作為事件方格來源的 Azure 原則

本文提供 Azure 原則事件的屬性和結構描述。 如需事件結構描述的簡介，請參閱 Azure Event Grid 事件結構描述。 其也會提供快速入門和教學課程的清單，以使用 Azure 原則作為事件來源。

可用的事件類型

Azure 原則會發出下列事件類型：

事件類型	描述
Microsoft.PolicyInsights.PolicyStateCreated	建立原則合規性狀態時引發。
Microsoft.PolicyInsights.PolicyStateChanged	變更原則合規性狀態時引發。
Microsoft.PolicyInsights.PolicyStateDeleted	刪除原則合規性狀態時引發。

事件屬性

Event Grid 事件結構描述

事件具有下列的最高層級資料：

屬性	類型​	描述
topic	string	事件來源的完整資源路徑。 此欄位無法寫入。 事件方格提供此值。
subject	string	合規性狀態變更的資源完整識別碼，包括資源名稱和資源類型。 使用格式、/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>
eventType	string	此事件來源已註冊的事件類型之一。
eventTime	string	事件產生的時間，以提供者的 UTC 時間為準。
id	string	事件的唯一識別碼。
data	object	Azure 原則事件資料。
dataVersion	string	資料物件的結構描述版本。 發行者會定義結構描述版本。
metadataVersion	string	事件中繼資料的結構描述版本。 「事件方格」會定義最上層屬性的結構描述。 事件方格提供此值。

雲端事件結構描述

事件具有下列的最高層級資料：

屬性	類型​	描述
source	string	事件來源的完整資源路徑。 此欄位無法寫入。 事件方格提供此值。
subject	string	合規性狀態變更的資源完整識別碼，包括資源名稱和資源類型。 使用格式、/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>
type	string	此事件來源已註冊的事件類型之一。
time	string	事件產生的時間，以提供者的 UTC 時間為準。
id	string	事件的唯一識別碼。
data	object	Azure 原則事件資料。
specversion	string	CloudEvents 結構描述規格版本。

資料物件具有下列屬性：

屬性	類型​	描述
timestamp	string	Azure 原則掃描資源的時間 (國際標準時間)。 若要排序事件，請使用此屬性，而不是最上層 eventTime 或 time 屬性。
policyAssignmentId	string	原則指派的資源識別碼。
policyDefinitionId	string	原則定義的資源識別碼。
policyDefinitionReferenceId	string	如果原則指派適用於方案，參考識別碼即適用於方案定義中的原則定義。 可以是空的。
complianceState	string	原則指派相關的資源合規性狀態。
subscriptionId	string	資源的訂用帳戶識別碼。
complianceReasonCode	string	合規性原因代碼。 可以是空的。

事件範例

Event Grid 事件結構描述

下列範例顯示限定在訂用帳戶層級的原則狀態建立事件的結構描述：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/subscriptions/<SubscriptionID>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateCreated",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]

限定在訂用帳戶層級的原則狀態變更事件的結構描述架構會類似：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/subscriptions/<SubscriptionID>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateChanged",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]

雲端事件結構描述

下列範例顯示限定在訂用帳戶層級的原則狀態建立事件的結構描述：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "source": "/subscriptions/<SubscriptionID>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "type": "Microsoft.PolicyInsights.PolicyStateCreated",
    "time": "2021-03-27T18:37:42.5241536Z",
    "specversion": "1.0"
}]

限定在訂用帳戶層級的原則狀態變更事件的結構描述架構會類似：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "source": "/subscriptions/<SubscriptionID>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "type": "Microsoft.PolicyInsights.PolicyStateChanged",
    "time": "2021-03-27T18:37:42.5241536Z",
    "specversion": "1.0"
}]

Event Grid 事件結構描述

下列範例顯示限定在管理群組層級的原則狀態建立事件的結構描述：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/tenants/<tenantId>/providers/Microsoft.Management/managementGroups/<managementGroupId>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateCreated",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]

限定在管理群組層級的原則狀態變更事件的結構描述架構會類似：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/tenants/<tenantId>/providers/Microsoft.Management/managementGroups/<managementGroupId>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateChanged",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]

雲端事件結構描述

下列範例顯示限定在管理群組層級的原則狀態建立事件的結構描述：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "source": "/tenants/<tenantId>/providers/Microsoft.Management/managementGroups/<managementGroupId>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "type": "Microsoft.PolicyInsights.PolicyStateCreated",
    "time": "2021-03-27T18:37:42.5241536Z",
    "specversion": "1.0"
}]

限定在管理群組層級的原則狀態變更事件的結構描述架構會類似：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "source": "/tenants/<tenantId>/providers/Microsoft.Management/managementGroups/<managementGroupId>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "type": "Microsoft.PolicyInsights.PolicyStateChanged",
    "time": "2021-03-27T18:37:42.5241536Z",
    "specversion": "1.0"
}]

下一步

• 如需如何路由 Azure 原則狀態變更事件的逐步解說，請參閱針對原則狀態變更通知使用事件方格。
• 如需整合 Azure 原則與事件方格的概觀，請參閱使用事件方格回應 Azure 原則事件。
• 如需 Azure Event Grid 的簡介，請參閱什麼是 Event Grid？
• 若要了解 Event Grid 訂用帳戶的建立，請參閱 Event Grid 訂用帳戶結構描述。