v6_major_20220116_2

• New parameter -ManagementGroupsOnly - collect data only for Management Groups (Subscription data such as e.g. Policy assignments etc. will not be collected)
• New feature TenantSummary | Subscriptions, Resources & Defender, TenantSummary | Azure Active Directory and ScopeInsights insights on UserAssignedIdentities/Resources - which resource has an user assigned managed identity assigned / vice versa. Includes CSV export. Thanks to Thomas Naunheim (Microsoft Azure MVP) for inspiration :)
• New feature TenantSummary | Policy | Policy assignments orphanded (Policy assignments's Policy definition does not exist / likely Management Group scoped Policy defintion - Management Group deleted)
• Optimize DefinitionInsights collapsible JSON definitions
• Defender plans usage / highlight use of depcrecated plans such as Container Registry & Kubernetes
• New 'Large Tenant' feature TenantSummary | Policy | Policy assignments if the number of Policy assignments exceeds the -HtmlTableRowsLimit parameter's value (default = 20.000) then the html table will not be created / the CSV file will still be created
• New feature TenantSummary | Azure Active Directory | AAD ServicePrincipals type=ManagedIdentity orphaned Managed Identities (for Policy assignment related Managed Identities - Policy assignment does not exist anymore)
• Fix PIM (Priviliged Identity Management) state for inherited Subscription Role assignments
• TenantSummary | Azure Active Directory add link to AzADServicePrincipalInsights (POC)
• Add CSV export for Policy Exemptions
• Add workflow files (YAML) for GitHub Actions (one for OpenID Connect (OIDC))
• Bugfixes
• HTML output patch jQuery / use latest version 3.6.0
• Update Demo
• AzAPICall enhanced error handling (GeneralError, ResourceGroupNotFound)
• Script optimization / prepare for PS module

v6_minor_20211209_1

• Run AzGovViz in GitHub CodeSpaces - thanks! @cmendible (Microsoft Cloud Solution Architect - Spain)
• JSON output update -> filenames will indicate if Role assignment is PIM (Priviliged Identity Management) based

v6_major_20211123_2

Changes (2021-Nov-23 / Major)

• Add Microsoft Defender for Cloud 'Defender Plans' reporting (TenantSummary -> Subscriptions, Resources & Defender; ScopeInsights -> Defender Plans)
• Adopt to new naming Azure Security Center (ASC) / Microsoft Defender for Cloud. Renamed parameter -NoASCSecureScore to -NoMDfCSecureScore (old parameter will still work)
• Update policyAssignment API version '2020-09-01' to '2021-06-01'
• Fix ScopeInsights Tags usage
• Fix dateTime formatting / use default format (createdOn/updatedOn)
• Consumption feature has potential to fail. Changed Azure Consumption feature default = disabled; introducing new parameter -DoAzureConsumption
• Changed -HtmlTableRowsLimitdefault from 40.000 to 20.000
• CSV output related changes
  • Update *_RoleAssignments.csv output (add column for scope ResourceGroup name; add column for scope Resource name)
  • Optimize *_PolicyDefinitions.csv and *_PolicySetDefinitions.csv file content / add BuiltIn definitions
  • Add CSV export *_ResourceProviders.csv (all Resource Providers and their states for all Subscriptions)
  • Add CSV export *_RoleDefinitions.csv (BuiltIn and Custom including some enriched information)
• AzAPICall update error handing for 'Resource diagnostic settings' and 'AAD groups transitive members count'
• Script optimization

v6_major_20211101_1

Changes (2021-Nov-01 / Major)

• New output - Feature request to create Scope Insights output per Subscription has been implement. With this new feature you can share Subscription Scope Insights with Subscription responsible staff. Use parameter -NoSingleSubscriptionOutput to disable the feature
• Update Required permissions in Azure Active Directory for the scenario of a Guest User executing the script
• Add 'daily summary' output (CSV) to easily track your Tenant´s Governance evolution over time - Tim will hopefully create a PR for how he leverages AzGovViz historical data for Azure Log Analytics based dashboards
• Improved permission related error handling

v6_major_20211018_1

Release v6 Changes

• Removed usage of Azure PowerShell cmdlet 'Get-AzRoleAssignment' / preparing for upcoming deprecation of 'Azure Active Directory Graph' API (announcement)
• Management Group diagnostic setting - reflect inheritance of diagnostic settings from upper Management Group scopes
• TenantSummary Policy assignments - resolve Managed Identity (if Policy assignment effect is DeployIfNotExists (DINE) or Modify)
• Removed TenantSummary RBAC Classic Role assignments
• Improved AzAPICall error handling and output
• Azure DevOps pipeline (yml) updated prerequisites to include Repository 'contribute' permission check
• Added Application Insights stats
• Performance optimization
• Bugfixes

v6 pre-release

v6 pre-release

Branch: v6_major_20211011_1

Release info

• Removed usage of Azure PowerShell cmdlet 'Get-AzRoleAssignment' / pereparational task for upcoming deprecation of 'Azure Active Directory Graph' API (announcement)
• Management Group diagnostic setting - reflect inheritance of diagnostic settings from upper Management Group scopes
• Removed TenantSummary RBAC Classic Role assignments
• Improved AzAPICall error handling and output
• Azure DevOps pipeline (yml) updated prerequisites to include Repository 'contribute' permission check
• Performance optimization
• Bugfixes

v5_major_20210830_2

Changes (2021-Aug-30 / Major)

• Adding feature for RBAC Role assignments: determine 'standing' from PIM (Priviledged Identity Mangement) managed Role assignments
• New parameter -NoResources - this will speed up the processing time but information like Resource diagnostics capability and resource type stats will not be made available (featured for large tenants)
• Integrate AzGovViz with AzOps (after 'AzOps - Push' run AzGovViz) - (line 77 AzGovViz.yml). Checkout AzOps Accellerator
• Performance optimization

v5_major_20210818_2

Changes (2021-Aug-18 / Major)

• Added ASC Secure Score for Management Groups
• Policy Compliance - if API returns 'ResponseTooLarge' then flag Policy Compliance entries with 'skipped' for given scope
• Added demo-output folder containing all outputs (html, csv, md, json, log)
• Bugfixes

v5_major_20210806_3

Changes (2021-Aug-06 / Major)

• Enriched Policy assignments with list of used parameters
• Enriched Role assignments on Groups with Group member count
• Optimize JSON outputs
• CSP scenario error handling
• Bugfixes
• Performance optimization

v5_major_20210722_1

Changes (2021-July-22 / Major)

• Full blown JSON definition output. Leveraging Git with this new capability you can easily track any changes that occurred in between the previous and last AzGovViz run.
  
  * a new BuiltIn RBAC Role definition was added
• Renamed parameter -PolicyIncludeResourceGroups to , -DoNotIncludeResourceGroupsOnPolicy (from now Policy assignments on ResourceGroups will be included by default)
• Renamed parameter -RBACIncludeResourceGroupsAndResources to , -DoNotIncludeResourceGroupsAndResourcesOnRBAC (from now Role assignments on ResourceGroups and Resources will be included by default)
• New parameter -HtmlTableRowsLimit. Although the parameter -LargeTenant was introduced recently, still the html output may become too large to be processed properly. The new parameter defines the limit of rows - if for the html processing part the limit is reached then the html table will not be created (csv and json output will still be created). Default rows limit is 40.000.
• Added NonCompliance Message for Policy assignments
• Cosmetics
• Bugfixes
• Performance optimization

Release history