Created
November 12, 2018 12:29
-
-
Save andrew-kelleher/92e9d91525a40efd978f67d72c53bcda to your computer and use it in GitHub Desktop.
Azure Policy Example - full example using resource ID's passed as parameters to New-AzureRmPolicyAssignment cmdlet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Example script to using the -scope and notscope parameters for the New-AzureRmPolicyAssignment cmdlet | |
| # script applies a policy subscription wide but also excludes specific resource groups | |
| # Login to Azure | |
| Connect-AzureRmAccount | |
| # Get the subscription to assign the policy to | |
| $subscription = Get-AzureRmSubscription -SubscriptionName "subscriptioname" | |
| Write-Host $subscription.Id | |
| # Create the subscription scope string in the format required | |
| $scope = "/subscriptions/" + $subscription.id | |
| Write-Host $scope | |
| # Specify the resource groups to exclude | |
| $excludedrg1 = Get-AzureRmResourceGroup -Name "resourcegroupname1" | |
| $excludedrg2 = Get-AzureRmResourceGroup -Name "resourcegroupname2" | |
| # Create an array with the resource groups id's to exclude | |
| $notScope = @($excludedrg1.ResourceId,$excludedrg2.ResourceId) | |
| # Get the Azure Policy definition to apply | |
| $definition = Get-AzureRmPolicyDefinition | Where-Object { $_.Properties.DisplayName -eq 'Audit secure transfer to storage accounts' } | |
| # Assign the policy definition | |
| New-AzureRmPolicyAssignment -Name "Audit secure transfer to storage accounts" -DisplayName "Audit secure transfer to storage accounts" -Effect "Audit" -Scope $scope -NotScope $notScope -PolicyDefinition $definition |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment