AssignedPolicyInventory

1.0.1

AssignedPolicyInventory.ps1

                                
<#PSScriptInfo

.VERSION 1.0.1

.GUID 31be8bab-3f38-4a7d-b783-8ab9750cb07c

.AUTHOR Chendrayan Venkatesan

.COMPANYNAME

.COPYRIGHT

.TAGS AzurePolicyInventory Azure Policy

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES Connect to Azure prior running this script

.PRIVATEDATA

#>

<# 

.DESCRIPTION 

 Azure Assigned Policy Inventory with assigned and default parameter values 

#> 

param (

    $SubscriptionId

)

#Set Context 

Set-AzContext -SubscriptionId $SubscriptionId

# Check for Azure context

$context = Get-AzContext

if (!$context.Subscription) {

    Write-Warning "No Azure context found. Please run Connect-AzAccount to connect to Azure before executing this script." -InformationAction Continue

    return  # Exit the script to prevent further errors

}

$csvPath = ".\assignedPolicyInventory.csv"

$assignments = Get-AzPolicyAssignment -WarningAction SilentlyContinue

$allParameterDetails = [System.Collections.Generic.List[PSCustomObject]]::new()

foreach ($assignment in $assignments) {

    $defId = $assignment.Properties.PolicyDefinitionId

    if ($defId -match '/policySetDefinitions/') {

        $definition = Get-AzPolicySetDefinition -Id $defId -WarningAction SilentlyContinue

        $definitionType = 'PolicySet'

    }

    else {

        $definition = Get-AzPolicyDefinition -Id $defId -WarningAction SilentlyContinue

        $definitionType = 'Policy'

    }

    foreach ($defParam in $definition.Properties.Parameters.PSObject.Properties) {

        $paramName = $defParam.Name

        $defaultValue = $defParam.Value.defaultValue  # Could be null if required/no default

        $assignedValue = $null

        if ($assignment.Properties.Parameters.$paramName) {

            $assignedValue = $assignment.Properties.Parameters.$paramName.value

        }

        $effectiveValue = if ($null -ne $assignedValue) { $assignedValue } elseif ($null -ne $defaultValue) { $defaultValue } else { $null }

        $paramObj = [PSCustomObject]@{

            AssignmentId          = $assignment.ResourceId

            AssignmentName        = $assignment.Name

            AssignmentScope       = $assignment.Properties.Scope

            DefinitionType        = $definitionType

            DefinitionId          = $defId

            DefinitionName        = $definition.Name

            DefinitionDisplayName = $definition.Properties.DisplayName

            ParameterName         = $paramName

            DefaultValue          = if ($defaultValue -is [array]) { ($defaultValue | ForEach-Object { $_ }) -join ', ' } else { $defaultValue }

            AssignedValue         = if ($assignedValue -is [array]) { ($assignedValue | ForEach-Object { $_ }) -join ', ' } else { $assignedValue }

            EffectiveValue        = if ($effectiveValue -is [array]) { ($effectiveValue | ForEach-Object { $_ }) -join ', ' } else { $effectiveValue }

        }

        $allParameterDetails.Add($paramObj)

    }

}

$allParameterDetails | Export-Csv -Path $csvPath -NoTypeInformation

$allParameterDetails.Clear()