Can we know the region of the Peered Vnet using Azure Polcies

Question

Can we know the region of the Peered Vnet using Azure Polcies for eg there is a vnet named demo_vnet which is peered with another vnet named as shared_vnet present in a different subscription and i want to know the region of the shared_vnet, can i find that with the help of azure policies

Answer 1

@Gupta, Tushar Thank you for posting your question on Microsoft Q&A.

I would like to add additional details about Azure policy which should help you understand the use case/scenario - Azure Policy evaluates resources and actions in Azure by comparing the properties of those resources to business rules. Generally, you can get all the properties available for policy evaluation by exporting ARM template of the resource and examining the available properties. Regarding resource graph queries as shared in one of the replies, they cannot be integrated within Azure Policy definition. These queries help you gain insights of Azure Policy and compliance related scenario.

Since Azure Policy is mainly concerned with compliance related scenarios, I would suggest using an alternate option to query the region of peered vnet.

Hope this helps.

If the answer did not help, please add more context/follow-up question for it. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.

Answer 2

you can use a combination of Azure Policy and Azure Resource Graph queries

Resources
| where type == 'microsoft.network/virtualnetworks'
| extend vnetPeering = properties.virtualNetworkPeerings
| mv-expand peering = vnetPeering
| where peering.properties.remoteVirtualNetwork.id contains 'shared_vnet'
| project name, location, peeringName = peering.name, peeredVnetLocation = peering.properties.remoteVirtualNetwork.location