Created
June 5, 2020 14:24
-
-
Save JamesDLD/bfc11bdcf8f3e6fb93367171476774e5 to your computer and use it in GitHub Desktop.
Policy initiative assignment
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Login first with Connect-AzAccount if not using Cloud Shell | |
| ## Variable | |
| $scope = Get-AzResourceGroup -Name "jdld-we-demo-wvd-rg1" #Replace it with your target scope | |
| $logAnalytics = Get-AzOperationalInsightsWorkspace -Name "jdld-we-demo-wvd-wu2-logaw1" -ResourceGroupName "jdld-we-demo-wvd-rg1" #Replace it with your target Log Analytics Workspace | |
| $roleDefinitionId = (Get-AzRoleDefinition -Name "Contributor").Id #For the Demo we will assing the "Contributor" privilege to our Policy Assignment Managed Identity | |
| $initiativePolicy = Get-AzPolicySetDefinition -Name 'Windows Virtual Desktop Resources Diagnostic Settings' | |
| $params = @{'logAnalytics'=($logAnalytics.ResourceId)} | |
| ## Assign the Initiative Policy | |
| New-AzPolicyAssignment -Name 'WVD to Log Analytics Demo' ` | |
| -DisplayName 'WVD to Log Analytics Demo' ` | |
| -PolicySetDefinition $initiativePolicy ` | |
| -Scope $scope.ResourceId ` | |
| -AssignIdentity ` | |
| -Location 'westeurope' ` | |
| -PolicyParameterObject $params | |
| ## Get the newly created policy assignment object | |
| $PolicyAssignment = Get-AzPolicyAssignment -Name 'WVD to Log Analytics Demo' -Scope $scope.ResourceId | |
| ## Extract the ObjectID of the Policy Assignment Managed Identity | |
| $objectID = [GUID]($PolicyAssignment.Identity.principalId) | |
| ## Create a role assignment from the previous information | |
| New-AzRoleAssignment -Scope $scope.ResourceId -ObjectId $objectID -RoleDefinitionId $roleDefinitionId |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment