PowerShell / REST Microsoft Azure: Get-AzPolicyStateSummary?

Good morning!

I would like to report the current status of policy compliance in a subscription.

So I pull the following data:

 $azState = Get-AzPolicyStateSummary -SubscriptionId $subscriptionId    $exportObject.Compliance.TotalRessources = $azState.Results.ResourceDetails[0].Count + $azState.Results.ResourceDetails[1].Count + $azState.Results.ResourceDetails[2].Count    $exportObject.Compliance.CompliantRessources = $azState.Results.ResourceDetails[0].Count    $exportObject.Compliance.NonCompliantRessources = $azState.Results.ResourceDetails[1].Count    $exportObject.Compliance.Exceptions = $azState.Results.ResourceDetails[2].Count    $exportObject.Compliance.Percentage = [math]::Round((1.0 - $exportObject.Compliance.NonCompliantRessources / ($exportObject.Compliance.CompliantRessources + $exportObject.Compliance.NonCompliantRessources + $exportObject.Compliance.Exceptions)) * 100)

This allows me to successfully obtain the resource compliance in percent, the total number of resources as well as the breakdown of how many are compliant, non-compliant and 'other'.

The problem, however, is that I can't access the non-compliant initiatives and non-compliant policies. The values, no matter how I access them, never seem to match these values. I either get significantly lower or significantly higher values.

Does anyone have any idea how I can filter the data correctly or, for example, get the correct data via the Graph API?

(1 votes)
Loading...

Similar Posts

Subscribe
Notify of
4 Answers
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
TheDoessler623
1 year ago

Hi.

Resources from “Get-AzPolicyStateSummary” are listed at the level of policy definitions and initiative level, not at the level of individual resources.

But have no time for more intensive research.

I’d make a point.

foreach ($result in $azState.Results)
{
    if ($result.InitiativeId -ne $null)
    {
        # Compliance für Initiatives
    }
    elseif ($result.PolicyDefinitionName -ne $null)
    {
        # Compliance für Policies
    }
}
TheDoessler623
1 year ago

Hmm ok, maybe I can help later