Feature - Create Pipeline/Workflow for Policy Remediaton and Compliance Check Powershell

[mejdm5]

MonitoringOnboarding currently uses bicep to check compliance during policy Deployment and create a remediation task. This is slow around ~15 minutes per subscription. This needs to be it's own workflow or pipeline and removed from the "MonitoringOnboardingStack"

[mejdm5]

Current Status

Developing powershell scripts to do the following things:

1. Set Variables
2. Gather info about current clients that are marked as onboarded (testing azure table storage process here)
3. Set context to client subscription
4. Get azPolicyState and filter policyState to find all non-compliant policies based on filter (azMSP)
5. Filter further to unique non-compliant policies (azure pulls every resource, so duplicates show)
6. determine if this is a single policy, or initiative.
7. Create a remediation task based on some inputs
8. Check for successful remediation
9. Output status to be used later (no use case for this just yet)

Sample code for gathering info from table storage (TESTING)

#region gather all subscription details from table storage
$resourceGroup = "masvc-lighthouseAutomation-rg" 
$storageAccountName = "masvclighthousetables001"
$tableName = "azMSPClients"
$storageAccount = Get-AzStorageAccount -ResourceGroupName $resourceGroup -Name $storageAccountName
$ctx = $storageAccount.Context
$cloudTable = (Get-AzStorageTable -Name $tableName -Context $ctx).CloudTable
$partitionKey1 = "azMSPSubscriptions1"

# Get current subscriptions stored in Table
$currentSubscriptions = Get-AzTableRow `
-table $cloudTable `
-CustomFilter "(onboarded eq true)"
##endregion