Share via

Policy Events - List Query Results For Resource Group

Service:
Policy
API Version:
2024-10-01

Queries policy events for the resources under the resource group.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2024-10-01
With optional parameters: 
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2024-10-01&$top={$top}&$orderby={$orderby}&$select={$select}&$from={$from}&$to={$to}&$filter={$filter}&$apply={$apply}&$skiptoken={$skiptoken}

URI Parameters

Name In Required Type Description
policyEventsResource
 path True

PolicyEventsResourceType

The name of the virtual resource under PolicyEvents resource type; only "default" is allowed.
resourceGroupName
 path True

string

Resource group name.
subscriptionId
 path True

string

Microsoft Azure subscription ID.
api-version
 query True

string

Client Api Version.
$apply
 query

string

OData apply expression for aggregations.
$filter
 query

string

OData filter expression.
$from
 query

string (date-time)

ISO 8601 formatted timestamp specifying the start time of the interval to query. When not specified, the service uses ($to - 1-day).
$orderby
 query

string

Ordering expression using OData notation. One or more comma-separated column names with an optional "desc" (the default) or "asc", e.g. "$orderby=PolicyAssignmentId, ResourceId asc".
$select
 query

string

Select expression using OData notation. Limits the columns on each record to just those requested, e.g. "$select=PolicyAssignmentId, ResourceId".
$skiptoken
 query

string

Skiptoken is only provided if a previous response returned a partial result as a part of nextLink element.
$to
 query

string (date-time)

ISO 8601 formatted timestamp specifying the end time of the interval to query. When not specified, the service uses request time.
$top
 query

integer (int32)

minimum: 0

Maximum number of records to return.

Responses

Name Type Description
200 OK

PolicyEventsQueryResults

Query results.
Other Status Codes

QueryFailure

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Query at resource group scope
Query at resource group scope with next link

Query at resource group scope

Sample request

POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2024-10-01

Sample response

Status code:
200 
{
  "@odata.nextLink": null,
  "@odata.context": "https://management.azure.com/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default",
  "@odata.count": 2,
  "value": [
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
      "timestamp": "2018-02-07T20:43:04.6971328Z",
      "resourceId": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.ServiceFabric/clusters/myCluster/applications/myApplication",
      "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policyAssignments/ec62f9b2a454487296f2ccd4",
      "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policyDefinitions/72c0c41a-c752-4bc0-9c61-0d6adc567066",
      "effectiveParameters": null,
      "isCompliant": false,
      "subscriptionId": "fff10b27-fff3-fff5-fff8-fffbe01e86a5",
      "resourceType": "/Microsoft.ServiceFabric/clusters/applications",
      "resourceLocation": "eastus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "ec62f9b2a454487296f2ccd4",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": "{\"ALLOWEDRESOURCEGROUPS_1\":{\"value\":[\"rg1\",\"rg2\"]},\"ALLOWEDRESOURCEGROUPS_2\":{\"value\":[\"myrg3\",\"myrg4\"]}}",
      "policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/myManagementGroup",
      "policyDefinitionName": "72c0c41a-c752-4bc0-9c61-0d6adc567066",
      "policyDefinitionAction": "audit",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/00b36c66-612b-44e2-9f8e-b758296d40fe",
      "policySetDefinitionName": "00b36c66-612b-44e2-9f8e-b758296d40fe",
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "myManagementGroup,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": "181565554491747128",
      "tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
      "principalOid": "fffdfc0f-fff5-fff0-fff3-fff1a968dcc6",
      "complianceState": "NonCompliant"
    },
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
      "timestamp": "2018-02-07T20:43:04.6971328Z",
      "resourceId": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.ServiceFabric/clusters/myCluster/applications/myApplication",
      "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policyAssignments/ec62f9b2a454487296f2ccd4",
      "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policyDefinitions/72c0c41a-c752-4bc0-9c61-0d6adc567066",
      "effectiveParameters": null,
      "isCompliant": false,
      "subscriptionId": "fff10b27-fff3-fff5-fff8-fffbe01e86a5",
      "resourceType": "/Microsoft.ServiceFabric/clusters/applications",
      "resourceLocation": "eastus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "ec62f9b2a454487296f2ccd4",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": "{\"ALLOWEDRESOURCEGROUPS_1\":{\"value\":[\"rg1\",\"rg2\"]},\"ALLOWEDRESOURCEGROUPS_2\":{\"value\":[\"myrg3\",\"myrg4\"]}}",
      "policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/myManagementGroup",
      "policyDefinitionName": "72c0c41a-c752-4bc0-9c61-0d6adc567066",
      "policyDefinitionAction": "audit",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/00b36c66-612b-44e2-9f8e-b758296d40fe",
      "policySetDefinitionName": "00b36c66-612b-44e2-9f8e-b758296d40fe",
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "myManagementGroup,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": "624540685646900425",
      "tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
      "principalOid": "fffdfc0f-fff5-fff0-fff3-fff1a968dcc6",
      "complianceState": "NonCompliant"
    }
  ]
}

Sample request

POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2024-10-01&$skiptoken=WpmWfBSvPhkAK6QD

Sample response

Status code:
200 
{
  "@odata.nextLink": null,
  "@odata.context": "https://management.azure.com/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default",
  "@odata.count": 2,
  "value": [
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
      "timestamp": "2018-02-07T20:43:04.6971328Z",
      "resourceId": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.ServiceFabric/clusters/myCluster/applications/myApplication",
      "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policyAssignments/ec62f9b2a454487296f2ccd4",
      "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policyDefinitions/72c0c41a-c752-4bc0-9c61-0d6adc567066",
      "effectiveParameters": null,
      "isCompliant": false,
      "subscriptionId": "fff10b27-fff3-fff5-fff8-fffbe01e86a5",
      "resourceType": "/Microsoft.ServiceFabric/clusters/applications",
      "resourceLocation": "eastus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "ec62f9b2a454487296f2ccd4",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": "{\"ALLOWEDRESOURCEGROUPS_1\":{\"value\":[\"rg1\",\"rg2\"]},\"ALLOWEDRESOURCEGROUPS_2\":{\"value\":[\"myrg3\",\"myrg4\"]}}",
      "policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/myManagementGroup",
      "policyDefinitionName": "72c0c41a-c752-4bc0-9c61-0d6adc567066",
      "policyDefinitionAction": "audit",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/00b36c66-612b-44e2-9f8e-b758296d40fe",
      "policySetDefinitionName": "00b36c66-612b-44e2-9f8e-b758296d40fe",
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "myManagementGroup,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": "181565554491747128",
      "tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
      "principalOid": "fffdfc0f-fff5-fff0-fff3-fff1a968dcc6",
      "complianceState": "NonCompliant"
    },
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
      "timestamp": "2018-02-07T20:43:04.6971328Z",
      "resourceId": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.ServiceFabric/clusters/myCluster/applications/myApplication",
      "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policyAssignments/ec62f9b2a454487296f2ccd4",
      "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policyDefinitions/72c0c41a-c752-4bc0-9c61-0d6adc567066",
      "effectiveParameters": null,
      "isCompliant": false,
      "subscriptionId": "fff10b27-fff3-fff5-fff8-fffbe01e86a5",
      "resourceType": "/Microsoft.ServiceFabric/clusters/applications",
      "resourceLocation": "eastus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "ec62f9b2a454487296f2ccd4",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": "{\"ALLOWEDRESOURCEGROUPS_1\":{\"value\":[\"rg1\",\"rg2\"]},\"ALLOWEDRESOURCEGROUPS_2\":{\"value\":[\"myrg3\",\"myrg4\"]}}",
      "policyAssignmentScope": "/providers/Microsoft.Management/managementGroups/myManagementGroup",
      "policyDefinitionName": "72c0c41a-c752-4bc0-9c61-0d6adc567066",
      "policyDefinitionAction": "audit",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": "/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/00b36c66-612b-44e2-9f8e-b758296d40fe",
      "policySetDefinitionName": "00b36c66-612b-44e2-9f8e-b758296d40fe",
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "myManagementGroup,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": "624540685646900425",
      "tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
      "principalOid": "fffdfc0f-fff5-fff0-fff3-fff1a968dcc6",
      "complianceState": "NonCompliant"
    }
  ]
}

Definitions

Name Description
ComponentEventDetails

Component event details.
Error

Error definition.
PolicyEvent

Policy event record.
PolicyEventsQueryResults

Query results.
PolicyEventsResourceType

The name of the virtual resource under PolicyEvents resource type; only "default" is allowed.
QueryFailure

Error response.

ComponentEventDetails

Object

Component event details.

Name Type Description
id

string

Component Id.
name

string

Component name.
policyDefinitionAction

string

Policy definition action, i.e. effect.
principalOid

string

Principal object ID for the user who initiated the resource component operation that triggered the policy event.
tenantId

string

Tenant ID for the policy event record.
timestamp

string (date-time)

Timestamp for component policy event record.
type

string

Component type.

Error

Object

Error definition.

Name Type Description
code

string

Service specific error code which serves as the substatus for the HTTP error code.
message

string

Description of the error.

PolicyEvent

Object

Policy event record.

Name Type Description
@odata.context

string

OData context string; used by OData clients to resolve type information based on metadata.
@odata.id

string

OData entity ID; always set to null since policy event records do not have an entity ID.
complianceState

string

Compliance state of the resource.
components

ComponentEventDetails[]

Components events records populated only when URL contains $expand=components clause.
effectiveParameters

string

Effective parameters for the policy assignment.
isCompliant

boolean

Flag which states whether the resource is compliant against the policy assignment it was evaluated against.
managementGroupIds

string

Comma separated list of management group IDs, which represent the hierarchy of the management groups the resource is under.
policyAssignmentId

string

Policy assignment ID.
policyAssignmentName

string

Policy assignment name.
policyAssignmentOwner

string

Policy assignment owner.
policyAssignmentParameters

string

Policy assignment parameters.
policyAssignmentScope

string

Policy assignment scope.
policyDefinitionAction

string

Policy definition action, i.e. effect.
policyDefinitionCategory

string

Policy definition category.
policyDefinitionId

string

Policy definition ID.
policyDefinitionName

string

Policy definition name.
policyDefinitionReferenceId

string

Reference ID for the policy definition inside the policy set, if the policy assignment is for a policy set.
policySetDefinitionCategory

string

Policy set definition category, if the policy assignment is for a policy set.
policySetDefinitionId

string

Policy set definition ID, if the policy assignment is for a policy set.
policySetDefinitionName

string

Policy set definition name, if the policy assignment is for a policy set.
policySetDefinitionOwner

string

Policy set definition owner, if the policy assignment is for a policy set.
policySetDefinitionParameters

string

Policy set definition parameters, if the policy assignment is for a policy set.
principalOid

string

Principal object ID for the user who initiated the resource operation that triggered the policy event.
resourceGroup

string

Resource group name.
resourceId

string

Resource ID.
resourceLocation

string

Resource location.
resourceTags

string

List of resource tags.
resourceType

string

Resource type.
subscriptionId

string

Subscription ID.
tenantId

string

Tenant ID for the policy event record.
timestamp

string (date-time)

Timestamp for the policy event record.

PolicyEventsQueryResults

Object

Query results.

Name Type Description
@odata.context

string

OData context string; used by OData clients to resolve type information based on metadata.
@odata.count

integer (int32)

minimum: 0

OData entity count; represents the number of policy event records returned.
@odata.nextLink

string

Odata next link; URL to get the next set of results.
value

PolicyEvent[]

Query results.

PolicyEventsResourceType

Enumeration

The name of the virtual resource under PolicyEvents resource type; only "default" is allowed.

Value Description
default

QueryFailure

Object

Error response.

Name Type Description
error

Error

Error definition.