Azure Policy Search with Azure Graph

Hi!

In this article, I will show you how you can use Azure Graph to check the result of one specific policy across all the subscriptions of your Azure tenant. Before to start let me refine what’s is it?

Azure Resource Graph (ARG) provides an efficient way to query at scale across a given set of subscriptions for any Azure Resource. If you are not familiar, I will recommend you to spend some time to learn it!

In this example, I will create a query to list all the policy and I will extract the policy name, compliance status and the resource id.

policyresources
| where type == "microsoft.policyinsights/policystates"
| extend name = properties['policyDefinitionName']
| extend state = properties['complianceState']
| extend resourceid = properties['resourceId']
| project name, state, resourceid

In this second example, I will create a query to list the compliance status and the resource id of an existing policy

policyresources
| where type == "microsoft.policyinsights/policystates"
| where properties['policyDefinitionName'] == "Name Of your Azure Policy"
| extend state = properties['complianceState']
| extend resourceid = properties['resourceId']
| project state, resourceid

Maxime.

Démarrez une conversation

Votre adresse e-mail ne sera pas publiée.