AzureHelper

1.0.68

Functions/Get-AHPolicyByResource.ps1

                                function Get-AHPolicyByResource {

    <#

    .SYNOPSIS

        Gets all resources that Azure Policies are applied to 

    .DESCRIPTION

        Gets all resources Azure Policies are applied to

    .EXAMPLE

        $myreport = Get-AHPolicyByResource

        $myreport | group -Property type | select name,count

        $myreport | where{$_.type -eq 'Microsoft.Compute/virtualMachines'} |ft Type, policyDisplayName, PolicySetDisplayName

        Get a list of all Azure Policies by resource then look at which resources are impacted.

        Check which policies and policy sets are impacting virtual machines.

    .EXAMPLE

    .INPUTS

        String

    .OUTPUTS

    .NOTES

        Author:  Paul Harrison

    #>

    $Assignments = Get-AzPolicyAssignment

    $MyReport = ForEach ($Assignment in $Assignments) {

        If ($Assignment.Properties.PolicyDefinitionId.split('/') -contains 'policySetDefinitions') {

            #policy set

            ForEach ($policy in (Get-AzPolicySetDefinition -id $Assignment.Properties.PolicyDefinitionId).Properties.PolicyDefinitions.PolicyDefinitionId) {

                $item = Get-PolicyInfoHelper -PolicyDefinitionId $Policy

                $item.PolicySetId = $Assignment.Properties.PolicyDefinitionId

                $item.PolicySetDisplayName = $Assignment.Properties.DisplayName

                $item

            }

        }

        Else {

            #Policy, not policy set

            Get-PolicyInfoHelper -PolicyDefinitionId $Assignment.Properties.PolicyDefinitionId

        }

    }

    $MyReport

}

function Get-PolicyInfoHelper {

    [CmdletBinding()]

    param (

        [Parameter()]

        [string]

        $PolicyDefinitionId

    )

    $Definition = Get-AzPolicyDefinition -Id $PolicyDefinitionId -ea 0

    $PolicyDefinitionJSON = az policy definition show -n (($PolicyDefinitionId -split ('/'))[-1]) 2>$Null

    $PolicyInfo = [PSCustomObject]@{

        type                 = Find-EqualsInFile -file $PolicyDefinitionJSON

        PolicyDisplayName    = $Definition.Properties.DisplayName

        PolicySetDisplayName = $Null

        PolicyDefinitionId   = $Definition.PolicyDefinitionId

        PolicySetId          = $Null

    }

    $PolicyInfo

}

Function Find-EqualsInFile {

    [CmdletBinding()]

    param (

        [Parameter()]

        [array]

        $file

    )   

    ForEach ($Line in $file) {

        #Get-Content $filename) {

        If ($Null -eq $previousLine) {

            $previousLine = $Line

        }

        Else {

            If ($Line.Contains('"field":') -and $Line.Contains('"type"') -and $previousLine.Contains('"equals":')) {

                $previousLine.split(":")[1].trim(',').trim().trim('"')

            }

            ElseIf ($previousLine.Contains('"field":') -and $previousLine.Contains('"type"') -and $Line.Contains('"equals":')) {

                $Line.split(":")[1].trim(',').trim().trim('"')

            }

            $previousLine = $Line

        }

    }

}