Add Invoke-ComplianceEvaluation

lazywinadmin · lazywinadmin · commit 9b88b265751c · 2020-10-04T21:19:44.000-07:00
diff --git a/AZURE-Policy-Invoke-ComplianceEvaluation/Invoke-ComplianceEvaluation.ps1 b/AZURE-Policy-Invoke-ComplianceEvaluation/Invoke-ComplianceEvaluation.ps1
@@ -0,0 +1,50 @@
+function Invoke-ComplianceEvaluation {
+    <#
+    .SYNOPSIS
+        Function to trigger compliance evalution for Azure Policies on a specific Resource Group or Subscription
+    .description
+        The code assume you are already authenticated to azure
+    .example
+        # Load the function
+        . ./invoke-complianceevaluation
+        # Trigger Policy Compliance evaluation against current subscription
+        Invoke-ComplianceEvaluation
+    .example
+        # Load the function
+        . ./invoke-complianceevaluation
+        # Trigger Policy Compliance evaluation against specified subscription
+        Invoke-ComplianceEvaluation -subscriptionid <uid>
+    .example
+        # Load the function
+        . ./invoke-complianceevaluation
+        # Trigger Policy Compliance evaluation against specified resource group in the current subscription
+        Invoke-ComplianceEvaluation -ResourceGroupName MyRg
+
+    .example
+        # Load the function
+        . ./invoke-complianceevaluation
+        # Trigger Policy Compliance evaluation against specified resource group in the specified subscription
+        Invoke-ComplianceEvaluation -ResourceGroupName MyRg -subscriptionid <uid>
+
+    #>
+    param($resourceGroupName,$subscriptionId)
+
+    if(-not $subscriptionId){
+        $subscriptionId = (Get-AzContext).subscription.id
+    }
+    $uri = "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation?api-version=2018-07-01-preview"
+
+    if ($resourceGroupName){
+        $uri = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation?api-version=2018-07-01-preview"
+    }
+
+    $azContext = Get-AzContext
+    $azProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
+    $profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($azProfile)
+    $token = $profileClient.AcquireAccessToken($azContext.Tenant.Id)
+    $authHeader = @{
+        'Content-Type'='application/json'
+        'Authorization'='Bearer ' + $token.AccessToken
+    }
+    Invoke-RestMethod -Method Post -Uri $uri -UseBasicParsing -Headers $authHeader
+}
diff --git a/AZURE-Policy-Invoke-ComplianceEvaluation/readme.md b/AZURE-Policy-Invoke-ComplianceEvaluation/readme.md
@@ -0,0 +1,19 @@
+```
+# The code assume you are already connected to azure
+
+# Load the function
+. ./invoke-complianceevaluation
+
+# Trigger Policy Compliance evaluation against current subscription
+Invoke-ComplianceEvaluation
+
+# Trigger Policy Compliance evaluation against specified subscription
+Invoke-ComplianceEvaluation -subscriptionid <uid>
+
+# Trigger Policy Compliance evaluation against ResourceGroup specified (in current subscription)
+Invoke-ComplianceEvaluation -ResourceGroupName MyRg
+
+# Trigger Policy Compliance evaluation against ResourceGroup specified (in specified subscription)
+Invoke-ComplianceEvaluation -ResourceGroupName MyRg -subscriptionid <uid>
+
+```
