Hi MS Techie
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
Azure Resource Graph query to get all policy definition details of only the policies which are assigned:
policyassignments
| where properties.status.value == "Enabled"
| join policydefinitions on $left.policyDefinitionId == $right.id
| project policyDefinitionId, policyDefinitionName = $right.properties.displayName, policyDefinitionType = $right.properties.policyType, policyDefinitionDescription = $right.properties.description, policyDefinitionMetadata = $right.properties.metadata, policyDefinitionMode = $right.properties.mode, policyDefinitionVersion = $right.properties.version
This query retrieves the ID, name, type, description, metadata, mode, and version for all active and enabled policy definitions. It joins the policyassignments table with the policydefinitions table to get details of the assigned policies and filters to include only currently enabled policy assignments.
For more details, please read attached link: https://learn.microsoft.com/en-us/azure/governance/resource-graph/samples/advanced?tabs=azure-cli
https://blog.hueppauff.com/Post/Monitor-and-extract-Azure-Policy-compliance-with-Azure-Resource-Graph#:~:text=To%20start%20with%20a%20query%20you%20can%20search,will%20list%20all%20%22policyresources%22%20of%20the%20type%20%22microsoft.policyinsights%2Fpolicystates%22.
If you have any further queries, do let us know.
Thank you.!