استعلامات نموذجية عن Azure Resource Graph لسياسة Azure
تشمل هذه الصفحة مجموعة الاستعلامات النموذجيةعن Azure Resource Graph لسياسة Azure. للحصول على قائمة كاملة من نماذج zure Resource Graph راجع نماذج Resource Graph حسب الفئةونماذج Resource Graph حسب الجدول.
نهج Azure
التوافق حسب تعيين النهج
يوفر حالة التوافق والنسبة المئوية للامتثال وأعداد الموارد لكل تعيين في نهج Azure.
PolicyResources
| where type =~ 'Microsoft.PolicyInsights/PolicyStates'
| extend complianceState = tostring(properties.complianceState)
| extend
resourceId = tostring(properties.resourceId),
policyAssignmentId = tostring(properties.policyAssignmentId),
policyAssignmentScope = tostring(properties.policyAssignmentScope),
policyAssignmentName = tostring(properties.policyAssignmentName),
policyDefinitionId = tostring(properties.policyDefinitionId),
policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId),
stateWeight = iff(complianceState == 'NonCompliant', int(300), iff(complianceState == 'Compliant', int(200), iff(complianceState == 'Conflict', int(100), iff(complianceState == 'Exempt', int(50), int(0)))))
| summarize max(stateWeight) by resourceId, policyAssignmentId, policyAssignmentScope, policyAssignmentName
| summarize counts = count() by policyAssignmentId, policyAssignmentScope, max_stateWeight, policyAssignmentName
| summarize overallStateWeight = max(max_stateWeight),
nonCompliantCount = sumif(counts, max_stateWeight == 300),
compliantCount = sumif(counts, max_stateWeight == 200),
conflictCount = sumif(counts, max_stateWeight == 100),
exemptCount = sumif(counts, max_stateWeight == 50) by policyAssignmentId, policyAssignmentScope, policyAssignmentName
| extend totalResources = todouble(nonCompliantCount + compliantCount + conflictCount + exemptCount)
| extend compliancePercentage = iff(totalResources == 0, todouble(100), 100 * todouble(compliantCount + exemptCount) / totalResources)
| project policyAssignmentName, scope = policyAssignmentScope,
complianceState = iff(overallStateWeight == 300, 'noncompliant', iff(overallStateWeight == 200, 'compliant', iff(overallStateWeight == 100, 'conflict', iff(overallStateWeight == 50, 'exempt', 'notstarted')))),
compliancePercentage,
compliantCount,
nonCompliantCount,
conflictCount,
exemptCount
az graph query -q "PolicyResources | where type =~ 'Microsoft.PolicyInsights/PolicyStates' | extend complianceState = tostring(properties.complianceState) | extend resourceId = tostring(properties.resourceId), policyAssignmentId = tostring(properties.policyAssignmentId), policyAssignmentScope = tostring(properties.policyAssignmentScope), policyAssignmentName = tostring(properties.policyAssignmentName), policyDefinitionId = tostring(properties.policyDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), stateWeight = iff(complianceState == 'NonCompliant', int(300), iff(complianceState == 'Compliant', int(200), iff(complianceState == 'Conflict', int(100), iff(complianceState == 'Exempt', int(50), int(0))))) | summarize max(stateWeight) by resourceId, policyAssignmentId, policyAssignmentScope, policyAssignmentName | summarize counts = count() by policyAssignmentId, policyAssignmentScope, max_stateWeight, policyAssignmentName | summarize overallStateWeight = max(max_stateWeight), nonCompliantCount = sumif(counts, max_stateWeight == 300), compliantCount = sumif(counts, max_stateWeight == 200), conflictCount = sumif(counts, max_stateWeight == 100), exemptCount = sumif(counts, max_stateWeight == 50) by policyAssignmentId, policyAssignmentScope, policyAssignmentName | extend totalResources = todouble(nonCompliantCount + compliantCount + conflictCount + exemptCount) | extend compliancePercentage = iff(totalResources == 0, todouble(100), 100 * todouble(compliantCount + exemptCount) / totalResources) | project policyAssignmentName, scope = policyAssignmentScope, complianceState = iff(overallStateWeight == 300, 'noncompliant', iff(overallStateWeight == 200, 'compliant', iff(overallStateWeight == 100, 'conflict', iff(overallStateWeight == 50, 'exempt', 'notstarted')))), compliancePercentage, compliantCount, nonCompliantCount, conflictCount, exemptCount"
جرب هذا الاستعلام في Azure Resource Graph Explorer:التوافق حسب نوع المورد
يوفر حالة التوافق ونسبة التوافق وأعداد الموارد لكل نوع مورد.
PolicyResources
| where type =~ 'Microsoft.PolicyInsights/PolicyStates'
| extend complianceState = tostring(properties.complianceState)
| extend
resourceId = tostring(properties.resourceId),
resourceType = tolower(tostring(properties.resourceType)),
policyAssignmentId = tostring(properties.policyAssignmentId),
policyDefinitionId = tostring(properties.policyDefinitionId),
policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId),
stateWeight = iff(complianceState == 'NonCompliant', int(300), iff(complianceState == 'Compliant', int(200), iff(complianceState == 'Conflict', int(100), iff(complianceState == 'Exempt', int(50), int(0)))))
| summarize max(stateWeight) by resourceId, resourceType
| summarize counts = count() by resourceType, max_stateWeight
| summarize overallStateWeight = max(max_stateWeight),
nonCompliantCount = sumif(counts, max_stateWeight == 300),
compliantCount = sumif(counts, max_stateWeight == 200),
conflictCount = sumif(counts, max_stateWeight == 100),
exemptCount = sumif(counts, max_stateWeight == 50) by resourceType
| extend totalResources = todouble(nonCompliantCount + compliantCount + conflictCount + exemptCount)
| extend compliancePercentage = iff(totalResources == 0, todouble(100), 100 * todouble(compliantCount + exemptCount) / totalResources)
| project resourceType,
overAllComplianceState = iff(overallStateWeight == 300, 'noncompliant', iff(overallStateWeight == 200, 'compliant', iff(overallStateWeight == 100, 'conflict', iff(overallStateWeight == 50, 'exempt', 'notstarted')))),
compliancePercentage,
compliantCount,
nonCompliantCount,
conflictCount,
exemptCount
az graph query -q "PolicyResources | where type =~ 'Microsoft.PolicyInsights/PolicyStates' | extend complianceState = tostring(properties.complianceState) | extend resourceId = tostring(properties.resourceId), resourceType = tolower(tostring(properties.resourceType)), policyAssignmentId = tostring(properties.policyAssignmentId), policyDefinitionId = tostring(properties.policyDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), stateWeight = iff(complianceState == 'NonCompliant', int(300), iff(complianceState == 'Compliant', int(200), iff(complianceState == 'Conflict', int(100), iff(complianceState == 'Exempt', int(50), int(0))))) | summarize max(stateWeight) by resourceId, resourceType | summarize counts = count() by resourceType, max_stateWeight | summarize overallStateWeight = max(max_stateWeight), nonCompliantCount = sumif(counts, max_stateWeight == 300), compliantCount = sumif(counts, max_stateWeight == 200), conflictCount = sumif(counts, max_stateWeight == 100), exemptCount = sumif(counts, max_stateWeight == 50) by resourceType | extend totalResources = todouble(nonCompliantCount + compliantCount + conflictCount + exemptCount) | extend compliancePercentage = iff(totalResources == 0, todouble(100), 100 * todouble(compliantCount + exemptCount) / totalResources) | project resourceType, overAllComplianceState = iff(overallStateWeight == 300, 'noncompliant', iff(overallStateWeight == 200, 'compliant', iff(overallStateWeight == 100, 'conflict', iff(overallStateWeight == 50, 'exempt', 'notstarted')))), compliancePercentage, compliantCount, nonCompliantCount, conflictCount, exemptCount"
قائمة بجميع الموارد غير المتوافقة
يوفر قائمة بجميع أنواع الموارد الموجودة في الحالة NonCompliant.
PolicyResources
| where type == 'microsoft.policyinsights/policystates'
| where properties.complianceState == 'NonCompliant'
az graph query -q "PolicyResources | where type == 'microsoft.policyinsights/policystates' | where properties.complianceState == 'NonCompliant'"
تلخيص التوافق مع الموارد حسب الحالة
تفاصيل عدد الموارد في كل حالة التوافق.
PolicyResources
| where type == 'microsoft.policyinsights/policystates'
| extend complianceState = tostring(properties.complianceState)
| summarize count() by complianceState
az graph query -q "PolicyResources | where type == 'microsoft.policyinsights/policystates' | extend complianceState = tostring(properties.complianceState) | summarize count() by complianceState"
تلخيص التوافق مع الموارد حسب الحالة لكل موقع
تفاصيل عدد الموارد في كل حالة التوافق لكل موقع.
PolicyResources
| where type == 'microsoft.policyinsights/policystates'
| extend complianceState = tostring(properties.complianceState)
| extend resourceLocation = tostring(properties.resourceLocation)
| summarize count() by resourceLocation, complianceState
az graph query -q "PolicyResources | where type == 'microsoft.policyinsights/policystates' | extend complianceState = tostring(properties.complianceState) | extend resourceLocation = tostring(properties.resourceLocation) | summarize count() by resourceLocation, complianceState"
تعيينات السياسة ومعلومات حول كل تعريف من تعريفاتها الخاصة
يحصل الاستعلام أدناه على تعيينات النهج في بيئتك باستخدام اسم المهمة المعني والتعريف المرتبط وفئة التعريف (إن وجد) بالإضافة إلى ما إذا كان نوع التعريف مبادرة أو سياسة واحدة.
policyResources
| where type =~'Microsoft.Authorization/PolicyAssignments'
| project policyAssignmentId = tolower(tostring(id)), policyAssignmentDisplayName = tostring(properties.displayName), policyAssignmentDefinitionId = tolower(properties.policyDefinitionId)
| join kind=leftouter(policyResources
| where type =~'Microsoft.Authorization/PolicySetDefinitions' or type =~'Microsoft.Authorization/PolicyDefinitions'
| project definitionId = tolower(id), category = tostring(properties.metadata.category), definitionType = iff(type =~ 'Microsoft.Authorization/PolicysetDefinitions', 'initiative', 'policy')
) on $left.policyAssignmentDefinitionId == $right.definitionId
az graph query -q "policyResources | where type =~'Microsoft.Authorization/PolicyAssignments' | project policyAssignmentId = tolower(tostring(id)), policyAssignmentDisplayName = tostring(properties.displayName), policyAssignmentDefinitionId = tolower(properties.policyDefinitionId) | join kind=leftouter(policyResources | where type =~'Microsoft.Authorization PolicySetDefinitions' or type =~'Microsoft.Authorization/PolicyDefinitions' | project definitionId = tolower(id), category = tostring(properties.metadatacategory), definitionType = iff(type =~ 'Microsoft.Authorization/PolicysetDefinitions', 'initiative', 'policy')) on $left.policyAssignmentDefinitionId == $right.definitionId"
توزيع معلومات الامتثال لكل مهمة عند الاشتراك ومجموعة الإدارة ونطاق جذر المستأجر.
يحصل هذا الاستعلام على معلومات التوافق وتعريف النهج المجمعة لكل مهمة من المهام في النطاق المحدد بالإضافة إلى بعض التفاصيل الإضافية، بما في ذلك: policySetDefinition أو policyDefinition تفاصيل تلك المهام، وعدد السياسات/المجموعات داخل policysetDefinitions المدرجة، وعدد النهج غير المتوافقة داخل كل policySetDefinition وتقسيم عدد الموارد لكل حالة امتثال لتلك المهام.
policyResources
| where type =~'Microsoft.Authorization/PolicyAssignments'
| project policyAssignmentId = tolower(tostring(id)), policyAssignmentName = name, policyAssignmentDisplayName = tostring(properties.displayName), policyAssignmentScope = tostring(properties.scope), policyAssignmentDefinitionId = tolower(properties.policyDefinitionId), policyAssignmentNotScopes = tolower(properties.notScopes)
| join kind=leftouter(
policyResources
| where type =~'Microsoft.Authorization/PolicySetDefinitions' or type =~'Microsoft.Authorization/PolicyDefinitions'
| project definitionId = tolower(id), type, numberOfPolicies = array_length(properties.policyDefinitions), category = tostring(properties.metadata.category), numberOfGroups= array_length(properties.policyDefinitionGroups), mode = tostring(properties.mode)
| extend isRegulatoryInitiative = iff(category =~ 'Regulatory Compliance', true, false)
| extend definitionType = iff(type =~ 'Microsoft.Authorization/PolicysetDefinitions', 'initiative', 'policy')
| extend isRPMode = iff(mode startswith 'Microsoft.', true, false)
| project definitionId, numberOfPolicies, category, numberOfGroups, isRegulatoryInitiative, definitionType, isRPMode
) on $left.policyAssignmentDefinitionId == $right.definitionId
| join kind=leftouter(
policyResources
| where type =~ 'Microsoft.PolicyInsights/PolicyStates'
| extend complianceState = tostring(properties.complianceState)
| extend policyStateResourceId =id, resourceId = tostring(properties.resourceId), policyAssignmentId = tostring(properties.policyAssignmentId), policyDefinitionId = tostring(properties.policyDefinitionId), policySetDefinitionId = tostring(properties.policySetDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), policyDefinitionAction = tostring(properties.policyDefinitionAction), policyDefinitionGroupNames = iff(isnotnull(properties.policyDefinitionGroupNames), properties.policyDefinitionGroupNames, dynamic([''])), stateWeight = toint(properties.stateWeight)
| summarize max(stateWeight) by resourceId, policyAssignmentId, policySetDefinitionId
| summarize resourceCounts = count() by policyAssignmentId, policySetDefinitionId, max_stateWeight
| extend complianceState = case(
max_stateWeight == 300, 'noncompliant',
max_stateWeight == 200, 'compliant',
max_stateWeight == 100, 'conflict',
max_stateWeight == 50, 'exempt',
max_stateWeight == 10, 'unknown',
'notapplicable')
| extend pack = pack('complianceState', complianceState, 'resourceCounts', resourceCounts), numberOfNonCompliantResources = toint(iff(complianceState =~ 'NonCompliant', resourceCounts,0))
| summarize numberOfNonCompliantResources = max(numberOfNonCompliantResources), details = makelist(pack) by policyAssignmentId, policySetDefinitionId
| limit 5000
) on $left.policyAssignmentId == $right.policyAssignmentId
| sort by numberOfNonCompliantResources desc
| project-away policyAssignmentId1
az graph query -q "policyResources | where type =~'Microsoft.Authorization/PolicyAssignments' | project policyAssignmentId = tolower(tostring(id)), policyAssignmentName = name, policyAssignmentDisplayName = tostring(properties.displayName), policyAssignmentScope = tostring(properties.scope), policyAssignmentDefinitionId = tolower(properties.policyDefinitionId), policyAssignmentNotScopes = tolower(properties.notScopes) | join kind=leftouter( policyResources | where type =~'Microsoft.Authorization/PolicySetDefinitions' or type =~'Microsoft.Authorization/PolicyDefinitions' | project definitionId = tolower(id), type, numberOfPolicies = array_length(properties.policyDefinitions), category = tostring(properties.metadata.category), numberOfGroups= array_length(properties.policyDefinitionGroups), mode = tostring(properties.mode) | extend isRegulatoryInitiative = iff(category =~ 'Regulatory Compliance', true, false) | extend definitionType = iff(type =~ 'Microsoft.Authorization/PolicysetDefinitions', 'initiative', 'policy') | extend isRPMode = iff(mode startswith 'Microsoft.', true, false) | project definitionId, numberOfPolicies, category, numberOfGroups, isRegulatoryInitiative, definitionType, isRPMode ) on $left.policyAssignmentDefinitionId == $right.definitionId | join kind=leftouter( policyResources | where type =~ 'Microsoft.PolicyInsights/PolicyStates' | extend complianceState = tostring(properties.complianceState) | extend policyStateResourceId =id, resourceId = tostring(properties.resourceId), policyAssignmentId = tostring(properties.policyAssignmentId), policyDefinitionId = tostring(properties.policyDefinitionId), policySetDefinitionId = tostring(properties.policySetDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), policyDefinitionAction = tostring(properties.policyDefinitionAction), policyDefinitionGroupNames = iff(isnotnull(properties.policyDefinitionGroupNames), properties.policyDefinitionGroupNames, dynamic([''])), stateWeight = toint(properties.stateWeight) | summarize max(stateWeight) by resourceId, policyAssignmentId, policySetDefinitionId | summarize resourceCounts = count() by policyAssignmentId, policySetDefinitionId, max_stateWeight | extend complianceState = case( max_stateWeight == 300, 'noncompliant', max_stateWeight == 200, 'compliant', max_stateWeight == 100, 'conflict', max_stateWeight == 50, 'exempt', max_stateWeight == 10, 'unknown', 'notapplicable') | extend pack = pack('complianceState', complianceState, 'resourceCounts', resourceCounts), numberOfNonCompliantResources = toint(iff(complianceState =~ 'NonCompliant', resourceCounts,0)) | summarize numberOfNonCompliantResources = max(numberOfNonCompliantResources), details = makelist(pack) by policyAssignmentId, policySetDefinitionId | limit 5000 ) on $left.policyAssignmentId == $right.policyAssignmentId | sort by numberOfNonCompliantResources desc | project-away policyAssignmentId1"
توزيع معلومات الامتثال لكل سياسة ضمن سياسة مضمنة أو مخصصة معينةSetDefinition
يحصل نموذج الاستعلام هذا على معلومات توافق مجمعة لكل نهج ضمن نهج معينSetDefinition تم تعيينه لبيئتك. راجع معلومات مثل: حمولة تعريف السياسة، ومعرف مرجع التعريف، ومعلمات تعريف السياسة، وتأثيرات تعريف السياسة، وإجمالي الموارد التي تم تقييمها للتعريف وعدد الموارد التي تم تقييمها لكل حالة من حالات الامتثال.
policyResources
| where type =~ 'Microsoft.Authorization/PolicySetDefinitions'
| where id =~ '/providers/microsoft.authorization/policysetdefinitions/setDefinitionId'
| extend policysetDefId = tolower(id)| extend policyDefinitions = properties.policyDefinitions
| mv-expand policyDefinition = policyDefinitions limit 400
| extend policyDefinitionId = tolower(policyDefinition.policyDefinitionId)
| extend policyDefinitionReferenceId = tolower(policyDefinition.policyDefinitionReferenceId)
| extend policyDefinitionReferenceParameters = policyDefinition.parameters
| extend groupNames = policyDefinition.groupNames
| join kind = leftouter(
policyResources
| where type =~ 'Microsoft.Authorization/Policydefinitions'
| extend policyDefinitionId = tolower(id)) on $left.policyDefinitionId == $right.policyDefinitionId
| project id = tolower(id1), name = name1, properties = properties1, policyDefinitionReferenceId = tolower(policyDefinitionReferenceId), policyDefinitionReferenceParameters, groupNames
| join kind = leftouter(
policyResources
| where type =~ 'Microsoft.PolicyInsights/PolicyStates'
| extend resourceId = tostring(properties.resourceId)
| extend complianceState = tostring(properties.complianceState)
| extend policyAssignmentId = tostring(properties.policyAssignmentId),
policyDefinitionId = tostring(properties.policyDefinitionId),
policySetDefinitionId = tostring(properties.policySetDefinitionId),
policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId),
policyDefinitionAction = tostring(properties.policyDefinitionAction),
policyDefinitionGroupNames = iff(isnotnull(properties.policyDefinitionGroupNames),
properties.policyDefinitionGroupNames, dynamic([''])),
stateWeight = case(
complianceState == 'Noncompliant', 300,
complianceState == 'Compliant', 200,
complianceState == 'Conflict', 100,
complianceState == 'Exempt', 500,
complianceState == 'Unknown', 10,
0)
| where policyAssignmentId =~ '/subscriptions/subscriptionId/providers/microsoft.authorization/policyassignments/policyInitiativeName'
| summarize resourceCounts = count() by policyAssignmentId, policyDefinitionId, policyDefinitionReferenceId, tostring(policyDefinitionGroupNames), policyDefinitionAction, complianceState
| extend Pack = pack('complianceState', complianceState, 'resourceCounts', resourceCounts), numberOfNonCompliantResources = toint(iff(complianceState =~ 'NonCompliant', resourceCounts, 0)), numberOfCompliantResources = toint(iff(complianceState =~ 'Compliant', resourceCounts, 0)), numberOfConflictResources = toint(iff(complianceState =~ 'Conflict', resourceCounts, 0)), numberOfExemptResources = toint(iff(complianceState =~ 'Exempt', resourceCounts, 0)), numberOfUnknownResources = toint(iff(complianceState =~ 'Unknown', resourceCounts, 0))
| extend totalResources = todouble(numberOfNonCompliantResources + numberOfCompliantResources + numberOfConflictResources + numberOfExemptResources + numberOfUnknownResources)
| summarize numberOfNonCompliantResources = max(numberOfNonCompliantResources), numberOfCompliantResources=max(numberOfCompliantResources), numberOfConflictResources=max(numberOfConflictResources), numberOfExemptResources =max(numberOfExemptResources), numberOfUnknownResources = max(numberOfUnknownResources), totalResources=sum(totalResources), details = makelist(Pack) by policyAssignmentId, policyDefinitionId, policyDefinitionReferenceId, policyDefinitionGroupNames, policyDefinitionAction
| order by numberOfNonCompliantResources desc, policyAssignmentId asc
| limit 5000 ) on $left.id == $right.policyDefinitionId and $left.policyDefinitionReferenceId == $right.policyDefinitionReferenceId
| project-away policyDefinitionReferenceId1
az graph query -q "policyResources | where type =~ 'Microsoft.Authorization/PolicySetDefinitions' | where id =~ '/providers/microsoft.authorization/policysetdefinitions/setDefinitionId' | extend policysetDefId = tolower(id)| extend policyDefinitions = properties.policyDefinitions | mv-expand policyDefinition = policyDefinitions limit 400 | extend policyDefinitionId = tolower(policyDefinition.policyDefinitionId) | extend policyDefinitionReferenceId = tolower(policyDefinition.policyDefinitionReferenceId) | extend policyDefinitionReferenceParameters = policyDefinition.parameters | extend groupNames = policyDefinition.groupNames | join kind = leftouter( policyResources | where type =~ 'Microsoft.Authorization/Policydefinitions' | extend policyDefinitionId = tolower(id)) on $left.policyDefinitionId == $right.policyDefinitionId | project id = tolower(id1), name = name1, properties = properties1, policyDefinitionReferenceId = tolower(policyDefinitionReferenceId), policyDefinitionReferenceParameters, groupNames | join kind = leftouter( policyResources | where type =~ 'Microsoft.PolicyInsights/PolicyStates' | extend resourceId = tostring(properties.resourceId) | extend complianceState = tostring(properties.complianceState) | extend policyAssignmentId = tostring(properties.policyAssignmentId), policyDefinitionId = tostring(properties.policyDefinitionId), policySetDefinitionId = tostring(properties.policySetDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), policyDefinitionAction = tostring(properties.policyDefinitionAction), policyDefinitionGroupNames = iff(isnotnull(properties.policyDefinitionGroupNames), properties.policyDefinitionGroupNames, dynamic([''])), stateWeight = case( complianceState == 'Noncompliant', 300, complianceState == 'Compliant', 200, complianceState == 'Conflict', 100, complianceState == 'Exempt', 500, complianceState == 'Unknown', 10, 0) | where policyAssignmentId =~ '/subscriptions/subscriptionId/providers/microsoft.authorization/policyassignments/policyInitiativeName' | summarize resourceCounts = count() by policyAssignmentId, policyDefinitionId, policyDefinitionReferenceId, tostring(policyDefinitionGroupNames), policyDefinitionAction, complianceState | extend Pack = pack('complianceState', complianceState, 'resourceCounts', resourceCounts), numberOfNonCompliantResources = toint(iff(complianceState =~ 'NonCompliant', resourceCounts, 0)), numberOfCompliantResources = toint(iff(complianceState =~ 'Compliant', resourceCounts, 0)), numberOfConflictResources = toint(iff(complianceState =~ 'Conflict', resourceCounts, 0)), numberOfExemptResources = toint(iff(complianceState =~ 'Exempt', resourceCounts, 0)), numberOfUnknownResources = toint(iff(complianceState =~ 'Unknown', resourceCounts, 0)) | extend totalResources = todouble(numberOfNonCompliantResources + numberOfCompliantResources + numberOfConflictResources + numberOfExemptResources + numberOfUnknownResources) | summarize numberOfNonCompliantResources = max(numberOfNonCompliantResources), numberOfCompliantResources=max(numberOfCompliantResources), numberOfConflictResources=max(numberOfConflictResources), numberOfExemptResources =max(numberOfExemptResources), numberOfUnknownResources = max(numberOfUnknownResources), totalResources=sum(totalResources), details = makelist(Pack) by policyAssignmentId, policyDefinitionId, policyDefinitionReferenceId, policyDefinitionGroupNames, policyDefinitionAction | order by numberOfNonCompliantResources desc, policyAssignmentId asc | limit 5000 ) on $left.id == $right.policyDefinitionId and $left.policyDefinitionReferenceId == $right.policyDefinitionReferenceId | project-away policyDefinitionReferenceId1"
الحصول على جميع معلومات الامتثال لحسابات التخزين التي تحتوي على علامات معينة
يحصل نموذج الاستعلام هذا على معلومات الامتثال لحسابات التخزين استنادا إلى علامة معينة.
resources
| where type =~ "Microsoft.Storage/storageAccounts"
| where tags['clusterName'] =~ 'tagname'
| extend storageAccountId = tolower(id)
| join kind=leftouter(
policyresources
| where ['type'] =~ "Microsoft.PolicyInsights/policyStates"
| project storageAccountId = tolower(properties.resourceId), policyStatesProperties = properties, resourceType = tostring(properties.resourceType)
) on $left.storageAccountId == $right.storageAccountId
| project-away storageAccountId, storageAccountId1
| extend policyAssignmentId = tostring(policyStatesProperties.policyAssignmentId),
policyAssignmentName = tostring(policyStatesProperties.policyAssignmentName),
policyDefinitionId = tostring(policyStatesProperties.policyDefinitionId),
policyDefinitionName = tostring(policyStatesProperties.policyDefinitionName),
policySetDefinitionName = tostring(policyStatesProperties.policySetDefinitionName),
evaluationTime = tostring(policyStatesProperties.timestamp),
complianceState = tostring(policyStatesProperties.complianceState)
az graph query -q "resources | where type =~ "Microsoft.Storage/storageAccounts" | where tags['clusterName'] =~ 'tagname' | extend storageAccountId = tolower(id) | join kind=leftouter( policyresources | where ['type'] =~ "Microsoft.PolicyInsights/policyStates" | project storageAccountId = tolower(properties.resourceId), policyStatesProperties = properties, resourceType = tostring(properties.resourceType) ) on $left.storageAccountId == $right.storageAccountId | project-away storageAccountId, storageAccountId1 | extend policyAssignmentId = tostring(policyStatesProperties.policyAssignmentId), policyAssignmentName = tostring(policyStatesProperties.policyAssignmentName), policyDefinitionId = tostring(policyStatesProperties.policyDefinitionId), policyDefinitionName = tostring(policyStatesProperties.policyDefinitionName), policySetDefinitionName = tostring(policyStatesProperties.policySetDefinitionName), evaluationTime = tostring(policyStatesProperties.timestamp), complianceState = tostring(policyStatesProperties.complianceState)"
تهيئة زوار نهج Azure
حساب الأجهزة في نطاق سياسات تكوين الضيف
يعرض عدد الأجهزة الظاهرية في Azure والخوادم المتصلة لـ Arc في نطاق تعيينات تكوين ضيف Azure Policy.
GuestConfigurationResources
| where type =~ 'microsoft.guestconfiguration/guestconfigurationassignments'
| extend vmid = split(properties.targetResourceId,'/')
| mvexpand properties.latestAssignmentReport.resources
| where properties_latestAssignmentReport_resources.resourceId != 'Invalid assignment package.'
| project machine = tostring(vmid[(-1)]),type = tostring(vmid[(-3)])
| distinct machine, type
| summarize count() by type
az graph query -q "GuestConfigurationResources | where type =~ 'microsoft.guestconfiguration/guestconfigurationassignments' | extend vmid = split(properties.targetResourceId,'/') | mvexpand properties.latestAssignmentReport.resources | where properties_latestAssignmentReport_resources.resourceId != 'Invalid assignment package.' | project machine = tostring(vmid[(-1)]),type = tostring(vmid[(-3)]) | distinct machine, type | summarize count() by type"
حساب تعيينات تكوين الضيف غير المتوافقة
يعرض عدد الأجهزة غير المتوافقة لكل سبب تعيين تكوين الضيف. يحدد النتائج إلى أول 100 بالنسبة للأداء.
GuestConfigurationResources
| where type =~ 'microsoft.guestconfiguration/guestconfigurationassignments'
| project id, name, resources = properties.latestAssignmentReport.resources, vmid = split(properties.targetResourceId,'/')[(-1)], status = tostring(properties.complianceStatus)
| extend resources = iff(isnull(resources[0]), dynamic([{}]), resources)
| mvexpand resources
| extend reasons = resources.reasons
| extend reasons = iff(isnull(reasons[0]), dynamic([{}]), reasons)
| mvexpand reasons
| project id, vmid, name, status, resource = tostring(resources.resourceId), reason = reasons.phrase
| summarize count() by resource, name
| order by count_
| limit 100
az graph query -q "GuestConfigurationResources | where type =~ 'microsoft.guestconfiguration/guestconfigurationassignments' | project id, name, resources = properties.latestAssignmentReport.resources, vmid = split(properties.targetResourceId,'/')[(-1)], status = tostring(properties.complianceStatus) | extend resources = iff(isnull(resources[0]), dynamic([{}]), resources) | mvexpand resources | extend reasons = resources.reasons | extend reasons = iff(isnull(reasons[0]), dynamic([{}]), reasons) | mvexpand reasons | project id, vmid, name, status, resource = tostring(resources.resourceId), reason = reasons.phrase | summarize count() by resource, name | order by count_ | limit 100"
البحث عن كل الأسباب التي تجعل الجهاز غير متوافق مع تعيينات تكوين الضيف
اعرض كل أسباب تعيين تكوين الضيف لجهاز معين. قم بإزالة عبارة where الأولى لتضمين عمليات التدقيق حيث يكون الجهاز متوافقًا أيضًا.
GuestConfigurationResources
| where type =~ 'microsoft.guestconfiguration/guestconfigurationassignments'
| where properties.complianceStatus == 'NonCompliant'
| project id, name, resources = properties.latestAssignmentReport.resources, machine = split(properties.targetResourceId,'/')[(-1)], status = tostring(properties.complianceStatus)
| extend resources = iff(isnull(resources[0]), dynamic([{}]), resources)
| mvexpand resources
| extend reasons = resources.reasons
| extend reasons = iff(isnull(reasons[0]), dynamic([{}]), reasons)
| mvexpand reasons
| where machine == 'MACHINENAME'
| project id, machine, name, status, resource = resources.resourceId, reason = reasons.phrase
az graph query -q "GuestConfigurationResources | where type =~ 'microsoft.guestconfiguration/guestconfigurationassignments' | where properties.complianceStatus == 'NonCompliant' | project id, name, resources = properties.latestAssignmentReport.resources, machine = split(properties.targetResourceId,'/')[(-1)], status = tostring(properties.complianceStatus) | extend resources = iff(isnull(resources[0]), dynamic([{}]), resources) | mvexpand resources | extend reasons = resources.reasons | extend reasons = iff(isnull(reasons[0]), dynamic([{}]), reasons) | mvexpand reasons | where machine == 'MACHINENAME' | project id, machine, name, status, resource = resources.resourceId, reason = reasons.phrase"
قائمة الأجهزة وحالة إعادة التشغيل المعلقة
يوفر قائمة بالأجهزة مع تفاصيل التكوين حول ما إذا كان لديهم إعادة تشغيل معلقة.
GuestConfigurationResources
| where name in ('WindowsPendingReboot')
| project id, name, resources = properties.latestAssignmentReport.resources, vmid = split(properties.targetResourceId,'/'), status = tostring(properties.complianceStatus)
| extend resources = iff(isnull(resources[0]), dynamic([{}]), resources)
| mvexpand resources
| extend reasons = resources.reasons
| extend reasons = iff(isnull(reasons[0]), dynamic([{}]), reasons)
| mvexpand reasons
| project id, vmid, name, status, resource = resources.resourceId, reason = reasons.phrase
| summarize name = any(name), status = any(status), vmid = any(vmid), resources = make_list_if(resource, isnotnull(resource)), reasons = make_list_if(reason, isnotnull(reason)) by id = tolower(id)
| project id, machine = tostring(vmid[(-1)]), type = tostring(vmid[(-3)]), name, status, reasons
az graph query -q "GuestConfigurationResources | where name in ('WindowsPendingReboot') | project id, name, resources = properties.latestAssignmentReport.resources, vmid = split(properties.targetResourceId,'/'), status = tostring(properties.complianceStatus) | extend resources = iff(isnull(resources[0]), dynamic([{}]), resources) | mvexpand resources | extend reasons = resources.reasons | extend reasons = iff(isnull(reasons[0]), dynamic([{}]), reasons) | mvexpand reasons | project id, vmid, name, status, resource = resources.resourceId, reason = reasons.phrase | summarize name = any(name), status = any(status), vmid = any(vmid), resources = make_list_if(resource, isnotnull(resource)), reasons = make_list_if(reason, isnotnull(reason)) by id = tolower(id) | project id, machine = tostring(vmid[(-1)]), type = tostring(vmid[(-3)]), name, status, reasons"
سرد الأجهزة التي لا تعمل وحالة التوافق الأخيرة
يوفر قائمة بأجهزة غير مدعومة بتعيينات التكوين الخاصة بها وآخر حالة توافق تم الإبلاغ عنها.
Resources
| where type =~ 'Microsoft.Compute/virtualMachines'
| where properties.extended.instanceView.powerState.code != 'PowerState/running'
| project vmName = name, power = properties.extended.instanceView.powerState.code
| join kind = leftouter (GuestConfigurationResources
| extend vmName = tostring(split(properties.targetResourceId,'/')[(-1)])
| project vmName, name, compliance = properties.complianceStatus) on vmName | project-away vmName1
az graph query -q "Resources | where type =~ 'Microsoft.Compute/virtualMachines' | where properties.extended.instanceView.powerState.code != 'PowerState/running' | project vmName = name, power = properties.extended.instanceView.powerState.code | join kind = leftouter (GuestConfigurationResources | extend vmName = tostring(split(properties.targetResourceId,'/')[(-1)]) | project vmName, name, compliance = properties.complianceStatus) on vmName | project-away vmName1"
تفاصيل الاستعلام عن تقارير تعيين تكوين الضيف
اعرض تقريرًا من تفاصيل سبب تعيين تكوين الضيف. في المثال التالي، يعمل الاستعلام على إرجاع النتائج فقط حيث يكون اسم تعيين الضيف installed_application_linux ويحتوي الإخراج على السلسلة Chrome لسرد كل أجهزة Linux حيث يتم تثبيت حزمة تتضمن اسم Chrome.
GuestConfigurationResources
| where name in ('installed_application_linux')
| project id, name, resources = properties.latestAssignmentReport.resources, vmid = split(properties.targetResourceId,'/')[(-1)], status = tostring(properties.complianceStatus)
| extend resources = iff(isnull(resources[0]), dynamic([{}]), resources)
| mvexpand resources
| extend reasons = resources.reasons
| extend reasons = iff(isnull(reasons[0]), dynamic([{}]), reasons)
| mvexpand reasons
| where reasons.phrase contains 'chrome'
| project id, vmid, name, status, resource = resources.resourceId, reason = reasons.phrase
az graph query -q "GuestConfigurationResources | where name in ('installed_application_linux') | project id, name, resources = properties.latestAssignmentReport.resources, vmid = split(properties.targetResourceId,'/')[(-1)], status = tostring(properties.complianceStatus) | extend resources = iff(isnull(resources[0]), dynamic([{}]), resources) | mvexpand resources | extend reasons = resources.reasons | extend reasons = iff(isnull(reasons[0]), dynamic([{}]), reasons) | mvexpand reasons | where reasons.phrase contains 'chrome' | project id, vmid, name, status, resource = resources.resourceId, reason = reasons.phrase"
الخطوات التالية
- تعرف على المزيد حول لغة الاستعلام.
- تعرف على المزيد حول كيفية استكشاف الموارد.
- انظر عينات من استعلامات لغة Starter.
- انظر عينات من استعلامات اللغة المتقدمة.