PolicyReportGenerator.psm1
<#PSScriptInfo .VERSION 1.0.5 .GUID 7e409cd8-833d-4ff6-933e-df644c8bf7c7 .AUTHOR saglodha .COMPANYNAME .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES .PRIVATEDATA #> <# .DESCRIPTION This utility can be used to generate compliance reports for resources on basis of Azure Policy. #> Param() Write-Host "";"";"Hello User! Welcome to Policy Report Generator";"" Write-Host "Please provide the subscription ID that you want to generate the reports for";"" $subID = Read-Host "Subscription ID" Set-AzContext -SubscriptionId $subID "";Write-Host "Type 'Generatereport' so as to initialize the tool." function Generatereport{ try { $ErrorActionPreference = "Stop" "";Write-Host "1. Generate enforcement mode report for the assigned policies";"" Write-Host "2. Generate Compliance report for the assigned policies";"" Write-Host "3. Generate Lastevaluationcycle report and run on-demand compliance scan";"" $prompt = Read-Host "Please enter the specified selection" $Policyassignments = Get-AzPolicyAssignment -Scope "/subscriptions/$subID" switch ($prompt) { 1 { for ($i = 1; $i -le 100; $i++ ) { Write-Progress -Activity "Fetching Policy Information" -Status "$i% Complete:" -PercentComplete $i; sleep -Milliseconds 50 } write-progress -Activity "Fetching Policy Information" -status "Completed" -Completed $output = foreach( $assignment in $policyassignments){ if ( $assignment.properties.displayname -ne $null) { $assignment.properties | Select-Object -Property Displayname,enforcementmode } } $output | ft Write-Host "Would you like to process the output to a csv file? Type Yes or No";"" $outputfile = Read-Host "Enter value" if ( $outputfile -eq 'Yes') { "";Write-Host "Please enter the file path that you would like to export the report to. Please ensure to specify file path until the filename";"" $filepath = Read-Host "File path " $output = foreach( $assignment in $policyassignments){ if ( $assignment.properties.displayname -ne $null) { $assignment.properties | Select-Object -Property Displayname,enforcementmode } } for ($i = 1; $i -le 100; $i++ ) { Write-Progress -Activity "Processing details to csv file" -Status "$i% Complete:" -PercentComplete $i; Sleep -Milliseconds 30 } write-progress -Activity "Processing details to csv file" -status "Completed" -Completed $output | Export-Csv $filepath -NoTypeInformation -Encoding ASCII "";Write-Host "Report has been processed to csv file" } "";Write-Host "Would you like to generate other reports? Type Yes or No";"" $otherreports = Read-Host "Enter Value" if ( $otherreports -eq 'Yes') { "";Write-Host "Populating options for Report Generation.." Sleep -Seconds 2 Generatereport } else { Write-Host "Report has been generated" } } 2 { for ($i = 1; $i -le 100; $i++ ) { Write-Progress -Activity "Fetching Policy evaluation information" -Status "$i% Complete:" -PercentComplete $i; Sleep -Milliseconds 30 } $output = foreach ( $assignment in $Policyassignments) { if ( $assignment.properties.displayname -ne $null) { $State = Get-AzPOlicyStateSummary -PolicyAssignmentName $assignment.Name $obj = new-object psobject -Property @{ NameofPolicy = $assignment.Properties.displayName ResourceCompliance = $State.Results.Resourcedetails NonCompliantPolicies = $State.Results.NonCompliantPolicies } $obj | Select-Object NameofPolicy,NonCompliantPolicies -ExpandProperty ResourceCompliance } } $output | ft write-progress -Activity "Fetching Policy evaluation information" -status "Completed" -Completed Write-Host "Would you like to process the output to a csv file? Type Yes or No";"" $outputfile = Read-Host "Enter Value" if ( $outputfile -eq 'Yes') { "";Write-Host "Please enter the file path that you would like to export the report to. Please ensure to specify file path until the filename";"" $filepath = Read-Host "File Path" for ($i = 1; $i -le 100; $i++ ) { Write-Progress -Activity "Processing details to csv file" -Status "$i% Complete:" -PercentComplete $i; Sleep -Milliseconds 30 } write-progress -Activity "Processing details to csv file" -status "Completed" -Completed $output| Export-Csv $filepath -NoTypeInformation -Encoding ASCII "";Write-Host "Report has been processed to csv file" } "";Write-Host "Would you like to generate other reports? Type Yes or No";"" $otherreports = Read-Host "Enter Value" if ( $otherreports -eq 'Yes') { "";Write-Host "Populating options for Report Generation.." Sleep -Seconds 2 Generatereport } else { Write-Host "Report has been generated" } } 3{ "";Write-Host "What would you like to do?" "";Write-Host "1. Generate Last Evaluation Cycle report" "";write-Host "2. Run On Demand Compliance scan" "";$userinput = Read-Host "Enter Value" switch($userinput) { 1 { for ($i = 1; $i -le 100; $i++ ) { Write-Progress -Activity "Checking for last evaluation cycle" -Status "$i% Complete:" -PercentComplete $i; Sleep -Milliseconds 30 } $output = foreach ( $assignment in $PolicyAssignments) { if ( $assignment.Properties.displayName -ne $null) { $pstate = Get-AzPolicyState -PolicyAssignmentName $assignment.Name if ($pstate.Timestamp -eq $null) { $obj = new-object psobject -Property @{ Lastevaluationcycle= "No Resources Evaluated" NameofPolicy = $assignment.Properties.displayName } $Obj | Select-Object NameofPolicy,lastEvaluationcycle } else { $obj = new-object psobject -Property @{ Lastevaluationcycle= $pstate.Timestamp[0] NameofPolicy = $assignment.Properties.displayName } $obj | Select-Object NameofPolicy,LastEvaluationCycle } } } $output | ft -AutoSize write-progress -Activity "Checking for last evaluation cycle" -status "Completed" -Completed "";Write-Host "Would you like to process the output to a csv file? Type Yes or No";"" $outputfile = Read-Host "Enter Value" if ( $outputfile -eq 'Yes') { "";Write-Host "Please enter the file path that you would like to export the report to. Please ensure to specify file path until the filename";"" $filepath = Read-Host "File Path" for ($i = 1; $i -le 100; $i++ ) { Write-Progress -Activity "Processing details to csv file" -Status "$i% Complete:" -PercentComplete $i; Sleep -Milliseconds 30 } write-progress -Activity "Processing details to csv file" -status "Completed" -Completed $output| Export-Csv $filepath -NoTypeInformation -Encoding UTF8 ""; Write-Host "Report has been prcoessed to csv file." } "";Write-Host "Would you like to generate other reports? Type Yes or No";"" $otherreports = Read-Host "Enter Value" if ( $otherreports -eq 'Yes') { "";Write-Host "Populating options for Report Generation.." Sleep -Seconds 2 Generatereport } else { "";Write-Host "Report has been generated" } } 2 { "" ;Write-Host "Affirmative. Triggering policy evaluation scan" ;"" Write-Host "This might take few minutes. Feel free to grab a coffee." ;"" $job = Start-AzPolicyComplianceScan -AsJob Write-Host " Evaluation triggered at :" $job.PSBeginTime while ($job.StatusMessage -eq 'Running') { Write-Progress -Activity "Triggering Policy Evaluation" -Status "In Progress" } if ( $job.StatusMessage -eq 'Completed') { "";Write-Host " Success. On-demand evaluation scan has completed." ;"" Write-Host "Evaluation completed at :" $job.PSEndTime } else { "";Write-Host "Looks like we could not trigger on demand compliance scan. Please try again" } } Default { "";Write-Host "Looks like the entered value does not match the provided values.Please enter a valid value" Generatereport } } } Default { "";Write-Host "Looks like the entered value does not match the provided values.Please enter a valid value" Generatereport } } } catch { $_.Exception | Format-List -Force } } Export-ModuleMember -Function 'Generatereport' |