New feature 'ALZ EverGreen' - Azure Landing Zones EverGreen for Policy and Set definitions. AzGovViz will clone the ALZ GitHub repository and collect the ALZ policy and set definitions history. The ALZ data will be compared with the data from your tenant so that you can get lifecycle management recommendations for ALZ policy and set definitions that already exist in your tenant plus a list of ALZ policy and set definitions that do not exist in your tenant. The ALZ EverGreen results will be displayed in the TenantSummary and a CSV export *_ALZEverGreen.csv will be provided. Thanks! ALZ Team
New parameter -NoALZEverGreen - Do not execute the ALZ EverGreen feature
Update: Per default DefinitionInsights will be written to a separate HTML file. This will improve the html file handling (browser memory usage /response time / user experience).
Note: Please update your Azure DevOps and GitHub YAML files with the latest versions if you are using the webApp publishing feature
New parameter -NoDefinitionInsightsDedicatedHTML (DefinitionInsights will NOT be written to a separate HTML file *_DefinitionInsights.html)
Fix consumption reporting for large tenants with more than 3k subscriptions (Management Group abc has too many subscriptions , exceeding CCM API Current Limit 3000)
Fix CSV export *_PolicySetDefinitions.csv - Builtin Policy definitions contained in PolicySet definitions will only show the GUID instead of the full ID as for large PolicySet definitions the field size limit in Excel may be exceeded (column: PoliciesUsed4CSV)
BuiltIn definitions collection - add 'Static' Policy definitions (part of DefinitionInsights and *_PolicyDefinitions.csv)
Update: IMPORTANT Fix for custom Role definitions / missing DataActions and NotDataActions
Update API reference roleDefinitions use API version 2018-07-01 (API version 2022-04-01 not available in sovereign clouds)
BugFix
Changes (2022-Aug-03 / Major)
IMPORTANT Fix for custom Role definitions / missing DataActions and NotDataActions
Update API reference roleDefinitions use API version 2022-04-01
BugFix
Changes (2022-Jul-31 / Major)
Update on feature 'PIM (Privileged Identity Management) eligible Role assignments'
Integrate with RoleAssignmentsAll (HTML, CSV)
New parameter -NoPIMEligibilityIntegrationRoleAssignmentsAll - Prevent integration of PIM eligible assignments with RoleAssignmentsAll (HTML, CSV)
Fix: PIM 'Assigned' and 'Activated' Role assignments now also reflect inheritance for lower scopes
Bugfixes & optimizations
Changes (2022-Jul-28 / Major)
Update on feature 'PIM (Privileged Identity Management) eligible Role assignments'
new parameter -PIMEligibilityIgnoreScope - By default will only report for PIM Elibility for the scope (ManagementGroupId) that was provided. If you use the new switch parameter then PIM Eligibility for all onboarded scopes (Management Groups and Subscriptions) will be reported.
New feature 'PIM (Privileged Identity Management) eligible Role assignments' (TenantSummary)
⛔ Breaking Change! requires API permissions update!
Get a full report of all PIM eligible Role assignments for Management Groups and Subscriptions, including resolved User members of AAD Groups that have assigned eligibility
Spoiler: Next iteration will include ScopeInsights, showing entire eligible Role assignments on Subscriptions including from upper Management Group scopes
💡 Note: this feature requires to execute as Service Principal with Application API permission PrivilegedAccess.Read.AzureResources
line of changes since the last PR
Changes (2022-Sep-12 / Major)
*_ALZEverGreen.csv
will be provided. Thanks! ALZ Team-NoALZEverGreen
- Do not execute the ALZ EverGreen feature-NoDefinitionInsightsDedicatedHTML
(DefinitionInsights will NOT be written to a separate HTML file*_DefinitionInsights.html
)*_ResourceFluctuationDetailed.csv
) CSV output (add/remove, scope details, resource details)*_PolicySetDefinitions.csv
- Builtin Policy definitions contained in PolicySet definitions will only show the GUID instead of the full ID as for large PolicySet definitions the field size limit in Excel may be exceeded (column: PoliciesUsed4CSV)*_PolicyDefinitions.csv
)Changes (2022-Aug-17 / Major)
Changes (2022-Aug-03 / Major)
Changes (2022-Jul-31 / Major)
-NoPIMEligibilityIntegrationRoleAssignmentsAll
- Prevent integration of PIM eligible assignments with RoleAssignmentsAll (HTML, CSV)Changes (2022-Jul-28 / Major)
-PIMEligibilityIgnoreScope
- By default will only report for PIM Elibility for the scope (ManagementGroupId
) that was provided. If you use the new switch parameter then PIM Eligibility for all onboarded scopes (Management Groups and Subscriptions) will be reported.Changes (2022-Jul-26 / Major)
⛔ Breaking Change! requires API permissions update!
Application
API permissionPrivilegedAccess.Read.AzureResources