Skip to content

Instantly share code, notes, and snippets.

@sriramvaidyanathan

sriramvaidyanathan/azure-policy-inventory.md

Forked from timothywarner/azure-policy-inventory.md
Created January 20, 2023 16:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save sriramvaidyanathan/cb1241e2b3aa4b0dba04df48ab79d2e4 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save sriramvaidyanathan/cb1241e2b3aa4b0dba04df48ab79d2e4 to your computer and use it in GitHub Desktop.
Download ZIP
Azure Resource Graph Explorer built-in sample that inventories Azure Policy assignments.
Raw
azure-policy-inventory.md 
// Policy assignments and information about each of its respective definitions
// Gets policy assignments in your environment with the respective assignment name,definition associated, category of definition (if applicable), as well as whether the definition type is an initiative or a single policy.

policyResources
| where type =~'Microsoft.Authorization/PolicyAssignments'
| project policyAssignmentId = tolower(tostring(id)), policyAssignmentDisplayName = tostring(properties.displayName), policyAssignmentDefinitionId = tolower(properties.policyDefinitionId)
| join kind=leftouter(
 policyResources
 | where type =~'Microsoft.Authorization/PolicySetDefinitions' or type =~'Microsoft.Authorization/PolicyDefinitions'
 | project definitionId = tolower(id), category = tostring(properties.metadata.category), definitionType = iff(type =~ 'Microsoft.Authorization/PolicysetDefinitions', 'initiative', 'policy')
) on $left.policyAssignmentDefinitionId == $right.definitionId
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment