v6_major_20230320_1

README.md

@@ -71,6 +71,59 @@ Listed as [security monitoring tool](https://docs.microsoft.com/en-us/azure/arch
 
 ## Release history
 
+__Changes__ (2023-Mar-20 / Major)
+
+* Fix/update feature Policy Remediation
+  * Optimze the Azure Resource Graph query by adding sort, due to duplicates/missing entries for results > 1k
+* __Analysis__ on issue #[175](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/175) (no real explanation, but fixed by using `IsNullOrWhiteSpace` instead of `IsNullOrEmpty`)
+
+``` powershell
+$htdetails0 = @"
+{
+    "then": {
+        "details": [
+            {
+                "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceId",
+                "value": "[parameters('workspaceId')]"
+            }
+        ]
+    }
+}
+"@
+$htdetails1 = @"
+{
+    "then": {
+        "details": [
+            {
+                "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceId",
+                "value": "[parameters('workspaceId')]"
+            },
+            {
+                "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceKey",
+                "value": "[parameters('workspaceKey')]"
+            }
+        ]
+    }
+}
+"@
+
+$obj0 = $htdetails0 | ConvertFrom-Json
+if (-not [string]::IsNullOrEmpty($obj0.then.details.roleDefinitionIds)) {
+    Write-Host 'obj0 roleDefinitionIds not empty'
+}
+else {
+    Write-Host 'obj0 roleDefinitionIds empty'
+}
+
+$obj1 = $htdetails1 | ConvertFrom-Json
+if (-not [string]::IsNullOrEmpty($obj1.then.details.roleDefinitionIds)) {
+    Write-Host 'obj1 roleDefinitionIds not empty'
+}
+else {
+    Write-Host 'obj1 roleDefinitionIds empty'
+}
+```
+
 __Changes__ (2023-Mar-17 / Major)
 
 * Fix issue #[175](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/175) / occured with new policy definition [Configure diagnostics for container group to log analytics workspace (21c469fa-a887-4363-88a9-60bfd6911a15)](https://www.azadvertizer.net/azpolicyadvertizer/21c469fa-a887-4363-88a9-60bfd6911a15.html). Cache built-in Policy definitions failed.

history.md

@@ -4,6 +4,59 @@
 
 ### Azure Governance Visualizer version 6
 
+__Changes__ (2023-Mar-20 / Major)
+
+* Fix/update feature Policy Remediation
+  * Optimze the Azure Resource Graph query by adding sort, due to duplicates/missing entries for results > 1k
+* __Analysis__ on issue #[175](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/175) (no real explanation, but fixed by using `IsNullOrWhiteSpace` instead of `IsNullOrEmpty`)
+
+``` powershell
+$htdetails0 = @"
+{
+    "then": {
+        "details": [
+            {
+                "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceId",
+                "value": "[parameters('workspaceId')]"
+            }
+        ]
+    }
+}
+"@
+$htdetails1 = @"
+{
+    "then": {
+        "details": [
+            {
+                "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceId",
+                "value": "[parameters('workspaceId')]"
+            },
+            {
+                "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceKey",
+                "value": "[parameters('workspaceKey')]"
+            }
+        ]
+    }
+}
+"@
+
+$obj0 = $htdetails0 | ConvertFrom-Json
+if (-not [string]::IsNullOrEmpty($obj0.then.details.roleDefinitionIds)) {
+    Write-Host 'obj0 roleDefinitionIds not empty'
+}
+else {
+    Write-Host 'obj0 roleDefinitionIds empty'
+}
+
+$obj1 = $htdetails1 | ConvertFrom-Json
+if (-not [string]::IsNullOrEmpty($obj1.then.details.roleDefinitionIds)) {
+    Write-Host 'obj1 roleDefinitionIds not empty'
+}
+else {
+    Write-Host 'obj1 roleDefinitionIds empty'
+}
+```
+
 __Changes__ (2023-Mar-17 / Major)
 
 * Fix issue #[175](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/175) / occured with new policy definition [Configure diagnostics for container group to log analytics workspace (21c469fa-a887-4363-88a9-60bfd6911a15)](https://www.azadvertizer.net/azpolicyadvertizer/21c469fa-a887-4363-88a9-60bfd6911a15.html). Cache built-in Policy definitions failed.

pwsh/AzGovVizParallel.ps1

@@ -362,7 +362,7 @@ Param
     $AzAPICallVersion = '1.1.70',
 
     [string]
-    $ProductVersion = 'v6_major_20230317_1',
+    $ProductVersion = 'v6_major_20230320_1',
 
     [string]
     $GithubRepository = 'aka.ms/AzGovViz',
@@ -3889,15 +3889,15 @@ function getPolicyRemediation {
         policyresources
         | where type == 'microsoft.policyinsights/policystates' and properties.policyAssignmentScope startswith '/providers/Microsoft.Management/managementGroups/' and (properties.policyDefinitionAction =~ 'deployifnotexists' or properties.policyDefinitionAction =~ 'modify') and properties.complianceState =~ 'NonCompliant'
         | summarize count() by assignmentScope = tostring(properties.policyAssignmentScope), assignmentName = tostring(properties.policyAssignmentName), assignmentId = tostring(properties.policyAssignmentId), definitionName = tostring(properties.policyDefinitionName), definitionId = tostring(properties.policyDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), effect = tostring(properties.policyDefinitionAction)
-        | order by ['count_'] desc
+        | sort by count_, assignmentId, definitionId, policyDefinitionReferenceId, effect
 '@
     }
     else {
         $queryNonCompliant = @'
         policyresources
         | where (properties.policyDefinitionAction =~ 'deployifnotexists' or properties.policyDefinitionAction =~ 'modify') and properties.complianceState =~ 'NonCompliant'
         | summarize count() by assignmentScope = tostring(properties.policyAssignmentScope), assignmentName = tostring(properties.policyAssignmentName), assignmentId = tostring(properties.policyAssignmentId), definitionName = tostring(properties.policyDefinitionName), definitionId = tostring(properties.policyDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), effect = tostring(properties.policyDefinitionAction)
-        | order by ['count_'] desc
+        | sort by count_, assignmentId, definitionId, policyDefinitionReferenceId, effect
 '@
     }
 
@@ -17055,7 +17055,7 @@ extensions: [{ name: 'sort' }]
 "@)
 
         $htmlSUMMARYPolicyRemediation = $null
-        $arrayRemediatableSorted = $arrayRemediatable | Sort-Object -Property policyDefinitionId, policyAssignmentId
+        $arrayRemediatableSorted = $arrayRemediatable | Sort-Object -Property nonCompliantResourcesCount, policySetPolicyDefinitionReferenceId, policyDefinitionId, policyAssignmentId -Descending
         if (-not $NoCsvExport) {
             $csvFilename = "$($filename)_PolicyRemediation"
             Write-Host "   Exporting PolicyRemediation CSV '$($outputPath)$($DirectorySeparatorChar)$($csvFilename).csv'"

pwsh/dev/devAzGovVizParallel.ps1

@@ -362,7 +362,7 @@ Param
     $AzAPICallVersion = '1.1.70',
 
     [string]
-    $ProductVersion = 'v6_major_20230317_1',
+    $ProductVersion = 'v6_major_20230320_1',
 
     [string]
     $GithubRepository = 'aka.ms/AzGovViz',

pwsh/dev/functions/getPolicyRemediation.ps1

@@ -10,15 +10,15 @@ function getPolicyRemediation {
         policyresources
         | where type == 'microsoft.policyinsights/policystates' and properties.policyAssignmentScope startswith '/providers/Microsoft.Management/managementGroups/' and (properties.policyDefinitionAction =~ 'deployifnotexists' or properties.policyDefinitionAction =~ 'modify') and properties.complianceState =~ 'NonCompliant'
         | summarize count() by assignmentScope = tostring(properties.policyAssignmentScope), assignmentName = tostring(properties.policyAssignmentName), assignmentId = tostring(properties.policyAssignmentId), definitionName = tostring(properties.policyDefinitionName), definitionId = tostring(properties.policyDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), effect = tostring(properties.policyDefinitionAction)
-        | order by ['count_'] desc
+        | sort by count_, assignmentId, definitionId, policyDefinitionReferenceId, effect
 '@
     }
     else {
         $queryNonCompliant = @'
         policyresources
         | where (properties.policyDefinitionAction =~ 'deployifnotexists' or properties.policyDefinitionAction =~ 'modify') and properties.complianceState =~ 'NonCompliant'
         | summarize count() by assignmentScope = tostring(properties.policyAssignmentScope), assignmentName = tostring(properties.policyAssignmentName), assignmentId = tostring(properties.policyAssignmentId), definitionName = tostring(properties.policyDefinitionName), definitionId = tostring(properties.policyDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), effect = tostring(properties.policyDefinitionAction)
-        | order by ['count_'] desc
+        | sort by count_, assignmentId, definitionId, policyDefinitionReferenceId, effect
 '@
     }
 

pwsh/dev/functions/processTenantSummary.ps1

@@ -4402,7 +4402,7 @@ extensions: [{ name: 'sort' }]
 "@)
 
         $htmlSUMMARYPolicyRemediation = $null
-        $arrayRemediatableSorted = $arrayRemediatable | Sort-Object -Property policyDefinitionId, policyAssignmentId
+        $arrayRemediatableSorted = $arrayRemediatable | Sort-Object -Property nonCompliantResourcesCount, policySetPolicyDefinitionReferenceId, policyDefinitionId, policyAssignmentId -Descending
         if (-not $NoCsvExport) {
             $csvFilename = "$($filename)_PolicyRemediation"
             Write-Host "   Exporting PolicyRemediation CSV '$($outputPath)$($DirectorySeparatorChar)$($csvFilename).csv'"

version.txt

@@ -1 +1 @@
-v6_major_20230317_1
+v6_major_20230320_1