Policy States - Summarize For Resource Group Level Policy Assignment
Summarizes policy states for the resource group level policy assignment.
POST https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}/providers/Microsoft.PolicyInsights/policyStates/latest/summarize?api-version=2019-10-01
POST https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}/providers/Microsoft.PolicyInsights/policyStates/latest/summarize?api-version=2019-10-01&$top={$top}&$from={$from}&$to={$to}&$filter={$filter}
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
authorization
|
path | True |
The namespace for Microsoft Authorization resource provider; only "Microsoft.Authorization" is allowed. |
|
policy
|
path | True |
string |
Policy assignment name. |
policy
|
path | True |
The virtual resource under PolicyStates resource type for summarize action. In a given time range, 'latest' represents the latest policy state(s) and is the only allowed value. |
|
resource
|
path | True |
string |
Resource group name. |
subscription
|
path | True |
string |
Microsoft Azure subscription ID. |
api-version
|
query | True |
string |
Client Api Version. |
$filter
|
query |
string |
OData filter expression. |
|
$from
|
query |
string date-time |
ISO 8601 formatted timestamp specifying the start time of the interval to query. When not specified, the service uses ($to - 1-day). |
|
$to
|
query |
string date-time |
ISO 8601 formatted timestamp specifying the end time of the interval to query. When not specified, the service uses request time. |
|
$top
|
query |
integer int32 |
Maximum number of records to return. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Summarize results. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Summarize at policy assignment scope
Sample request
POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/b7a1ca2596524e3ab19597f2/providers/Microsoft.PolicyInsights/policyStates/latest/summarize?api-version=2019-10-01
Sample response
{
"@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/b7a1ca2596524e3ab19597f2/providers/Microsoft.PolicyInsights/policyStates/$metadata#summary",
"@odata.count": 1,
"value": [
{
"@odata.id": null,
"@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/b7a1ca2596524e3ab19597f2/providers/Microsoft.PolicyInsights/policyStates/$metadata#summary/$entity",
"results": {
"queryResultsUri": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/b7a1ca2596524e3ab19597f2/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-10-01&$from=2019-10-22 23:54:22Z&$to=2019-10-23 23:54:22Z&$filter=IsCompliant eq false",
"nonCompliantResources": 7,
"nonCompliantPolicies": 1,
"resourceDetails": [
{
"complianceState": "compliant",
"count": 140
},
{
"complianceState": "noncompliant",
"count": 7
}
],
"policyDetails": [
{
"complianceState": "noncompliant",
"count": 1
}
],
"policyGroupDetails": [
{
"complianceState": "noncompliant",
"count": 1
}
]
},
"policyAssignments": [
{
"policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.authorization/policyassignments/b7a1ca2596524e3ab19597f2",
"policySetDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policysetdefinitions/a03db67e-a286-43c3-9098-b2da83d361ad",
"results": {
"queryResultsUri": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/b7a1ca2596524e3ab19597f2/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-10-01&$from=2019-10-22 23:54:22Z&$to=2019-10-23 23:54:22Z&$filter=IsCompliant eq false and PolicyAssignmentId eq '/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.authorization/policyassignments/b7a1ca2596524e3ab19597f2'",
"nonCompliantResources": 7,
"nonCompliantPolicies": 1,
"resourceDetails": [
{
"complianceState": "compliant",
"count": 140
},
{
"complianceState": "noncompliant",
"count": 7
}
],
"policyDetails": [
{
"complianceState": "noncompliant",
"count": 1
}
],
"policyGroupDetails": [
{
"complianceState": "noncompliant",
"count": 1
}
]
},
"policyDefinitions": [
{
"policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policydefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60",
"policyDefinitionReferenceId": "2134906828137356512",
"policyDefinitionGroupNames": [
"group1"
],
"effect": "audit",
"results": {
"queryResultsUri": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/b7a1ca2596524e3ab19597f2/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-10-01&$from=2019-10-22 23:54:22Z&$to=2019-10-23 23:54:22Z&$filter=IsCompliant eq false and PolicyAssignmentId eq '/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.authorization/policyassignments/b7a1ca2596524e3ab19597f2' and PolicyDefinitionId eq '/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policydefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60'",
"nonCompliantResources": 7,
"resourceDetails": [
{
"complianceState": "compliant",
"count": 140
},
{
"complianceState": "noncompliant",
"count": 7
}
],
"policyDetails": [
{
"complianceState": "noncompliant",
"count": 1
}
],
"policyGroupDetails": [
{
"complianceState": "noncompliant",
"count": 1
}
]
}
}
],
"policyGroups": [
{
"policyGroupName": "group1",
"results": {
"queryResultsUri": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-10-01&$from=2019-10-12 19:48:53Z&$to=2019-10-13 19:48:53Z&$filter='group1' IN PolicyDefinitionGroupNames and PolicySetDefinitiontId eq '/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policysetdefinitions/a03db67e-a286-43c3-9098-b2da83d361ad' and PolicyAssignmentId eq '/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyassignments/b7a1ca2596524e3ab19597f2' and 'group1' IN PolicyDefinitionGroupNames",
"nonCompliantResources": 557,
"resourceDetails": [
{
"complianceState": "compliant",
"count": 140
},
{
"complianceState": "noncompliant",
"count": 7
}
],
"policyDetails": [
{
"complianceState": "noncompliant",
"count": 1
}
],
"policyGroupDetails": [
{
"complianceState": "noncompliant",
"count": 1
}
]
}
}
]
}
]
}
]
}
Definitions
Name | Description |
---|---|
Authorization |
The namespace for Microsoft Authorization resource provider; only "Microsoft.Authorization" is allowed. |
Compliance |
The compliance state rollup. |
Error |
Error definition. |
Policy |
Policy assignment summary. |
Policy |
Policy definition summary. |
Policy |
Policy definition group summary. |
Policy |
The virtual resource under PolicyStates resource type for summarize action. In a given time range, 'latest' represents the latest policy state(s) and is the only allowed value. |
Query |
Error response. |
Summarize |
Summarize action results. |
Summary |
Summary results. |
Summary |
Compliance summary on a particular summary level. |
AuthorizationNamespaceType
The namespace for Microsoft Authorization resource provider; only "Microsoft.Authorization" is allowed.
Name | Type | Description |
---|---|---|
Microsoft.Authorization |
string |
ComplianceDetail
The compliance state rollup.
Name | Type | Description |
---|---|---|
complianceState |
string |
The compliance state. |
count |
integer |
Summarized count value for this compliance state. |
Error
Error definition.
Name | Type | Description |
---|---|---|
code |
string |
Service specific error code which serves as the substatus for the HTTP error code. |
message |
string |
Description of the error. |
PolicyAssignmentSummary
Policy assignment summary.
Name | Type | Description |
---|---|---|
policyAssignmentId |
string |
Policy assignment ID. |
policyDefinitions |
Policy definitions summary. |
|
policyGroups |
Policy definition group summary. |
|
policySetDefinitionId |
string |
Policy set definition ID, if the policy assignment is for a policy set. |
results |
Compliance summary for the policy assignment. |
PolicyDefinitionSummary
Policy definition summary.
Name | Type | Description |
---|---|---|
effect |
string |
Policy effect, i.e. policy definition action. |
policyDefinitionGroupNames |
string[] |
Policy definition group names. |
policyDefinitionId |
string |
Policy definition ID. |
policyDefinitionReferenceId |
string |
Policy definition reference ID. |
results |
Compliance summary for the policy definition. |
PolicyGroupSummary
Policy definition group summary.
Name | Type | Description |
---|---|---|
policyGroupName |
string |
Policy group name. |
results |
Compliance summary for the policy definition group. |
PolicyStatesSummaryResourceType
The virtual resource under PolicyStates resource type for summarize action. In a given time range, 'latest' represents the latest policy state(s) and is the only allowed value.
Name | Type | Description |
---|---|---|
latest |
string |
QueryFailure
Error response.
Name | Type | Description |
---|---|---|
error |
Error definition. |
SummarizeResults
Summarize action results.
Name | Type | Description |
---|---|---|
@odata.context |
string |
OData context string; used by OData clients to resolve type information based on metadata. |
@odata.count |
integer |
OData entity count; represents the number of summaries returned; always set to 1. |
value |
Summary[] |
Summarize action results. |
Summary
Summary results.
Name | Type | Description |
---|---|---|
@odata.context |
string |
OData context string; used by OData clients to resolve type information based on metadata. |
@odata.id |
string |
OData entity ID; always set to null since summaries do not have an entity ID. |
policyAssignments |
Policy assignments summary. |
|
results |
Compliance summary for all policy assignments. |
SummaryResults
Compliance summary on a particular summary level.
Name | Type | Description |
---|---|---|
nonCompliantPolicies |
integer |
Number of non-compliant policies. |
nonCompliantResources |
integer |
Number of non-compliant resources. |
policyDetails |
The policy artifact summary at this level. For query scope level, it represents policy assignment summary. For policy assignment level, it represents policy definitions summary. |
|
policyGroupDetails |
The policy definition group summary at this level. |
|
queryResultsUri |
string |
HTTP POST URI for queryResults action on Microsoft.PolicyInsights to retrieve raw results for the compliance summary. This property will not be available by default in future API versions, but could be queried explicitly. |
resourceDetails |
The resources summary at this level. |