Share via

Powershell Script to Remove Duplicate Assignments

Dave O'Donohoe 170 Reputation points
2024-10-17T16:05:55.0966667+00:00

Hi,

We have MS Clound Benchmark Definition assigned at 200 scopes/ subscriptions, which we dont need.

Im wondering would you guys have some quick direction on how I can remove it from all 200 subscriptions with a single powershell command?

Thanks.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
1,014 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deepanshukatara-6769 16,565 Reputation points Moderator
    2024-10-17T17:19:37.5133333+00:00

    Hello Dave, Welcome to MS Q&A, I think would be difficulty from single command but you can try below script

    # Connect to Azure using PowerShell
Connect-AzAccount

# Get a list of subscriptions
$subscriptions = Get-AzSubscription

# Loop through each subscription and remove MS Cloud Benchmark Definition
foreach ($subscription in $subscriptions) {
    # Set the current subscription context
    Set-AzContext -SubscriptionId $subscription.Id
    
    # Remove the MS Cloud Benchmark Definition
    # Replace 'YourPolicyDefinitionName' with the actual name of the policy definition
    $policyDefinition = Get-AzPolicyDefinition | Where-Object { $_.Properties.DisplayName -eq 'YourPolicyDefinitionName' }
    if ($policyDefinition) {
        Remove-AzPolicyAssignment -Name $policyDefinition.Name -Scope "/subscriptions/$($subscription.Id)"
        Write-Output "Removed MS Cloud Benchmark Definition from subscription: $($subscription.Name)"
    } else {
        Write-Output "MS Cloud Benchmark Definition not found in subscription: $($subscription.Name)"
    }
}

    This script connects to Azure, retrieves a list of subscriptions, and loops through each subscription to remove the MS Cloud Benchmark Definition. Replace 'YourPolicyDefinitionName' with the actual name of the policy definition you want to remove.

    Kindly accept answer if it helps

    Please let us know if any further questions

    Thanks

    Deepanshu

  2. Anonymous
    2024-10-18T18:46:21.4533333+00:00

    Hi @YogiBear
    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    To remove MS Cloud Benchmark Definition from 200 scopes/subscriptions using a single PowerShell command, you can use the Remove-AzureRmPolicyAssignment cmdlet. Here js the general command structure:

    Remove-AzureRmPolicyAssignment -Name "MS Cloud Benchmark Definition" -Scope <scope>

    Replace <scope> with the actual subscription ID or scope where you want to remove the policy assignment. To remove it from all 200 subscriptions, you will need to go through each subscription and run the command.

    Below power shell script that you can try,

    # Get all subscriptions
$subscriptions = Get-AzureRmSubscription

# Iterate through each subscription and remove the policy assignment
foreach ($subscription in $subscriptions) {
    # Select the current subscription
    Select-AzureRmSubscription -SubscriptionId $subscription.SubscriptionId

    # Remove the policy assignment
    Remove-AzureRmPolicyAssignment -Name "MS Cloud Benchmark Definition" -Scope "/subscriptions/$subscription.SubscriptionId"
}

    Make sure to replace "MS Cloud Benchmark Definition" with the actual name of the policy assignment you want to remove. Also, ensure that you have the necessary permissions to remove policy assignments from all subscriptions.

    If you have any further queries, do let us know.

    If the answer was helpful, please click "Accept Answer" and "Upvote"

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.