DEV Community

Wilfried Woivré
Wilfried Woivré

Posted on • Originally published at woivre.com on

Azure Policy - Trigger policy scan

When you create your own Azure Policies, it can be tedious to test them, as the evaluation is triggered by Azure.

It has been possible for some time to force its execution on the scope of a resource group or a subscription. Even if in our case, it is more about forcing on a test resource group than on a subscription in order not to impact your other policies.

To trigger an evaluation, you can use a PowerShell command like this:

# Subscription scope
Start-AzPolicyComplianceScan -AsJob

#Resource Group Scope
Start-AzPolicyComplianceScan -ResourceGroupName $rgName -AsJob

Enter fullscreen mode Exit fullscreen mode

You can run without a Powershell Job, but the operation is very long, it’s why i recommend usage of Powershell Job in a development scenario

It is possible to do this also with a REST API

To do this, you need to use the following urls:

Subscription: https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation?api-version=2019-10-01 Resource Group: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{YourRG}/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation?api-version=2019-10-01

$token = Get-AzAccessToken
$authHeader = @{
    'Content-Type'='application/json'
    'Authorization'='Bearer ' + $token.Token
}

$subscriptionId = ""
$resourceGroup = ""

$restUrl = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation?api-version=2018-07-01-preview"

 Invoke-WebRequest -Uri $restUrl -Method POST -Headers $authHeader

Enter fullscreen mode Exit fullscreen mode

And you will find this trace in your Activity Log:

So no more excuses to take a coffee while waiting for the policy to be triggered.

Top comments (0)