How to find non-compliant resources and Azure policies

This is a simple KQL query that can be run against the Azure Resource Graph

PolicyResources
| where type == 'microsoft.policyinsights/policystates'
| where properties.complianceState == 'NonCompliant'
| extend
    NonCompliantResourceId = properties.resourceId,
    PolicyAssignmentName = properties.policyAssignmentName,
    PolicyDefinitionName = properties.policyDefinitionName,
    PolicySetDefinitionId = properties.policySetDefinitionId,
    ResourceType = tolower(tostring(properties.resourceType)),
    SubscriptionId = subscriptionId,
    ResourceGroup = resourceGroup
| project NonCompliantResourceId, PolicyAssignmentName, PolicyDefinitionName, PolicySetDefinitionId, ResourceType, SubscriptionId, ResourceGroup