Policy Events - List Query Results For Resource Group Level Policy Assignment
Queries policy events for the resource group level policy assignment.
POST https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2019-10-01
POST https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2019-10-01&$top={$top}&$orderby={$orderby}&$select={$select}&$from={$from}&$to={$to}&$filter={$filter}&$apply={$apply}&$skiptoken={$skiptoken}
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
authorization
|
path | True |
The namespace for Microsoft Authorization resource provider; only "Microsoft.Authorization" is allowed. |
|
policy
|
path | True |
string |
Policy assignment name. |
policy
|
path | True |
The name of the virtual resource under PolicyEvents resource type; only "default" is allowed. |
|
resource
|
path | True |
string |
Resource group name. |
subscription
|
path | True |
string |
Microsoft Azure subscription ID. |
api-version
|
query | True |
string |
Client Api Version. |
$apply
|
query |
string |
OData apply expression for aggregations. |
|
$filter
|
query |
string |
OData filter expression. |
|
$from
|
query |
string date-time |
ISO 8601 formatted timestamp specifying the start time of the interval to query. When not specified, the service uses ($to - 1-day). |
|
$orderby
|
query |
string |
Ordering expression using OData notation. One or more comma-separated column names with an optional "desc" (the default) or "asc", e.g. "$orderby=PolicyAssignmentId, ResourceId asc". |
|
$select
|
query |
string |
Select expression using OData notation. Limits the columns on each record to just those requested, e.g. "$select=PolicyAssignmentId, ResourceId". |
|
$skiptoken
|
query |
string |
Skiptoken is only provided if a previous response returned a partial result as a part of nextLink element. |
|
$to
|
query |
string date-time |
ISO 8601 formatted timestamp specifying the end time of the interval to query. When not specified, the service uses request time. |
|
$top
|
query |
integer int32 |
Maximum number of records to return. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Query results. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Query at resource group level policy assignment scope |
Query at resource group level policy assignment scope with next link |
Query at resource group level policy assignment scope
Sample request
POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2019-10-01
Sample response
{
"@odata.nextLink": null,
"@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default",
"@odata.count": 2,
"value": [
{
"@odata.id": null,
"@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
"timestamp": "2018-02-08T00:07:16.2804863Z",
"resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus",
"policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment",
"policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition",
"effectiveParameters": null,
"isCompliant": false,
"subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
"resourceType": "/microsoft.operationalinsights/workspaces",
"resourceLocation": "eastus",
"resourceGroup": "myResourceGroup",
"resourceTags": "tbd",
"policyAssignmentName": "myPolicyAssignment",
"policyAssignmentOwner": "tbd",
"policyAssignmentParameters": null,
"policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup",
"policyDefinitionName": "myPolicyAssignment",
"policyDefinitionAction": "deny",
"policyDefinitionCategory": "tbd",
"policySetDefinitionId": null,
"policySetDefinitionName": null,
"policySetDefinitionOwner": null,
"policySetDefinitionCategory": null,
"policySetDefinitionParameters": null,
"managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
"policyDefinitionReferenceId": null,
"tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
"principalOid": "fff2f355-fff2-fffc-fffb-fff1639dff94",
"complianceState": "NonCompliant"
},
{
"@odata.id": null,
"@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
"timestamp": "2018-02-08T00:06:08.4302267Z",
"resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus",
"policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment",
"policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition",
"effectiveParameters": null,
"isCompliant": false,
"subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
"resourceType": "/microsoft.operationalinsights/workspaces",
"resourceLocation": "eastus",
"resourceGroup": "myResourceGroup",
"resourceTags": "tbd",
"policyAssignmentName": "myPolicyAssignment",
"policyAssignmentOwner": "tbd",
"policyAssignmentParameters": null,
"policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup",
"policyDefinitionName": "myPolicyAssignment",
"policyDefinitionAction": "deny",
"policyDefinitionCategory": "tbd",
"policySetDefinitionId": null,
"policySetDefinitionName": null,
"policySetDefinitionOwner": null,
"policySetDefinitionCategory": null,
"policySetDefinitionParameters": null,
"managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
"policyDefinitionReferenceId": null,
"tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
"principalOid": "fff2f355-fff2-fffc-fffb-fff1639dff94",
"complianceState": "NonCompliant"
}
]
}
Query at resource group level policy assignment scope with next link
Sample request
POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2019-10-01&$skiptoken=WpmWfBSvPhkAK6QD
Sample response
{
"@odata.nextLink": null,
"@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default",
"@odata.count": 2,
"value": [
{
"@odata.id": null,
"@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
"timestamp": "2018-02-08T00:07:16.2804863Z",
"resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus",
"policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment",
"policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition",
"effectiveParameters": null,
"isCompliant": false,
"subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
"resourceType": "/microsoft.operationalinsights/workspaces",
"resourceLocation": "eastus",
"resourceGroup": "myResourceGroup",
"resourceTags": "tbd",
"policyAssignmentName": "myPolicyAssignment",
"policyAssignmentOwner": "tbd",
"policyAssignmentParameters": null,
"policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup",
"policyDefinitionName": "myPolicyAssignment",
"policyDefinitionAction": "deny",
"policyDefinitionCategory": "tbd",
"policySetDefinitionId": null,
"policySetDefinitionName": null,
"policySetDefinitionOwner": null,
"policySetDefinitionCategory": null,
"policySetDefinitionParameters": null,
"managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
"policyDefinitionReferenceId": null,
"tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
"principalOid": "fff2f355-fff2-fffc-fffb-fff1639dff94",
"complianceState": "NonCompliant"
},
{
"@odata.id": null,
"@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
"timestamp": "2018-02-08T00:06:08.4302267Z",
"resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus",
"policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment",
"policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition",
"effectiveParameters": null,
"isCompliant": false,
"subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
"resourceType": "/microsoft.operationalinsights/workspaces",
"resourceLocation": "eastus",
"resourceGroup": "myResourceGroup",
"resourceTags": "tbd",
"policyAssignmentName": "myPolicyAssignment",
"policyAssignmentOwner": "tbd",
"policyAssignmentParameters": null,
"policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup",
"policyDefinitionName": "myPolicyAssignment",
"policyDefinitionAction": "deny",
"policyDefinitionCategory": "tbd",
"policySetDefinitionId": null,
"policySetDefinitionName": null,
"policySetDefinitionOwner": null,
"policySetDefinitionCategory": null,
"policySetDefinitionParameters": null,
"managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
"policyDefinitionReferenceId": null,
"tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
"principalOid": "fff2f355-fff2-fffc-fffb-fff1639dff94",
"complianceState": "NonCompliant"
}
]
}
Definitions
Name | Description |
---|---|
Authorization |
The namespace for Microsoft Authorization resource provider; only "Microsoft.Authorization" is allowed. |
Component |
Component event details. |
Error |
Error definition. |
Policy |
Policy event record. |
Policy |
Query results. |
Policy |
The name of the virtual resource under PolicyEvents resource type; only "default" is allowed. |
Query |
Error response. |
AuthorizationNamespaceType
The namespace for Microsoft Authorization resource provider; only "Microsoft.Authorization" is allowed.
Name | Type | Description |
---|---|---|
Microsoft.Authorization |
string |
ComponentEventDetails
Component event details.
Name | Type | Description |
---|---|---|
id |
string |
Component Id. |
name |
string |
Component name. |
policyDefinitionAction |
string |
Policy definition action, i.e. effect. |
principalOid |
string |
Principal object ID for the user who initiated the resource component operation that triggered the policy event. |
tenantId |
string |
Tenant ID for the policy event record. |
timestamp |
string |
Timestamp for component policy event record. |
type |
string |
Component type. |
Error
Error definition.
Name | Type | Description |
---|---|---|
code |
string |
Service specific error code which serves as the substatus for the HTTP error code. |
message |
string |
Description of the error. |
PolicyEvent
Policy event record.
Name | Type | Description |
---|---|---|
@odata.context |
string |
OData context string; used by OData clients to resolve type information based on metadata. |
@odata.id |
string |
OData entity ID; always set to null since policy event records do not have an entity ID. |
complianceState |
string |
Compliance state of the resource. |
components |
Components events records populated only when URL contains $expand=components clause. |
|
effectiveParameters |
string |
Effective parameters for the policy assignment. |
isCompliant |
boolean |
Flag which states whether the resource is compliant against the policy assignment it was evaluated against. |
managementGroupIds |
string |
Comma separated list of management group IDs, which represent the hierarchy of the management groups the resource is under. |
policyAssignmentId |
string |
Policy assignment ID. |
policyAssignmentName |
string |
Policy assignment name. |
policyAssignmentOwner |
string |
Policy assignment owner. |
policyAssignmentParameters |
string |
Policy assignment parameters. |
policyAssignmentScope |
string |
Policy assignment scope. |
policyDefinitionAction |
string |
Policy definition action, i.e. effect. |
policyDefinitionCategory |
string |
Policy definition category. |
policyDefinitionId |
string |
Policy definition ID. |
policyDefinitionName |
string |
Policy definition name. |
policyDefinitionReferenceId |
string |
Reference ID for the policy definition inside the policy set, if the policy assignment is for a policy set. |
policySetDefinitionCategory |
string |
Policy set definition category, if the policy assignment is for a policy set. |
policySetDefinitionId |
string |
Policy set definition ID, if the policy assignment is for a policy set. |
policySetDefinitionName |
string |
Policy set definition name, if the policy assignment is for a policy set. |
policySetDefinitionOwner |
string |
Policy set definition owner, if the policy assignment is for a policy set. |
policySetDefinitionParameters |
string |
Policy set definition parameters, if the policy assignment is for a policy set. |
principalOid |
string |
Principal object ID for the user who initiated the resource operation that triggered the policy event. |
resourceGroup |
string |
Resource group name. |
resourceId |
string |
Resource ID. |
resourceLocation |
string |
Resource location. |
resourceTags |
string |
List of resource tags. |
resourceType |
string |
Resource type. |
subscriptionId |
string |
Subscription ID. |
tenantId |
string |
Tenant ID for the policy event record. |
timestamp |
string |
Timestamp for the policy event record. |
PolicyEventsQueryResults
Query results.
Name | Type | Description |
---|---|---|
@odata.context |
string |
OData context string; used by OData clients to resolve type information based on metadata. |
@odata.count |
integer |
OData entity count; represents the number of policy event records returned. |
@odata.nextLink |
string |
Odata next link; URL to get the next set of results. |
value |
Query results. |
PolicyEventsResourceType
The name of the virtual resource under PolicyEvents resource type; only "default" is allowed.
Name | Type | Description |
---|---|---|
default |
string |
QueryFailure
Error response.
Name | Type | Description |
---|---|---|
error |
Error definition. |