Hi!

I’m excited to share that you can now harness the power of Azure Resource Graph to effortlessly retrieve all policy exceptions. This is made even more seamless with the introduction of the new field: microsoft.authorization/policyexemptions.

Example: Extract all the policies which expire within 90 days

PolicyResources | where type == 'microsoft.authorization/policyexemptions' | extend expiresOnC = todatetime(properties.expiresOn) | where isnotnull(expiresOnC) | where expiresOnC >= now() and expiresOnC < now(+90d) | project name, expiresOnC

Example: All the policies exceptions per assignment

PolicyResources | where type == 'microsoft.authorization/policyexemptions' | summarize count() by tostring(properties.policyAssignmentId)

Maxime.