Share via

Azure Policy Compliance Report Into CSV format

Naresh kumar Petalo 0 Reputation points
2024-11-04T18:02:27.58+00:00

Dear Team,

I want to prepare a report for resource which are non compliant as per the policies or initiatives assigned against scope i want to extract the policy compliance report into CSV and prepare the report by mentioning the non compliance reason for policy or initiative so how to get the policy compliance report into CSV it should include the policy name and policies under initiatives and the resource which are non compliant with respective policies or initiatives assigned against the subscription or management group or tenant root group

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
926 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Luis Arias 7,526 Reputation points
    2024-11-04T21:30:08.2566667+00:00

    Hi Naresh,

    Let me share you a graph query to get the resources that are not compliant and also you can export to csv.

    policyresources
| where ['kind'] == 'policystates' 
| extend compliant = properties.complianceState
| extend timestamp = properties.timestamp
| extend resourceType = properties.resourceType
| extend resourceId = properties.resourceId
| extend policyDefinitionId = properties.policyDefinitionId
| project name, policyDefinitionId, compliant, timestamp, resourceType, resourceId
| where compliant == 'NonCompliant'

    To use to go to Azure portal > Azure Graph Explorer and run the query

    User's image

    If the information helped address your question, please Accept the answer.

    Luis

  2. Shikha Ghildiyal 0 Reputation points Microsoft Employee
    2024-11-11T05:07:20.2133333+00:00

    Hi @Naresh kumar Petalo

    To get a policy compliance report in CSV format, you can use Azure PowerShell or Azure CLI.

    Here are the steps to get the report using Azure PowerShell:

    1. Open Azure PowerShell and connect to your Azure account using the Connect-AzAccount cmdlet.
    2. Set the scope of the report using the Set-AzContext cmdlet. For example, to set the scope to a subscription, use the following command: Set-AzContext -SubscriptionId
    3. Run the following command to get the policy compliance report in CSV format: powershell Get-AzPolicyState | Export-Csv -Path -NoTypeInformation This command will export the policy compliance report to a CSV file at the specified path. The report will include the policy name, policy definition ID, policy assignment ID, resource ID, resource type, and compliance state.

    To include the non-compliance reason for each policy, you can modify the command as follows: powershell Get-AzPolicyState | Select-Object PolicyDefinitionName, PolicySetDefinitionName, PolicyDefinitionId, PolicySetDefinitionId, PolicyAssignmentId, ResourceId, ResourceType, ComplianceState, @{Name='NonComplianceReason';Expression={$_.NonComplianceMessage}} | Export-Csv -Path -NoTypeInformation

    This command will include the non-compliance reason for each policy in the report. I hope this helps! Let me know if you have any further questions.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.