search

JimGBritt / AzurePolicy

Sample Azure Policies
MIT License
111 stars 56 forks source link

Trigger-PolicyInitiativeRemediation.ps1: Remediate "" Initiative? #37

Open davecore82 opened 3 years ago

davecore82 commented 3 years ago

When trying to run the script Trigger-PolicyInitiativeRemediation.ps1 in management group mode, both interactively or by specifying parameters, the script asks:

Selecting Azure Policy Initiative: ...

Remediate "" Initiative?
Create a set of remediation tasks for Policy Initiative "". Continue?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"):

I am afraid to say Yes because I don't know what Initiative it's trying to run.

Full output of both methods:

PS /home/david/AzurePolicy/AzureMonitor/Scripts> ./Trigger-PolicyInitiativeRemediation.ps1 -ManagementGroup
Authenticating to Azure...
Please select a Management Group from the list below

 # Name                    DisplayName             Id
 - ----                    -----------             --
 1 [...] [...] /providers/Microsoft.Management/managementGroups/[...]
 2 [...]    [...]    /providers/Microsoft.Management/managementGroups/[...]
 3 [...]   [...]   /providers/Microsoft.Management/managementGroups/[...]
 4 [...]         [...]         /providers/Microsoft.Management/managementGroups/[...]
 5 [...]        [...]        /providers/Microsoft.Management/managementGroups/[...]
 6 [...]           [...]           /providers/Microsoft.Management/managementGroups/[...]
 7 [...]          [...]          /providers/Microsoft.Management/managementGroups/[...]
 8 [...]  [...]  /providers/Microsoft.Management/managementGroups/[...]
 9 [...]     [...]     /providers/Microsoft.Management/managementGroups/[...]
10 [...]   [...]   /providers/Microsoft.Management/managementGroups/[...]
11 [...]      [...]      /providers/Microsoft.Management/managementGroups/[...]
12 [...]                [...]                /providers/Microsoft.Management/managementGroups/[...]
13 [...]           [...]           /providers/Microsoft.Management/managementGroups/[...]
14 [...]        [...]        /providers/Microsoft.Management/managementGroups/[...]
15 [...]           [...]           /providers/Microsoft.Management/managementGroups/[...]
16 [...]    [...]    /providers/Microsoft.Management/managementGroups/[...]
17 [...]       [...]       /providers/Microsoft.Management/managementGroups/[...]
18 [...]          [...]          /providers/Microsoft.Management/managementGroups/[...]
19 [...]          [...]          /providers/Microsoft.Management/managementGroups/[...]
20 [...]             [...]             /providers/Microsoft.Management/managementGroups/[...]

If you don't see your ManagementGroupID try using the parameter -ManagementGroupID
Please enter a selection from 1 to 20: 12
Selecting Management Group: [...] ...
Selecting Azure Policy Initiative: ...

Remediate "" Initiative?
Create a set of remediation tasks for Policy Initiative "". Continue?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): n
You have cancelled the remediation request for
Setting Context back to initial subscription [...]
Complete

Script execution time: 0 minutes and 28 seconds.

PS /home/david/AzurePolicy/AzureMonitor/Scripts> ./Trigger-PolicyInitiativeRemediation.ps1 -ManagementGroup -ManagementGroupID "[...]" -PolicyAssignmentId "/providers/Microsoft.Management/managementGroups/[...]/providers/Microsoft.Authorization/policyAssignments/[...]"
Authenticating to Azure...
Selecting Azure Policy Initiative: ...

Remediate "" Initiative?
Create a set of remediation tasks for Policy Initiative "". Continue?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): n
You have cancelled the remediation request for
Setting Context back to initial subscription [...]
Complete

Script execution time: 0 minutes and 35 seconds.
davecore82 commented 3 years ago

Actually, choosing Yes to that prompt does what I needed. It's just that I never visually get to see the initiative before choosing Yes. Does the script automatically choose the initiative if there's only one possibility? If so, maybe the script shouldn't make that assumption and should show the list, even if there's only one initiative in it.

JimGBritt commented 2 years ago

@davecore82 - good point - yes it does automatically choose it if there is only one. Given this is a "write" operation, let me see if I can get some time to just add it in as a single menu item to select. Most folks when they get going will bypass the menu and just use params but when you are getting started using the script, makes total sense.