I have been working with Azure Policy -> Policy definition for some time.
I use the Get-AzPolicyDefinition
power shell command for that reason.
Recently I started working with Initiative which is nice, so I have created a custom Initiative definition. Now I wanted to set initiative for Management Groups in either Powershell or az cli. When I use Get-AzPolicyDefinition, it does not show the Initiative definition.
Is there a command that I am not aware of to archive this?
Note: my goal is to set my custom initiative definition to Management Group via the command line.
as you can see DefaultPolices that I have created and all default Initiative are not shown in the list when I run this command:
Get-AzPolicyDefinition | ForEach-Object { $_.Properties.DisplayName }
Returns, this is the end of the list, which is the only definition type of policy as you can see in the image below until the red line:
...
...
Kubernetes cluster containers should run with a read only root file system
Kubernetes cluster pods and containers should only use allowed SELinux options
Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits
[Preview]: Azure Key Vault Managed HSM keys using elliptic curve cryptography should have the specified curve names
Secrets should not be active for longer than the specified number of days
Kubernetes cluster pods and containers should only run with approved user and group IDs
Kubernetes cluster pod FlexVolume volumes should only use allowed drivers
[Preview]: Certificates should not expire within the specified number of days
Kubernetes cluster containers should only use allowed ProcMountType
Kubernetes cluster containers should only use allowed images
Keys using elliptic curve cr
CodePudding user response:
Azure Policy Initiatives are called "Policy Set Definitions" in the Az PowerShell cmdlets - these functions will let you interact with them:
- Get-AzPolicySetDefinition
- New-AzPolicySetDefinition
- Remove-AzPolicySetDefinition
- Set-AzPolicySetDefinition
See the Policy section of the Az PowerShell documentation for more details, or use Get-Help
in a PowerShell console...