In my previous post, I touched on the topic of how to create Microsoft Defender for Cloud recommendation exemptions (also called standard assignments: exempt mode). In this post I want to show how to delete policy exemptions using REST API. Please read my previous posts here:

Microsoft Defender for Cloud – Get exemptions using REST API

Microsoft Defender for Cloud – Create exemptions using REST API

Please read the first post about getting standard assignments. This way you know how to authenticate and how to get existing exemptions. Once you have the complete Id of the exemption you want to delete, you should construct the variable to use as input uri:

$uri = "https://management.azure.com/subscriptions/SUBSCRIPTIONIDREMOVED/providers/Microsoft.Security/pricings/CloudPosture/securityentitydata/OBJECTIDREMOVED/providers/Microsoft.Security/standardAssignments/GUIDREMOVED?api-version=2024-08-01"

To ensure we delete the correct one and do not get any error, I format the uri with the entire ID of the existing exemption as you can see in the example above.

Simply use this command to now delete the exemption:

Invoke-RestMethod -Uri $uri -Method Delete -Headers $headers

Terminal output should say: Assignment successfully deleted