| project policyAssignmentName, scope = policyAssignmentScope,ĬomplianceState = iff(overallStateWeight = 300, 'noncompliant', iff(overallStateWeight = 200, 'compliant', iff(overallStateWeight = 100, 'conflict', iff(overallStateWeight = 50, 'exempt', 'notstarted')))),Īz graph query -q "PolicyResources | where type =~ 'Microsoft.PolicyInsights/PolicyStates' | extend complianceState = tostring(plianceState) | extend resourceId = tostring(properties.resourceId), policyAssignmentId = tostring(properties.policyAssignmentId), policyAssignmentScope = tostring(properties.policyAssignmentScope), policyAssignmentName = tostring(properties.policyAssignmentName), policyDefinitionId = tostring(properties.policyDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), stateWeight = iff(complianceState = 'NonCompliant', int(300), iff(complianceState = 'Compliant', int(200), iff(complianceState = 'Conflict', int(100), iff(complianceState = 'Exempt', int(50), int(0))))) | summarize max(stateWeight) by resourceId, policyAssignmentId, policyAssignmentScope, policyAssignmentName | summarize counts = count() by policyAssignmentId, policyAssignmentScope, max_stateWeight, policyAssignmentName | summarize overallStateWeight = max(max_stateWeight), nonCompliantCount = sumif(counts, max_stateWeight = 300), compliantCount = sumif(counts, max_stateWeight = 200), conflictCount = sumif(counts, max_stateWeight = 100), exemptCount = sumif(counts, max_stateWeight = 50) by policyAssignmentId, policyAssignmentScope, policyAssignmentName | extend totalResources = todouble(nonCompliantCount + compliantCount + conflictCount + exemptCount) | extend compliancePercentage = iff(totalResources = 0, todouble(100), 100 * todouble(compliantCount + exemptCount) / totalResources) | project policyAssignmentName, scope = policyAssignmentScope, complianceState = iff(overallStateWeight = 300, 'noncompliant', iff(overallStateWeight = 200, 'compliant', iff(overallStateWeight = 100, 'conflict', iff(overallStateWeight = 50, 'exempt', 'notstarted')))), compliancePercentage, compliantCount, nonCompliantCount, conflictCount, exemptCount" | extend compliancePercentage = iff(totalResources = 0, todouble(100), 100 * todouble(compliantCount + exemptCount) / totalResources) | extend totalResources = todouble(nonCompliantCount + compliantCount + conflictCount + exemptCount) NonCompliantCount = sumif(counts, max_stateWeight = 300),ĬompliantCount = sumif(counts, max_stateWeight = 200),ĬonflictCount = sumif(counts, max_stateWeight = 100),ĮxemptCount = sumif(counts, max_stateWeight = 50) by policyAssignmentId, policyAssignmentScope, policyAssignmentName | summarize overallStateWeight = max(max_stateWeight), | summarize counts = count() by policyAssignmentId, policyAssignmentScope, max_stateWeight, policyAssignmentName | summarize max(stateWeight) by resourceId, policyAssignmentId, policyAssignmentScope, policyAssignmentName StateWeight = iff(complianceState = 'NonCompliant', int(300), iff(complianceState = 'Compliant', int(200), iff(complianceState = 'Conflict', int(100), iff(complianceState = 'Exempt', int(50), int(0))))) PolicyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), PolicyDefinitionId = tostring(properties.policyDefinitionId), PolicyAssignmentName = tostring(properties.policyAssignmentName), PolicyAssignmentScope = tostring(properties.policyAssignmentScope), PolicyAssignmentId = tostring(properties.policyAssignmentId), ResourceId = tostring(properties.resourceId), | extend complianceState = tostring(plianceState) | where type =~ 'Microsoft.PolicyInsights/PolicyStates' Provides compliance state, compliance percentage, and counts of resources for each Azure Policy assignment. Azure Policy Compliance by policy assignment For a complete list of Azure Resource Graph samples, see This page is a collection of Azure Resource Graph sample queriesįor Azure Policy. Azure Resource Graph sample queries for Azure Policy
0 kommentar(er)
