Logo

dev-resources.site

for different kinds of informations.

Azure Policy - Find unused policies

Published at
9/13/2023
Categories
azure
policy
Author
wilfriedwoivre
Main Article
https://dev.to/wilfriedwoivre/azure-policy-find-unused-policies-1ea
Categories
2 categories in total
azure
open
policy
open
Author
14 person written this
wilfriedwoivre
open
Azure Policy - Find unused policies

Creating Azure policies is very easy, however it can be handy to know if all of your Azure policies are in use in your environment.

For this I created a very practical Resource Graph query

policyresources
| where type == "microsoft.authorization/policydefinitions"
| extend policyType = tostring(properties.policyType)
| where policyType == "Custom"
| join kind=leftouter (
    policyresources
    | where type == "microsoft.authorization/policysetdefinitions"
    | extend policyType = tostring(properties.policyType)
    | extend policyDefinitions = properties.policyDefinitions
    | where policyType == "Custom"
    | mv-expand policyDefinitions
    | extend policyDefinitionId = tostring(policyDefinitions.policyDefinitionId)
    | project associedIdToInitiative=policyDefinitionId 
    | distinct associedIdToInitiative) on $left.id == $right.associedIdToInitiative
| where associedIdToInitiative == ""
| join kind=leftouter(
    policyresources
    | where type == "microsoft.authorization/policyassignments"
    | extend policyDefinitionId = tostring(properties.policyDefinitionId)
    | project associatedDefinitionId=policyDefinitionId 
    | distinct associatedDefinitionId
) on $left.id == $right.associatedDefinitionId
| where associatedDefinitionId == ""
| extend displayName = tostring(properties.displayName)
| project id, displayName
Enter fullscreen mode Exit fullscreen mode

You can find the resource graph query on my github.

In this Resource Graph query, we start by listing all the Azure Policies that are defined in your environment, and we will filter only on those that are Custom.

And then we will see if they are not assigned in an Initiative, or directly on an Azure scope, and retrieve our list of unnecessary Policies.

It is up to you afterwards to delete them if they are really of no use to you.

This new feature in Azure Resource Graph is very practical, and the tool is really useful for all things governance, and it is constantly evolving at Microsoft, which I think is a good thing. I canโ€™t wait to be able to query Azure Role Assignments, and Azure AD objects (yes, thatโ€™s my wishlist for new features).

policy Article's
30 articles in total
Favicon
Microsoft Certified Azure Administrator Associate Exam (AZ-104) Lab Preparation #2: Azure Policy
Favicon
Developer Self-Service with Resourcely
Favicon
Unlocking Fine-Grained Authorization with Amazon Verified Permissions: An Underrated AWS Service
Favicon
Optimizing AWS Infrastructure Deployment: Terraform, Sentinel, and CI/CD Best Practices
Favicon
Apple lanza su IA centrada en la privacidad: un nuevo paradigma para la inteligencia artificial
Favicon
Apple Launches Its Privacy-Focused AI: A New Paradigm for Artificial Intelligence
Favicon
Developing a Conflict of Interest Policy for Government Contracting
Favicon
Developing an Effective Compliance Program for Government Contracts
Favicon
How to Change a Southwest Airlines Flight?
Favicon
10 free access control and permission management for modern web-app
Favicon
Editing an IAM Service Role, and Attaching Service Roles to AWS Resources
Favicon
Restrict GitHub branches to specific prefixes
Favicon
Creating an AI policy
Favicon
Creating, testing and Deleting Policies
Favicon
A Comprehensive Guide to Testing in Terraform: Keep your tests, validations, checks, and policies in order
Favicon
Azure DevOps ใฎใƒ–ใƒฉใƒณใƒไฟ่ญท
Favicon
Ensure proper Governance with Azure Policy
Favicon
Cross-Account Access to Amazon S3 using STS:AssumeRole
Favicon
Azure Policy - Find unused policies
Favicon
How to implement Policy Object pattern in Ruby on Rails?
Favicon
Washington, DC, and openโ€”for maintainers
Favicon
Admission controllers for policy enforcement - motivation and theory
Favicon
MQTT policy enforcement with Pipy
Favicon
Linux Security Modules
Favicon
Azure Storage - Control usage of your SAS Keys
Favicon
Azure Storage - Simplify your keys rotation
Favicon
Proposal for a Sunset Policy for a GitHub Action
Favicon
Azure Policy - Trigger policy scan
Favicon
IAM Core Concepts
Favicon
Azure Policy - Add custom error messages

Featured ones:

Favicon
Open
abubakersiddique761
Favicon
Open
0x3d_site
Favicon
Open
0x2e_tech
Favicon
Open
0x4c-quest
Favicon
Open
gittech