+
 ## Policy definition ID
 
 This field must be the full path name of either a policy definition or an initiative definition.