Share via

Generate Azure Policy Compliance Report with Display Name and Description Mapped for Policy Definitions

Ankit Sharma 20 Reputation points
2025-04-08T04:47:13.3933333+00:00

I am able to export Azure Policy compliance data using the Get-AzPolicyState command, but the resulting CSV only includes Policy ID or Policy Definition ID, not the associated Policy Display Name or Policy Description.

For ease of use and to better understand the context of the checks for which policies are compliant or non-compliant, I need a report that maps these Policy IDs to their respective Policy Display Name and Policy Description in the exported CSV file.

Requirements:

• A PowerShell script or any other solution that retrieves policy compliance data for resources from Azure subscriptions using Get-AzPolicyState.

• The CSV should include ComplianceState, SubscriptionName, ResourceGroup, ResourceName, ResourceType, ResourceLocation, Timestamp, ResourceId, IsCompliant, and PolicyDefinitionAction.

• The report should also map each Policy ID to the corresponding Policy Display Name and Policy Description for easier identification of what each policy is checking for.

Please provide a solution that can provide comprehensive CSV or output file that contains azure policy compliance data with directly mapping to corresponding azure policy display name and description.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
996 questions
Accepted answer
  1. Ashok Gandhi Kotnana 6,680 Reputation points Microsoft External Staff Moderator
    2025-04-09T10:19:03.58+00:00

    Hi @Ankit Sharma

    Please find the below altered script, and the out put attached

    # Login to Azure
Connect-AzAccount
 
# Get all available subscriptions
$subscriptions = Get-AzSubscription
 
# Create an empty list to store the final report data
$finalReportData = @()
 
# Loop through each subscription
foreach ($subscription in $subscriptions) {
    # Set the subscription context
    Set-AzContext -SubscriptionId $subscription.Id
 
    # Get the policy compliance state for all resources in the current subscription
    $policyComplianceData = Get-AzPolicyState
 
    # Get the associated policies and initiatives
    $policyDefinitions = Get-AzPolicyDefinition
    $initiatives = Get-AzPolicySetDefinition
 
    # Loop through each policy compliance data entry
    foreach ($policy in $policyComplianceData) {
        # Get Resource Name if available (sometimes this can be inside the ResourceId property)
        $resourceName = $policy.ResourceId -split '/' | Select-Object -Last 1
 
        # Find the corresponding policy definition or initiative for the compliance state
        $policyDefinition = $policyDefinitions | Where-Object { $_.Id -eq $policy.PolicyDefinitionId }
        $initiativeDefinition = $initiatives | Where-Object { $_.Id -eq $policy.PolicyDefinitionId }
 
        # Determine if it is an initiative or policy definition
        $policyType = ""
        $policyName = ""
        $policyId = ""
 
        if ($policyDefinition) {
            $policyType = "Policy Definition"
            $policyName = $policyDefinition.DisplayName
            $policyId = $policyDefinition.Id
        } elseif ($initiativeDefinition) {
            $policyType = "Initiative"
            $policyName = $initiativeDefinition.DisplayName
            $policyId = $initiativeDefinition.Id
        }
 
        # Add the data for this policy to the final report
        $finalReportData += New-Object PSObject -property @{
            SubscriptionName        = $subscription.Name
            ComplianceState         = $policy.ComplianceState
            ResourceGroup           = $policy.ResourceGroup
            ResourceName            = $resourceName
            ResourceType            = $policy.ResourceType
            ResourceLocation        = $policy.ResourceLocation
            Timestamp               = $policy.Timestamp
            ResourceId              = $policy.ResourceId
            IsCompliant             = $policy.IsCompliant
            PolicyDefinitionAction  = $policy.PolicyDefinitionAction
            PolicyType              = $policyType
            PolicyName              = $policyName
            PolicyId                = $policyId
        }
    }
}
 
# Ensure the directory for saving the CSV exists
$directoryPath = "C:\Reports"
if (-not (Test-Path -Path $directoryPath)) {
    New-Item -ItemType Directory -Path $directoryPath
}
 
# Export the final report to CSV
$finalReportData | Export-Csv -Path "C:\Users\v-ashkotnana\policy_compliance_report1.csv" -NoTypeInformation

    Change the path to your path

    Below is the output, change the path

    User's image

    User's image

    Hope this answers your question. Let us know if you need any further assistance

    Please provide your valuable comments User's image

    Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.