Complete Azure Policy report using Powershell

Posted on

Update : updated script to support Azure Az powershell module.

Azure Policy and compliance lets you implement Guard rail base lines for your Azure environment in a programmatic way(JSON). This is very important way to define cloud Governance. Refer here to know more about Azure Policy.

Today, I am back with a script to quickly generate a CSV file report of defined Built-in and Custom policies. It will also provide you policy scope details, assignments and some other required information. Therefore, you should be able to quickly analyze if you are missing any policy assignment.

Before start using this script, make sure, you have Azure Az Module installed and imported on the system. For more information on how to install and configure Az module refer following article : https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az?view=azps-5.5.0

Post your questions or comments if you face any difficulty running this script, and, thanks for downloading!

$currentDir = $(Get-Location).Path
$oDFile = "$($currentDir)\Policy_Definitions_Assignment.csv"

if(Test-Path $oDFile){Remove-Item $oDFile -Force}
"display Name,policy Type,mode,description,Policy Assignments,Assignment Count" | Out-File $oDFile -append -encoding ASCII
Get-AzPolicyDefinition | ForEach-Object{
	$displayName = $policyType = $mode = $description = $allAssignment = ""
	$assignmentCount = 0
	$displayName = $_.Properties.displayName
	$policyType = $_.Properties.policyType
	$mode = $_.Properties.mode
	$description = $_.Properties.description.replace(","," ")
	$polResId = $_.ResourceId
	Get-AzPolicyAssignment -PolicyDefinitionId $polResId | ForEach-Object{
		$allAssignment = $allAssignment + $_.Properties.displayName + ";"		
	}
	$allAssignment = $allAssignment.TrimEnd(";")
	if(!([string]::IsNullOrEmpty($allAssignment))){
		$assignmentCount = $allAssignment.split(";").count
	}	
"$displayName,$policyType,$mode,$description,$allAssignment,$assignmentCount" | Out-File $oDFile -append -encoding ASCII
}

Download above script and save it with a .ps1 file extension and open powershell console. After that, login to your Azure account using – Login-AzAccount. Now, it will prompt you to enter your Azure credentials.

This image has an empty alt attribute; its file name is image-3.png
Login to Azure Account

Once you login to Azure, run the powershell script saved in previous step.

Run Powershell script

You will receive a csv file output like below:

CSV File output