从PowerShell和AZ政策状态列表AZ CLI的Get-AzpolicyState之间的差异

发布于 2025-01-23 17:44:27 字数 4286 浏览 0 评论 0原文

如果我运行命令，

Get-AzPolicyState -PolicyAssignmentName "xxxxxxxxxxxxxxxxxxxxx" -Filter "ResourceType eq 'Microsoft.KeyVault/vaults'" # | where-object { $_.ComplianceState -eq "NonCompliant" }

我会得到一个示例响应：

Timestamp                   : 22/04/2022 11:38:58
ResourceId                  : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/group_name/providers/microsoft.keyvault/vaults/resouce_name
PolicyAssignmentId          : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/microsoft.authorization/policyassignments/xxxxxxxxxxxxxxxxxx
PolicyDefinitionId          : /providers/microsoft.authorization/policydefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
IsCompliant                 : False
SubscriptionId              : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
ResourceType                : Microsoft.KeyVault/vaults
ResourceLocation            : northeurope
ResourceGroup               : neu-rg-dev-bicep
ResourceTags                : tbd
PolicyAssignmentName        : xxxxxxxxxxxxxxxxxxxxxx
PolicyAssignmentOwner       : tbd
PolicyAssignmentScope       : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PolicyDefinitionName        : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PolicyDefinitionAction      : audit
PolicyDefinitionCategory    : tbd
PolicySetDefinitionId       : /providers/Microsoft.Authorization/policySetDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PolicySetDefinitionName     : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PolicySetDefinitionCategory : security center
ManagementGroupIds          : MSDN,xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PolicyDefinitionReferenceId : keyvaultsshouldhavepurgeprotectionenabledmonitoringeffect
ComplianceState             : NonCompliant
AdditionalProperties        : {[complianceReasonCode, ]}

带有AZ CLI的通讯命令

az policy state list --filter "ResourceType eq 'Microsoft.KeyVault/vaults'" --query "[?complianceState=='NonCompliant']"

，结果：

  {
    "complianceReasonCode": "",
    "complianceState": "NonCompliant",
    "components": null,
    "effectiveParameters": "",
    "isCompliant": false,
    "managementGroupIds": "MSDN,xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "odataContext": "https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
    "odataId": null,
    "policyAssignmentId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/microsoft.authorization/policyassignments/xxxxxxxxxxxxxxxxxx",
    "policyAssignmentName": "a26a6876d6c14a45b79d547f",
    "policyAssignmentOwner": "tbd",
    "policyAssignmentParameters": "",
    "policyAssignmentScope": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "policyAssignmentVersion": "",
    "policyDefinitionAction": "audit",
    "policyDefinitionCategory": "tbd",
    "policyDefinitionGroupNames": [
      "azure_security_benchmark_v3.0_dp-8"
    ],
    "policyDefinitionId": "/providers/microsoft.authorization/policydefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "policyDefinitionName": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "policyDefinitionReferenceId": "keyvaultsshouldhavepurgeprotectionenabledmonitoringeffect",
    "policyDefinitionVersion": "2.0.0",
    "policyEvaluationDetails": null,
    "policySetDefinitionCategory": "security center",
    "policySetDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "policySetDefinitionName": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "policySetDefinitionOwner": "",
    "policySetDefinitionParameters": "",
    "policySetDefinitionVersion": "47.0.0",
    "resourceGroup": "group_name",
    "resourceId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/group_name/providers/microsoft.keyvault/vaults/resource_name",
    "resourceLocation": "northeurope",
    "resourceTags": "tbd",
    "resourceType": "Microsoft.KeyVault/vaults",
    "subscriptionId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "timestamp": "2022-04-22T11:38:58.831865+00:00"
  }

如我们所见，有一些信息不是PowerShell版本。影响很大的属性之一是PolicyDefinitionGroupNames。

有人知道使用PowerShell获得该物业的方法吗？

原文

If i run the command

Get-AzPolicyState -PolicyAssignmentName "xxxxxxxxxxxxxxxxxxxxx" -Filter "ResourceType eq 'Microsoft.KeyVault/vaults'" # | where-object { $_.ComplianceState -eq "NonCompliant" }

I get an example response:

Timestamp                   : 22/04/2022 11:38:58
ResourceId                  : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/group_name/providers/microsoft.keyvault/vaults/resouce_name
PolicyAssignmentId          : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/microsoft.authorization/policyassignments/xxxxxxxxxxxxxxxxxx
PolicyDefinitionId          : /providers/microsoft.authorization/policydefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
IsCompliant                 : False
SubscriptionId              : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
ResourceType                : Microsoft.KeyVault/vaults
ResourceLocation            : northeurope
ResourceGroup               : neu-rg-dev-bicep
ResourceTags                : tbd
PolicyAssignmentName        : xxxxxxxxxxxxxxxxxxxxxx
PolicyAssignmentOwner       : tbd
PolicyAssignmentScope       : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PolicyDefinitionName        : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PolicyDefinitionAction      : audit
PolicyDefinitionCategory    : tbd
PolicySetDefinitionId       : /providers/Microsoft.Authorization/policySetDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PolicySetDefinitionName     : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PolicySetDefinitionCategory : security center
ManagementGroupIds          : MSDN,xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PolicyDefinitionReferenceId : keyvaultsshouldhavepurgeprotectionenabledmonitoringeffect
ComplianceState             : NonCompliant
AdditionalProperties        : {[complianceReasonCode, ]}

The correspondent command with Az cli is

az policy state list --filter "ResourceType eq 'Microsoft.KeyVault/vaults'" --query "[?complianceState=='NonCompliant']"

And the result:

  {
    "complianceReasonCode": "",
    "complianceState": "NonCompliant",
    "components": null,
    "effectiveParameters": "",
    "isCompliant": false,
    "managementGroupIds": "MSDN,xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "odataContext": "https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
    "odataId": null,
    "policyAssignmentId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/microsoft.authorization/policyassignments/xxxxxxxxxxxxxxxxxx",
    "policyAssignmentName": "a26a6876d6c14a45b79d547f",
    "policyAssignmentOwner": "tbd",
    "policyAssignmentParameters": "",
    "policyAssignmentScope": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "policyAssignmentVersion": "",
    "policyDefinitionAction": "audit",
    "policyDefinitionCategory": "tbd",
    "policyDefinitionGroupNames": [
      "azure_security_benchmark_v3.0_dp-8"
    ],
    "policyDefinitionId": "/providers/microsoft.authorization/policydefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "policyDefinitionName": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "policyDefinitionReferenceId": "keyvaultsshouldhavepurgeprotectionenabledmonitoringeffect",
    "policyDefinitionVersion": "2.0.0",
    "policyEvaluationDetails": null,
    "policySetDefinitionCategory": "security center",
    "policySetDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "policySetDefinitionName": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "policySetDefinitionOwner": "",
    "policySetDefinitionParameters": "",
    "policySetDefinitionVersion": "47.0.0",
    "resourceGroup": "group_name",
    "resourceId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/group_name/providers/microsoft.keyvault/vaults/resource_name",
    "resourceLocation": "northeurope",
    "resourceTags": "tbd",
    "resourceType": "Microsoft.KeyVault/vaults",
    "subscriptionId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "timestamp": "2022-04-22T11:38:58.831865+00:00"
  }

As we can see, there is some information not on the powershell version. One of the properties with big impact is the policyDefinitionGroupNames.

Does anyone know a way to get that property using powershell?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

意中人 2025-01-30 17:44:27

任何人都知道使用PowerShell
获得该属性的方法

，我们已经尝试过同样的尝试以获取您要寻找的属性，

请尝试使用以下cmdlts < /code>：

$outVar = Get-AzPolicyState -PolicyAssignmentName "xxxxxxxxx0" -Filter "ResourceType eq 'Microsoft.KeyVault/vaults'" # | where-object { $_.ComplianceState -eq "NonCompliant" }

检查属性是否可用$ ofvar | get-member

有关更多信息，请参阅此 ms doc | Get-azpolicyState ＆amp; 代码>

Does anyone know a way to get that property using powershell

As suggested by @Todd above, we have tried the same to get the property that you are looking for ,

Try to use the below cmdlts:

$outVar = Get-AzPolicyState -PolicyAssignmentName "xxxxxxxxx0" -Filter "ResourceType eq 'Microsoft.KeyVault/vaults'" # | where-object { $_.ComplianceState -eq "NonCompliant" }