Get-AzPolicyAttestation
Gets policy attestations.
Syntax
Get-AzPolicyAttestation
[-Top <Int32>]
[-Filter <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Get-AzPolicyAttestation
-Name <String>
[-Scope <String>]
[-ResourceGroupName <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Get-AzPolicyAttestation
-Scope <String>
[-Top <Int32>]
[-Filter <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Get-AzPolicyAttestation
-ResourceGroupName <String>
[-Top <Int32>]
[-Filter <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Get-AzPolicyAttestation
-ResourceId <String>
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The Get-AzPolicyAttestation cmdlet gets all policy attestations in a scope or a particular attestation.
Examples
Example 1: Get all policy attestations in the current subscription
Set-AzContext -Subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4"
Get-AzPolicyAttestation
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.policyinsights/attestations/
attestation-subscription
Name : attestation-subscription
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationsubassignment
PolicyDefinitionReferenceId :
ComplianceState : NonCompliant
ExpiresOn :
Owner :
Comment : Setting the state to non compliant
Evidence :
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 4:00:04 PM
AssessmentDate :
Metadata :
SystemData :
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/
microsoft.policyinsights/attestations/attestation-rg
Name : attestation-rg
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationrgassignment
PolicyDefinitionReferenceId :
ComplianceState :
ExpiresOn : 1/27/2024 4:04:24 PM
Owner :
Comment :
Evidence :
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 4:04:11 PM
AssessmentDate :
Metadata :
SystemData :
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/
microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/att
estation-resource
Name : attestation-resource
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationresourceassignment
PolicyDefinitionReferenceId :
ComplianceState : NonCompliant
ExpiresOn :
Owner : Test Owner 2
Comment :
Evidence :
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 2:38:17 AM
AssessmentDate :
Metadata :
SystemData :
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/
microsoft.policyinsights/attestations/attestationrgallprops
Name : attestationRGAllProps
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationinitiativergassignment
PolicyDefinitionReferenceId : pstestattestationrg_1
ComplianceState :
ExpiresOn : 1/27/2024 2:51:54 AM
Owner : Test Owner
Comment :
Evidence : {Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationEvidence}
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 2:51:57 AM
AssessmentDate : 1/25/2024 2:51:54 AM
Metadata : {
"TestKey": "TestValue"
}
SystemData :
This command gets all the attestations created at or underneath a subscription with id d1acb22b-c876-44f7-b08e-3fcf9f6767f4.
Example 2: Get a specific policy attestation
Get-AzPolicyAttestation -ResourceGroupName "ps-attestation-test-rg" -Name "attestation-RG"
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/
microsoft.policyinsights/attestations/attestation-rg
Name : attestation-rg
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationrgassignment
PolicyDefinitionReferenceId :
ComplianceState :
ExpiresOn : 1/27/2024 4:04:24 PM
Owner :
Comment :
Evidence :
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 4:04:11 PM
AssessmentDate :
Metadata :
SystemData :
This command gets the attestation named 'attestation-RG' at the resource group 'ps-attestation-test-rg'.
Example 3: Get 5 policy attestations in a subscription with optional filters
Set-AzContext -Subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4"
Get-AzPolicyAttestation -Top 5 -Filter "PolicyAssignmentId eq '/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignments/psattestationresourceassignment'"
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/
microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/att
estation-resource
Name : attestation-resource
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationresourceassignment
PolicyDefinitionReferenceId :
ComplianceState : NonCompliant
ExpiresOn :
Owner : Test Owner 2
Comment :
Evidence :
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 2:38:17 AM
AssessmentDate :
Metadata :
SystemData :
This command gets a max of 5 policy attestations underneath the subscription with id d1acb22b-c876-44f7-b08e-3fcf9f6767f4. Only policy attestations for the given policy assignment will be retrieved.
Parameters
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Filter
Filter expression using OData notation.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Name
Resource name.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceGroupName
Resource group name.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceId
Resource ID.
Type: | String |
Aliases: | Id |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Scope
Scope of the resource. E.g. '/subscriptions/{subscriptionId}/resourceGroups/{rgName}'.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Top
Maximum number of records to return. If not provided, the maximum number of records returned is determined by the Azure Policy service (currently 1000).
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Outputs
Related Links
Azure PowerShell