I’m excited to share that you can now harness the power of Azure Resource Graph to effortlessly retrieve all policy exceptions. This is made even more seamless with the introduction of the new field: microsoft.authorization/policyexemptions.
Example: Extract all the policies which expire within 90 days
PolicyResources | where type == 'microsoft.authorization/policyexemptions' | extend expiresOnC = todatetime(properties.expiresOn) | where isnotnull(expiresOnC) | where expiresOnC >= now() and expiresOnC < now(+90d) | project name, expiresOnC
Example: All the policies exceptions per assignment
PolicyResources | where type == 'microsoft.authorization/policyexemptions' | summarize count() by tostring(properties.policyAssignmentId)