kam

kam

30 posts published

How to find non-compliant resources and Azure policies
KQL

How to find non-compliant resources and Azure policies

This is a simple KQL query that can be run against the Azure Resource Graph PolicyResources | where type == 'microsoft.policyinsights/policystates' | where properties.complianceState == 'NonCompliant' | extend NonCompliantResourceId = properties.resourceId, PolicyAssignmentName = properties.policyAssignmentName, PolicyDefinitionName = properties.policyDefinitionName, PolicySetDefinitionId = properties.policySetDefinitionId, ResourceType = tolower(tostring(properties.resourceType)), SubscriptionId = subscriptionId, ResourceGroup = resourceGroup | project NonCompliantResourceId, PolicyAssignmentName,