Set-AzPolicyAttestation
Modifies a policy attestation.
Set-AzPolicyAttestation
-Name <String>
[-Scope <String>]
[-ResourceGroupName <String>]
[-PolicyAssignmentId <String>]
[-ComplianceState <String>]
[-PolicyDefinitionReferenceId <String>]
[-ExpiresOn <DateTime>]
[-Owner <String>]
[-Comment <String>]
[-Evidence <PSAttestationEvidence[]>]
[-AssessmentDate <DateTime>]
[-Metadata <String>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Set-AzPolicyAttestation
-ResourceId <String>
[-PolicyAssignmentId <String>]
[-ComplianceState <String>]
[-PolicyDefinitionReferenceId <String>]
[-ExpiresOn <DateTime>]
[-Owner <String>]
[-Comment <String>]
[-Evidence <PSAttestationEvidence[]>]
[-AssessmentDate <DateTime>]
[-Metadata <String>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Set-AzPolicyAttestation
-InputObject <PSAttestation>
[-PolicyAssignmentId <String>]
[-ComplianceState <String>]
[-PolicyDefinitionReferenceId <String>]
[-ExpiresOn <DateTime>]
[-Owner <String>]
[-Comment <String>]
[-Evidence <PSAttestationEvidence[]>]
[-AssessmentDate <DateTime>]
[-Metadata <String>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]The Set-AzPolicyAttestation cmdlet modifies a policy attestation. Specify an attestation by Id or by Name and scope, or via piping.
Note: An existing policy attestation's
policyAssignmentIdorpolicyDefinitionReferenceIdcannot be modified.
Set-AzContext -Subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4"
# Update the existing attestation by resource name at subscription scope (default)
$comment = "Setting the state to non compliant"
$attestationName = "attestation-subscription"
$policyAssignmentId = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/Microsoft.Authorization/policyAssignments/PSAttestationSubAssignment"
Set-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "NonCompliant" -Comment $comment
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.policyinsights/attestations/
attestation-subscription
Name : attestation-subscription
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationsubassignment
PolicyDefinitionReferenceId :
ComplianceState : NonCompliant
ExpiresOn :
Owner :
Comment : Setting the state to non compliant
Evidence :
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 4:00:04 PM
AssessmentDate :
Metadata :
SystemData :The command here sets the compliance state and adds a comment to an existing attestation with name 'attestation-subscription' in the subscription with id 'd1acb22b-c876-44f7-b08e-3fcf9f6767f4'
# Get an attestation
$rgName = "ps-attestation-test-rg"
$attestationName = "attestation-RG"
$attestation = Get-AzPolicyAttestation -ResourceGroupName $rgName -Name $attestationName
# Update the existing attestation by resource ID at RG
$expiresOn = [System.DateTime]::UtcNow.AddYears(1)
Set-AzPolicyAttestation -Id $attestation.Id -ExpiresOn $expiresOn
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/
microsoft.policyinsights/attestations/attestation-rg
Name : attestation-rg
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationrgassignment
PolicyDefinitionReferenceId :
ComplianceState :
ExpiresOn : 1/27/2024 4:04:24 PM
Owner :
Comment :
Evidence :
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 4:04:11 PM
AssessmentDate :
Metadata :
SystemData :The first command gets an existing attestation at the resource group 'ps-attestation-test-rg' with the name 'attestation-RG'.
The final command updates the expiry time of the policy attestation by the ResourceId property of the existing attestation.
# Get an attestation
$attestationName = "attestation-resource"
$scope = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0"
$attestation = Get-AzPolicyAttestation -Name $attestationName -Scope $scope
# Update attestation by input object
$newOwner = "Test Owner 2"
$attestation | Set-AzPolicyAttestation -Owner $newOwner
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/
microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/att
estation-resource
Name : attestation-resource
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationresourceassignment
PolicyDefinitionReferenceId :
ComplianceState : NonCompliant
ExpiresOn :
Owner : Test Owner 2
Comment :
Evidence :
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 2:38:17 AM
AssessmentDate :
Metadata :
SystemData :The first command gets an existing attestation with name 'attestation-resource' for the given resource using its resource id as the scope
The final command updates the owner of the policy attestation by using piping.
The time the evidence of an attestation was assessed.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Comments describing why this attestation was created.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The Compliance State of the resource. E.g. 'Compliant', 'NonCompliant', 'Unknown'
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The evidence supporting the compliance state set in this attestation.
| Type: | PSAttestationEvidence[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The time the compliance state set in the attestation should expire.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The Attestation object.
| Type: | PSAttestation |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Additional metadata for the attestation.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Resource name.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The person responsible for setting the state of the resource. This value is typically a Microsoft Entra object ID.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Policy assignment ID. E.g. '/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments/{assignmentName}'.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
The policy definition reference ID of the individual definition. Required when the policy assignment assigns a policy set definition.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Resource group name.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Resource ID.
| Type: | String |
| Aliases: | Id |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Scope of the resource. E.g. '/subscriptions/{subscriptionId}/resourceGroups/{rgName}'.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Nullable<T>[[System.DateTime, System.Private.CoreLib, Version=7.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]
Azure PowerShell feedback
Azure PowerShell is an open source project. Select a link to provide feedback: