Copy Branch policies from a Azure DevOps Git branch to another branch

BranchPolicyCopy.ps1

[CmdletBinding()]

param(
    [Parameter(Mandatory=$true)]
    [string] $AzureDevOpsPAT,
    [Parameter(Mandatory=$true)]
    [string] $OrganizationName,
    [Parameter(Mandatory=$true)]
    [string] $teamProjectName,
    [Parameter(Mandatory=$true)]
    [string] $repositoryName,
    [Parameter(Mandatory=$true)]
    [string] $fromBranch,
    [Parameter(Mandatory=$true)]
    [string] $toBranch
)


$ErrorActionPreference = 'Stop';

$User="";

$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $User,$AzureDevOpsPAT)));
$header = @{Authorization=("Basic {0}" -f $base64AuthInfo)};

# Get repository
$Url = 'https://dev.azure.com/'+ $OrganizationName + '/' + $teamProjectName + '/_apis/git/repositories/' + $repositoryName +'?api-version=5.1'
$repository = Invoke-RestMethod -Uri $Url -Method Get -ContentType application/json -Headers $header

$Url = 'https://dev.azure.com/'+ $OrganizationName + '/' + $teamProjectName + 
            '/_apis/git/policy/configurations?repositoryId=' + $repository.id + '&refName=refs/heads/' + $fromBranch + '&api-version=5.1-preview.1'

# get policies
$policies = Invoke-RestMethod -Uri $Url -Method Get -ContentType application/json -Headers $header

$Url = 'https://dev.azure.com/'+ $OrganizationName + '/' + $teamProjectName + '/_apis/policy/configurations?api-version=5.1';


foreach($policy in $policies.value)
{
    if ($policy.type.id -eq '0517f88d-4ec5-4343-9d26-9930ebd53069') 
    {
        continue; # skipping GitRepositorySettingsPolicyName
    }

    # remove properties from policy so it can be applied to target branch
    $props = $policy.PSObject.Properties
    $props.remove('createdBy');
    $props.remove('createdDate');
    $props.remove('revision');
    $props.remove('id');
    $props.remove('url');

    $policy._links.PSObject.Properties.Remove('self')

    # set target branch

    if (($null -ne $policy.settings.scope[0].refname))
    {
        $policy.settings.scope[0].refName = 'refs/heads/' + $toBranch;
    }
    if (($null -ne $policy.settings.searchBranches))
    {
        $policy.settings.searchBranches[0] = 'refs/heads/' + $toBranch;
    }

    # create policy in target branch
    
    $body = $policy | ConvertTo-Json -Depth 10

    $policyCreateResponse = Invoke-RestMethod -Uri $Url -Method Post -Body $body -ContentType application/json -Headers $header
    $policyCreateResponse
}

@sahithiazure You don't have the necessary permissions.

I tried out the above code and kept getting this error:

{"$id":"1","innerException":null,"message":"The update is rejected by
     | policy.","typeName":"Microsoft.TeamFoundation.Policy.Server.PolicyChangeRejectedByPolicyException,
     | Microsoft.TeamFoundation.Policy.Server","typeKey":"PolicyChangeRejectedByPolicyException","errorCode":0,"eventId":3000}

For those who came across this via a google search, you're probably better off using the Azure DevOps CLI to add branch policies like 'minimum number of reviewers' and 'require linked work items'. See https://docs.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops&tabs=azure-devops-cli

Any mitigation you did found for this error, even I am getting same error. is it due to org policy conflict?

@devops4all77 I came up with a way to use the Azure CLI to add branch policies using a pipeline. Also I had to give 'Project Collection Build Service' service account in my DevOps instance certain permissions like Create a branch, and Contribute. Here's the pipeline YAML that creates the branch and adds the policies: https://github.com/mdailey77/sprint-branch-create