steampipe plugin install azure

Table: azure_policy_assignment - Query Azure Policy Assignments using SQL

A Policy Assignment in Azure is a security tool that enables operators to apply a policy definition to a resource or a set of resources. The assignment is the process of binding a policy definition to a specific scope. This scope could range from a management group to a resource group.

Table Usage Guide

The azure_policy_assignment table provides insights into Policy Assignments within Azure Policy. As a Security Analyst, explore specific details through this table, including policy definitions, scopes, and compliance statuses. Utilize it to uncover information about policy assignments, such as those associated with specific resources, the scope of these assignments, and their compliance status.

Examples

Basic info

Explore the policies assigned within your Azure environment to ensure adherence to your organization's governance and compliance requirements. This can help identify any instances where policies may not be correctly applied, potentially exposing your environment to risks.

select
id,
policy_definition_id,
name,
type
from
azure_policy_assignment;
select
id,
policy_definition_id,
name,
type
from
azure_policy_assignment;

Get SQL auditing and threat detection monitoring status for the subscription

Explore the status of SQL auditing and threat detection monitoring for your subscription. This query helps you assess whether these important security measures are active, promoting better risk management and data protection.

select
id,
policy_definition_id,
display_name,
parameters -> 'sqlAuditingMonitoringEffect' -> 'value' as sqlAuditingMonitoringEffect
from
azure_policy_assignment;
select
id,
policy_definition_id,
display_name,
json_extract(
json_extract(parameters, '$.sqlAuditingMonitoringEffect'),
'$.value'
) as sqlAuditingMonitoringEffect
from
azure_policy_assignment;

Get SQL encryption monitoring status for the subscription

Explore the status of SQL encryption monitoring for your subscription. This can help in maintaining the security of your data by keeping an eye on the encryption status.

select
id,
policy_definition_id,
display_name,
parameters -> 'sqlEncryptionMonitoringEffect' -> 'value' as sqlEncryptionMonitoringEffect
from
azure_policy_assignment;
select
id,
policy_definition_id,
display_name,
json_extract(
json_extract(parameters, '$.sqlEncryptionMonitoringEffect'),
'$.value'
) as sqlEncryptionMonitoringEffect
from
azure_policy_assignment;

Schema for azure_policy_assignment

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
cloud_environmenttextThe Azure Cloud Environment.
descriptiontextThis message will be part of response in case of policy violation.
display_nametextThe display name of the policy assignment.
enforcement_modetextThe policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
idtext=The ID of the policy assignment.
identityjsonbThe managed identity associated with the policy assignment.
metadatajsonbThe policy assignment metadata.
nametextThe name of the policy assignment.
not_scopesjsonbThe policy's excluded scopes.
parametersjsonbThe parameter values for the assigned policy rule.
policy_definition_idtextThe ID of the policy definition or policy set definition being assigned.
scopetextThe scope for the policy assignment.
sku_nametextThe name of the policy sku.
sku_tiertextThe policy sku tier.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
titletextTitle of the resource.
typetextThe type of the policy assignment.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_policy_assignment