Export Azure Policy resources
This article provides information on how to export your existing Azure Policy resources. Exporting your resources is useful and recommended for backup, but is also an important step in your journey with Cloud Governance and treating your policy-as-code. Azure Policy resources can be exported through REST API, Azure CLI, and Azure PowerShell.
Export with Azure CLI
Azure Policy definitions, initiatives, and assignments can each be exported as JSON with Azure CLI. Each of these commands uses a name parameter to specify which object to get the JSON for. The name property is often a GUID and isn't the displayName of the object.
- Definition - az policy definition show
- Initiative - az policy set-definition show
- Assignment - az policy assignment show
Here's an example of getting the JSON for a policy definition with name of
f88a430f-115f-4d00-a92e-0badcd84d36e:
Note
We can check the Name and DisplayName collections for all the policy definition with following Azure CLI command.
az policy definition list --query "[].{Name:name,DisplayName:displayName}" -o table
There is one demo showed in the following content.
| Name | Display Name |
|---|---|
f88a430f-115f-4d00-a92e-0badcd84d36e |
AKS-Monitoring-Addon |
az policy definition show --name 'f88a430f-115f-4d00-a92e-0badcd84d36e'
Export with Azure PowerShell
Azure Policy definitions, initiatives, and assignments can each be exported as JSON with Azure PowerShell. Each of these cmdlets uses a Name parameter to specify which object to get the JSON for. The Name property is often a GUID (Globally Unique Identifier) and isn't the displayName of the object.
- Definition - Get-AzPolicyDefinition
- Initiative - Get-AzPolicySetDefinition
- Assignment - Get-AzPolicyAssignment
Here's an example of getting the JSON for a policy definition with Name (as mentioned previously, GUID) of
f88a430f-115f-4d00-a92e-0badcd84d36e:
Note
We can check the Name and DisplayName collections for all the policy definition with following Azure PowerShell cmdlet.
Get-AzPolicyDefinition | Select {$_.Name,$_.Properties.DisplayName}
There is one demo showed in the following content.
| Name | Display Name |
|---|---|
f88a430f-115f-4d00-a92e-0badcd84d36e |
AKS-Monitoring-Addon |
Get-AzPolicyDefinition -Name 'f88a430f-115f-4d00-a92e-0badcd84d36e' | ConvertTo-Json -Depth 10
Export to CSV with Resource Graph in Azure Portal
Azure Resource Graph gives the ability to query at scale with complex filtering, grouping and sorting. Azure Resource Graph supports the policy resources table, which contains policy resources such as definitions, assignments and exemptions. Review our sample queries. The Resource Graph explorer portal experience allows downloads of query results to CSV using the "Download to CSV" toolbar option.
Next steps
- Review examples at Azure Policy samples.
- Review the Azure Policy definition structure.
- Review Understanding policy effects.
- Understand how to programmatically create policies.
- Learn how to remediate noncompliant resources.
- Review what a management group is with Organize your resources with Azure management groups.