or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

index.mdpolicy-events.mdpolicy-metadata.mdpolicy-restrictions.mdpolicy-states.mdpolicy-tracked-resources.mdremediations.md

policy-tracked-resources.mddocs/

0
# Policy Tracked Resources Operations
1


2
## Overview
3


4
Policy Tracked Resources operations enable querying resources that are tracked by Azure Policy to understand which resources are being monitored for compliance across different scopes.
5


6
## Core Functionality
7


8
### Query Operations
9


10
#### list_query_results_for_management_group
11


12
```python
13
def list_query_results_for_management_group(
14
    management_group_name: str,
15
    query_options: Optional[QueryOptions] = None,
16
    **kwargs
17
) -> ItemPaged[PolicyTrackedResource]
18
```
19
{ .api }
20


21
Query tracked resources for a management group.
22


23
**Parameters:**
24
- `management_group_name`: Management group name
25
- `query_options`: Optional query parameters (top, filter, orderby, select)
26


27
**Returns:** Paginated collection of PolicyTrackedResource objects
28


29
#### list_query_results_for_subscription
30


31
```python
32
def list_query_results_for_subscription(
33
    subscription_id: str,
34
    query_options: Optional[QueryOptions] = None,
35
    **kwargs
36
) -> ItemPaged[PolicyTrackedResource]
37
```
38
{ .api }
39


40
Query tracked resources for a subscription.
41


42
**Parameters:**
43
- `subscription_id`: Azure subscription ID
44
- `query_options`: Optional query parameters
45


46
**Returns:** Paginated collection of PolicyTrackedResource objects
47


48
#### list_query_results_for_resource_group
49


50
```python
51
def list_query_results_for_resource_group(
52
    subscription_id: str,
53
    resource_group_name: str,
54
    query_options: Optional[QueryOptions] = None,
55
    **kwargs
56
) -> ItemPaged[PolicyTrackedResource]
57
```
58
{ .api }
59


60
Query tracked resources for a resource group.
61


62
**Parameters:**
63
- `subscription_id`: Azure subscription ID
64
- `resource_group_name`: Resource group name
65
- `query_options`: Optional query parameters
66


67
**Returns:** Paginated collection of PolicyTrackedResource objects
68


69
#### list_query_results_for_resource
70


71
```python
72
def list_query_results_for_resource(
73
    resource_id: str,
74
    query_options: Optional[QueryOptions] = None,
75
    **kwargs
76
) -> ItemPaged[PolicyTrackedResource]
77
```
78
{ .api }
79


80
Query tracked resources for a specific resource.
81


82
**Parameters:**
83
- `resource_id`: Full Azure resource ID
84
- `query_options`: Optional query parameters
85


86
**Returns:** Paginated collection of PolicyTrackedResource objects
87


88
## Related Types
89


90
### PolicyTrackedResource
91


92
```python
93
class PolicyTrackedResource:
94
    tracked_resource_id: Optional[str]
95
    policy_details: Optional[PolicyDetails]
96
    tracked_resource_type: Optional[str]
97
    last_update_utc: Optional[datetime.datetime]
98
    tracked_resource_modification_details: Optional[TrackedResourceModificationDetails]
99
```
100
{ .api }
101


102
### PolicyDetails
103


104
```python
105
class PolicyDetails:
106
    policy_definition_id: Optional[str]
107
    policy_assignment_id: Optional[str]
108
    policy_assignment_name: Optional[str]
109
    policy_assignment_owner: Optional[str]
110
    policy_assignment_scope: Optional[str]
111
    policy_set_definition_id: Optional[str]
112
    policy_definition_reference_id: Optional[str]
113
```
114
{ .api }
115


116
### TrackedResourceModificationDetails
117


118
```python
119
class TrackedResourceModificationDetails:
120
    policy_details: Optional[PolicyDetails]
121
    deployment_id: Optional[str]
122
    deployment_time: Optional[datetime.datetime]
123
```
124
{ .api }
125


126
### PolicyTrackedResourcesQueryResults
127


128
```python
129
class PolicyTrackedResourcesQueryResults:
130
    odata_context: Optional[str]
131
    odata_count: Optional[int]
132
    odata_next_link: Optional[str]
133
    value: Optional[List[PolicyTrackedResource]]
134
```
135
{ .api }
136


137
## Usage Examples
138


139
### Query All Tracked Resources for Subscription
140


141
```python
142
# Query all resources tracked by policies in a subscription
143
tracked_resources = client.policy_tracked_resources.list_query_results_for_subscription(
144
    subscription_id=subscription_id
145
)
146


147
for resource in tracked_resources:
148
    print(f"Resource ID: {resource.tracked_resource_id}")
149
    print(f"Resource Type: {resource.tracked_resource_type}")
150
    print(f"Last Updated: {resource.last_update_utc}")
151
    
152
    if resource.policy_details:
153
        policy = resource.policy_details
154
        print(f"Policy Assignment: {policy.policy_assignment_name}")
155
        print(f"Policy Definition: {policy.policy_definition_id}")
156
    
157
    print("---")
158
```
159


160
### Filter Tracked Resources by Type
161


162
```python
163
from azure.mgmt.policyinsights.models import QueryOptions
164


165
# Query only storage account resources being tracked
166
query_options = QueryOptions(
167
    filter="trackedResourceType eq 'Microsoft.Storage/storageAccounts'",
168
    top=50,
169
    orderby="lastUpdateUtc desc"
170
)
171


172
storage_tracked = client.policy_tracked_resources.list_query_results_for_subscription(
173
    subscription_id=subscription_id,
174
    query_options=query_options
175
)
176


177
print("Tracked Storage Accounts:")
178
for resource in storage_tracked:
179
    print(f"- {resource.tracked_resource_id}")
180
    print(f"  Last Modified: {resource.last_update_utc}")
181
    
182
    if resource.tracked_resource_modification_details:
183
        mod_details = resource.tracked_resource_modification_details
184
        print(f"  Modified by deployment: {mod_details.deployment_id}")
185
        print(f"  Deployment time: {mod_details.deployment_time}")
186
```
187


188
### Query Recently Modified Tracked Resources
189


190
```python
191
from datetime import datetime, timedelta
192


193
# Query resources modified in the last 7 days
194
week_ago = datetime.utcnow() - timedelta(days=7)
195
query_options = QueryOptions(
196
    filter=f"lastUpdateUtc ge {week_ago.isoformat()}Z",
197
    orderby="lastUpdateUtc desc",
198
    top=100
199
)
200


201
recent_tracked = client.policy_tracked_resources.list_query_results_for_subscription(
202
    subscription_id=subscription_id,
203
    query_options=query_options
204
)
205


206
print("Recently modified tracked resources:")
207
for resource in recent_tracked:
208
    print(f"Resource: {resource.tracked_resource_id}")
209
    print(f"Type: {resource.tracked_resource_type}")
210
    print(f"Modified: {resource.last_update_utc}")
211
    
212
    # Check if resource was modified by a remediation
213
    if resource.tracked_resource_modification_details:
214
        mod_details = resource.tracked_resource_modification_details
215
        if mod_details.deployment_id:
216
            print(f"  -> Modified by remediation deployment: {mod_details.deployment_id}")
217
    print()
218
```
219


220
### Query Tracked Resources for Specific Policy
221


222
```python
223
# Query resources tracked by a specific policy assignment
224
policy_assignment_id = "/subscriptions/{subscription-id}/providers/Microsoft.Authorization/policyAssignments/my-policy"
225


226
query_options = QueryOptions(
227
    filter=f"policyDetails/policyAssignmentId eq '{policy_assignment_id}'"
228
)
229


230
policy_tracked = client.policy_tracked_resources.list_query_results_for_subscription(
231
    subscription_id=subscription_id,
232
    query_options=query_options
233
)
234


235
print(f"Resources tracked by policy assignment:")
236
for resource in policy_tracked:
237
    print(f"- {resource.tracked_resource_id}")
238
    print(f"  Type: {resource.tracked_resource_type}")
239
    if resource.policy_details:
240
        print(f"  Assignment: {resource.policy_details.policy_assignment_name}")
241
```
242


243
### Monitor Resource Group Tracked Resources
244


245
```python
246
# Monitor tracked resources in a specific resource group
247
tracked_in_rg = client.policy_tracked_resources.list_query_results_for_resource_group(
248
    subscription_id=subscription_id,
249
    resource_group_name="production-rg",
250
    query_options=QueryOptions(orderby="trackedResourceType,trackedResourceId")
251
)
252


253
# Group by resource type
254
by_type = {}
255
for resource in tracked_in_rg:
256
    resource_type = resource.tracked_resource_type or "Unknown"
257
    if resource_type not in by_type:
258
        by_type[resource_type] = []
259
    by_type[resource_type].append(resource)
260


261
print("Tracked resources by type:")
262
for resource_type, resources in by_type.items():
263
    print(f"\n{resource_type} ({len(resources)} resources):")
264
    for resource in resources:
265
        print(f"  - {resource.tracked_resource_id}")
266
        if resource.policy_details:
267
            print(f"    Policy: {resource.policy_details.policy_assignment_name}")
268
```
269


270
### Check Individual Resource Tracking
271


272
```python
273
# Check if a specific resource is being tracked
274
resource_id = "/subscriptions/{subscription-id}/resourceGroups/{rg}/providers/Microsoft.Storage/storageAccounts/{name}"
275


276
tracked_resource = client.policy_tracked_resources.list_query_results_for_resource(
277
    resource_id=resource_id
278
)
279


280
tracked_list = list(tracked_resource)
281
if tracked_list:
282
    print(f"Resource {resource_id} is being tracked by {len(tracked_list)} policies:")
283
    for tracked in tracked_list:
284
        if tracked.policy_details:
285
            policy = tracked.policy_details
286
            print(f"- Policy Assignment: {policy.policy_assignment_name}")
287
            print(f"  Policy Definition: {policy.policy_definition_id}")
288
            print(f"  Last Updated: {tracked.last_update_utc}")
289
else:
290
    print(f"Resource {resource_id} is not currently being tracked by any policies")
291
```