Skip to content

Commit de221e5

Browse files
JulianHaywardJulianHayward
committed
6.6.3
1 parent 2fd36b4 commit de221e5

File tree

8 files changed

+96
-70
lines changed

8 files changed

+96
-70
lines changed

.azuredevops/pipelines/AzGovViz.pipeline.yml

Lines changed: 2 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Azure Governance Visualizer v6_major_20230717_1
1+
# Azure Governance Visualizer v6_major_20250501_1
22
# First things first:
33
# 1. Mandatory: In the AzGovViz.variables.yml file set needed variables 'ServiceConnection' and 'ManagementGroupId
44
# 2. Mandatory: Check line 20
@@ -9,7 +9,7 @@ trigger: none
99
pr: none
1010

1111
variables:
12-
- template: ./AzGovViz.variables.yml
12+
- template: 'AzGovViz.variables.yml'
1313

1414
schedules:
1515
- cron: "0 0,12 * * *"
@@ -19,17 +19,6 @@ schedules:
1919
include:
2020
- master #CHECK branch 'master' is applicable? - delete me :)
2121

22-
#Running AzOps? Run Azure Governance Visualizer after 'AzOps - Push' ..
23-
#AzOps accelerator https://github.com/Azure/AzOps-Accelerator
24-
#resources:
25-
# pipelines:
26-
# - pipeline: 'Push'
27-
# source: 'AzOps - Push'
28-
# trigger:
29-
# branches:
30-
# include:
31-
# - master #CHECK branch 'master' is applicable? - delete me :)
32-
3322
jobs:
3423
- job: AzureGovernanceVisualizer
3524
timeoutInMinutes: 0

README.md

Lines changed: 11 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -84,22 +84,16 @@ The [Azure Governance Visualizer accelerator](https://github.com/Azure/Azure-Gov
8484

8585
## Release history
8686

87-
**Changes** (2024-November-01 / 6.6.1 Patch)
87+
**Changes** (2025-May-01 / 6.6.3 Patch)
8888

89-
- HTML fix filters __TenantSummary__ PolicyAssignment, __ScopeInsights__ PolicySetAssignments
90-
- use [AzAPICall](https://aka.ms/AzAPICall) PowerShell module version 1.2.4 (Handle 'subscription not registered' `/providers/Microsoft.Security/settings`)
91-
92-
**Changes** (2024-October-26 / 6.6.0 Minor)
93-
94-
- Microsoft Defender for Cloud Coverage (Tenant Summary and CSV export). Example html:
95-
![MicrosoftDefenderForCloudCoverage_preview](img/MicrosoftDefenderForCloudCoverage_preview.png)
96-
- CostOptimization add `microsoft.network/privateendpoints` for intent=cost savings
97-
- extend ResourcesAll.csv output with sku and kind information
98-
- update [API reference](#api-reference) '/subscriptions/`subscriptionId`/resources' use API version 2024-03-01 (previous 2023-07-01)
99-
100-
**Changes** (2024-October-9 / 6.5.5 Patch)
101-
102-
- introduce a new optional [parameter](#parameters) `-SubscriptionIdWhitelist`, which defines the subscriptions that must match in order to be processed.
89+
- [issue53](https://github.com/Azure/Azure-Governance-Visualizer/issues/53)
90+
- fix -> Get Default Management Group; flag as 'unknown.', if principal has no permissions to get default Management Group (non root MG read)
91+
- update API-version `2020-02-01` to `2023-04-01` for '/providers/Microsoft.Management/managementGroups/`tenantId`/settings'
92+
- [issue278](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/278)
93+
- fix -> Getting Advisor Scores for Subscription; skip on error-code `500` `(error: 'AdvisorScore::List()'`
94+
- update API-version `2020-07-01-preview` to `2023-01-01` for '/subscriptions/`subscriptionId`/providers/Microsoft.Advisor/advisorScore'
95+
- [issue276](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/276)
96+
- fix -> Getting Microsoft Defender for Cloud Secure Score for Subscription; skip on error-code `431 (RequestHeaderFieldsTooLarge)`
10397

10498
[Full release history](history.md)
10599

@@ -588,12 +582,12 @@ Azure Governance Visualizer polls the following APIs
588582
| ARM | 2020-01-01-preview | /providers/Microsoft.Management/managementGroups/`managementGroupId`/providers/microsoft.insights/diagnosticSettings |
589583
| ARM | 2019-10-01 | /providers/Microsoft.Management/managementGroups/`managementGroupId`/providers/Microsoft.PolicyInsights/policyStates/latest/summarize |
590584
| ARM | 2020-05-01 | /providers/Microsoft.Management/managementGroups/`managementGroupId` |
591-
| ARM | 2020-02-01 | /providers/Microsoft.Management/managementGroups/`tenantId`/settings |
585+
| ARM | 2023-04-01 | /providers/Microsoft.Management/managementGroups/`tenantId`/settings |
592586
| ARM | 2020-05-01 | /providers/Microsoft.Management/managementGroups |
593587
| ARM | 2022-10-01 | /providers/Microsoft.ResourceGraph/resources |
594588
| ARM | 2021-05-01 | /`resourceId`/providers/Microsoft.Insights/metrics |
595589
| ARM | 2020-01-01 | /subscriptions/`subscriptionId`/locations |
596-
| ARM | 2020-07-01-preview | /subscriptions/`subscriptionId`/providers/Microsoft.Advisor/advisorScore |
590+
| ARM | 2023-01-01 | /subscriptions/`subscriptionId`/providers/Microsoft.Advisor/advisorScore |
597591
| ARM | 2016-09-01 | /subscriptions/`subscriptionId`/providers/Microsoft.Authorization/locks |
598592
| ARM | 2021-06-01 | /subscriptions/`subscriptionId`/providers/Microsoft.Authorization/policyAssignments |
599593
| ARM | 2021-06-01 | /subscriptions/`subscriptionId`/providers/Microsoft.Authorization/policyDefinitions |

history.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,17 @@
44

55
### Azure Governance Visualizer version 6
66

7+
**Changes** (2025-May-01 / 6.6.3 Patch)
8+
9+
- [issue53](https://github.com/Azure/Azure-Governance-Visualizer/issues/53)
10+
- fix -> Get Default Management Group; flag as 'unknown.', if principal has no permissions to get default Management Group (non root MG read)
11+
- update API-version `2020-02-01` to `2023-04-01` for '/providers/Microsoft.Management/managementGroups/`tenantId`/settings'
12+
- [issue278](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/278)
13+
- fix -> Getting Advisor Scores for Subscription; skip on error-code `500` `(error: 'AdvisorScore::List()'`
14+
- update API-version `2020-07-01-preview` to `2023-01-01` for '/subscriptions/`subscriptionId`/providers/Microsoft.Advisor/advisorScore'
15+
- [issue276](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/276)
16+
- fix -> Getting Microsoft Defender for Cloud Secure Score for Subscription; skip on error-code `431 (RequestHeaderFieldsTooLarge)`
17+
718
**Changes** (2024-November-01 / 6.6.1 Patch)
819

920
- HTML fix filters __TenantSummary__ PolicyAssignment, __ScopeInsights__ PolicySetAssignments

pwsh/AzGovVizParallel.ps1

Lines changed: 35 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -371,7 +371,7 @@ Param
371371
$Product = 'AzGovViz',
372372

373373
[string]
374-
$ProductVersion = '6.6.2',
374+
$ProductVersion = '6.6.3',
375375

376376
[string]
377377
$GithubRepository = 'aka.ms/AzGovViz',
@@ -3821,21 +3821,30 @@ function getDefaultManagementGroup {
38213821
$currentTask = 'Get Default Management Group'
38223822
Write-Host $currentTask
38233823
#https://learn.microsoft.com/azure/governance/management-groups/how-to/protect-resource-hierarchy#setting---default-management-group
3824-
$uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/providers/Microsoft.Management/managementGroups/$($azAPICallConf['checkContext'].Tenant.Id)/settings?api-version=2020-02-01"
3824+
$uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/providers/Microsoft.Management/managementGroups/$($azAPICallConf['checkContext'].Tenant.Id)/settings?api-version=2023-04-01"
38253825
$method = 'GET'
3826-
$settingsMG = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask
3826+
#fix https://github.com/Azure/Azure-Governance-Visualizer/issues/53
3827+
$settingsMG = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -skipOnErrorCode 403
38273828

3828-
if (($settingsMG).count -gt 0) {
3829-
Write-Host " default ManagementGroup Id: $($settingsMG.properties.defaultManagementGroup)"
3830-
$script:defaultManagementGroupId = $settingsMG.properties.defaultManagementGroup
3831-
Write-Host " requireAuthorizationForGroupCreation: $($settingsMG.properties.requireAuthorizationForGroupCreation)"
3832-
$script:requireAuthorizationForGroupCreation = $settingsMG.properties.requireAuthorizationForGroupCreation
3829+
if ($settingsMG) {
3830+
if (($settingsMG).count -gt 0) {
3831+
Write-Host " default ManagementGroup Id: $($settingsMG.properties.defaultManagementGroup)"
3832+
$script:defaultManagementGroupId = $settingsMG.properties.defaultManagementGroup
3833+
Write-Host " requireAuthorizationForGroupCreation: $($settingsMG.properties.requireAuthorizationForGroupCreation)"
3834+
$script:requireAuthorizationForGroupCreation = $settingsMG.properties.requireAuthorizationForGroupCreation
3835+
}
3836+
else {
3837+
Write-Host " default ManagementGroup: $(($azAPICallConf['checkContext']).Tenant.Id) (Tenant Root)"
3838+
$script:defaultManagementGroupId = ($azAPICallConf['checkContext']).Tenant.Id
3839+
$script:requireAuthorizationForGroupCreation = $false
3840+
}
38333841
}
38343842
else {
3835-
Write-Host " default ManagementGroup: $(($azAPICallConf['checkContext']).Tenant.Id) (Tenant Root)"
3836-
$script:defaultManagementGroupId = ($azAPICallConf['checkContext']).Tenant.Id
3837-
$script:requireAuthorizationForGroupCreation = $false
3843+
Write-Host " default ManagementGroup: could not be determined, flagging default ManagementGroup as 'unknown.'"
3844+
$script:defaultManagementGroupId = 'unknown.'
3845+
$script:requireAuthorizationForGroupCreation = 'unknown.'
38383846
}
3847+
38393848
}
38403849
function getEntities {
38413850
Write-Host 'Entities'
@@ -30875,9 +30884,10 @@ function dataCollectionAdvisorScores {
3087530884
)
3087630885

3087730886
$currentTask = "Getting Advisor Scores for Subscription: '$($scopeDisplayName)' ('$scopeId') [quotaId:'$SubscriptionQuotaId']"
30878-
$uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/subscriptions/$($scopeId)/providers/Microsoft.Advisor/advisorScore?api-version=2020-07-01-preview"
30887+
$uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/subscriptions/$($scopeId)/providers/Microsoft.Advisor/advisorScore?api-version=2023-01-01"
3087930888
$method = 'GET'
30880-
$advisorScoreResult = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -caller 'CustomDataCollection' -skipOnErrorCode 404
30889+
#fix https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/278
30890+
$advisorScoreResult = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -caller 'CustomDataCollection' -skipOnErrorCode 404, 500
3088130891

3088230892
if ($advisorScoreResult -eq 'SubScriptionNotRegistered' -or $advisorScoreResult -eq 'DisallowedProvider') {
3088330893
}
@@ -32514,13 +32524,19 @@ function dataCollectionASCSecureScoreSub {
3251432524
$currentTask = "Getting Microsoft Defender for Cloud Secure Score for Subscription: '$($scopeDisplayName)' ('$scopeId') [quotaId:'$subscriptionQuotaId']"
3251532525
$uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/subscriptions/$($scopeId)/providers/Microsoft.Security/securescores?api-version=2020-01-01"
3251632526
$method = 'GET'
32517-
$subASCSecureScoreResult = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -caller 'CustomDataCollection'
32527+
#fix https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/276
32528+
$subASCSecureScoreResult = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -caller 'CustomDataCollection' -skipOnErrorCode 431
3251832529

32519-
if ($subASCSecureScoreResult -ne 'DisallowedProvider') {
32520-
$subASCSecureScoreResultASCScore = ($subASCSecureScoreResult.where({ $_.name -eq 'ascScore' }))
32521-
if ($subASCSecureScoreResultASCScore.count -gt 0) {
32522-
$secureScorePercentageRounded = [math]::Round(($subASCSecureScoreResultASCScore.properties.score.current / $subASCSecureScoreResultASCScore.properties.score.max * 100), 2)
32523-
$subscriptionASCSecureScore = "$($secureScorePercentageRounded)% ($($subASCSecureScoreResultASCScore.properties.score.current) of $($subASCSecureScoreResultASCScore.properties.score.max) points)"
32530+
if ($subASCSecureScoreResult) {
32531+
if ($subASCSecureScoreResult -ne 'DisallowedProvider') {
32532+
$subASCSecureScoreResultASCScore = ($subASCSecureScoreResult.where({ $_.name -eq 'ascScore' }))
32533+
if ($subASCSecureScoreResultASCScore.count -gt 0) {
32534+
$secureScorePercentageRounded = [math]::Round(($subASCSecureScoreResultASCScore.properties.score.current / $subASCSecureScoreResultASCScore.properties.score.max * 100), 2)
32535+
$subscriptionASCSecureScore = "$($secureScorePercentageRounded)% ($($subASCSecureScoreResultASCScore.properties.score.current) of $($subASCSecureScoreResultASCScore.properties.score.max) points)"
32536+
}
32537+
else {
32538+
$subscriptionASCSecureScore = 'n/a'
32539+
}
3252432540
}
3252532541
else {
3252632542
$subscriptionASCSecureScore = 'n/a'

pwsh/dev/devAzGovVizParallel.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -371,7 +371,7 @@ Param
371371
$Product = 'AzGovViz',
372372

373373
[string]
374-
$ProductVersion = '6.6.2',
374+
$ProductVersion = '6.6.3',
375375

376376
[string]
377377
$GithubRepository = 'aka.ms/AzGovViz',

pwsh/dev/functions/dataCollection/dataCollectionFunctions.ps1

Lines changed: 16 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -88,9 +88,10 @@ function dataCollectionAdvisorScores {
8888
)
8989

9090
$currentTask = "Getting Advisor Scores for Subscription: '$($scopeDisplayName)' ('$scopeId') [quotaId:'$SubscriptionQuotaId']"
91-
$uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/subscriptions/$($scopeId)/providers/Microsoft.Advisor/advisorScore?api-version=2020-07-01-preview"
91+
$uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/subscriptions/$($scopeId)/providers/Microsoft.Advisor/advisorScore?api-version=2023-01-01"
9292
$method = 'GET'
93-
$advisorScoreResult = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -caller 'CustomDataCollection' -skipOnErrorCode 404
93+
#fix https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/278
94+
$advisorScoreResult = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -caller 'CustomDataCollection' -skipOnErrorCode 404, 500
9495

9596
if ($advisorScoreResult -eq 'SubScriptionNotRegistered' -or $advisorScoreResult -eq 'DisallowedProvider') {
9697
}
@@ -1727,13 +1728,19 @@ function dataCollectionASCSecureScoreSub {
17271728
$currentTask = "Getting Microsoft Defender for Cloud Secure Score for Subscription: '$($scopeDisplayName)' ('$scopeId') [quotaId:'$subscriptionQuotaId']"
17281729
$uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/subscriptions/$($scopeId)/providers/Microsoft.Security/securescores?api-version=2020-01-01"
17291730
$method = 'GET'
1730-
$subASCSecureScoreResult = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -caller 'CustomDataCollection'
1731-
1732-
if ($subASCSecureScoreResult -ne 'DisallowedProvider') {
1733-
$subASCSecureScoreResultASCScore = ($subASCSecureScoreResult.where({ $_.name -eq 'ascScore' }))
1734-
if ($subASCSecureScoreResultASCScore.count -gt 0) {
1735-
$secureScorePercentageRounded = [math]::Round(($subASCSecureScoreResultASCScore.properties.score.current / $subASCSecureScoreResultASCScore.properties.score.max * 100), 2)
1736-
$subscriptionASCSecureScore = "$($secureScorePercentageRounded)% ($($subASCSecureScoreResultASCScore.properties.score.current) of $($subASCSecureScoreResultASCScore.properties.score.max) points)"
1731+
#fix https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/276
1732+
$subASCSecureScoreResult = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -caller 'CustomDataCollection' -skipOnErrorCode 431
1733+
1734+
if ($subASCSecureScoreResult) {
1735+
if ($subASCSecureScoreResult -ne 'DisallowedProvider') {
1736+
$subASCSecureScoreResultASCScore = ($subASCSecureScoreResult.where({ $_.name -eq 'ascScore' }))
1737+
if ($subASCSecureScoreResultASCScore.count -gt 0) {
1738+
$secureScorePercentageRounded = [math]::Round(($subASCSecureScoreResultASCScore.properties.score.current / $subASCSecureScoreResultASCScore.properties.score.max * 100), 2)
1739+
$subscriptionASCSecureScore = "$($secureScorePercentageRounded)% ($($subASCSecureScoreResultASCScore.properties.score.current) of $($subASCSecureScoreResultASCScore.properties.score.max) points)"
1740+
}
1741+
else {
1742+
$subscriptionASCSecureScore = 'n/a'
1743+
}
17371744
}
17381745
else {
17391746
$subscriptionASCSecureScore = 'n/a'

pwsh/dev/functions/getDefaultManagementGroup.ps1

Lines changed: 19 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2,19 +2,28 @@
22
$currentTask = 'Get Default Management Group'
33
Write-Host $currentTask
44
#https://learn.microsoft.com/azure/governance/management-groups/how-to/protect-resource-hierarchy#setting---default-management-group
5-
$uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/providers/Microsoft.Management/managementGroups/$($azAPICallConf['checkContext'].Tenant.Id)/settings?api-version=2020-02-01"
5+
$uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/providers/Microsoft.Management/managementGroups/$($azAPICallConf['checkContext'].Tenant.Id)/settings?api-version=2023-04-01"
66
$method = 'GET'
7-
$settingsMG = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask
7+
#fix https://github.com/Azure/Azure-Governance-Visualizer/issues/53
8+
$settingsMG = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -skipOnErrorCode 403
89

9-
if (($settingsMG).count -gt 0) {
10-
Write-Host " default ManagementGroup Id: $($settingsMG.properties.defaultManagementGroup)"
11-
$script:defaultManagementGroupId = $settingsMG.properties.defaultManagementGroup
12-
Write-Host " requireAuthorizationForGroupCreation: $($settingsMG.properties.requireAuthorizationForGroupCreation)"
13-
$script:requireAuthorizationForGroupCreation = $settingsMG.properties.requireAuthorizationForGroupCreation
10+
if ($settingsMG) {
11+
if (($settingsMG).count -gt 0) {
12+
Write-Host " default ManagementGroup Id: $($settingsMG.properties.defaultManagementGroup)"
13+
$script:defaultManagementGroupId = $settingsMG.properties.defaultManagementGroup
14+
Write-Host " requireAuthorizationForGroupCreation: $($settingsMG.properties.requireAuthorizationForGroupCreation)"
15+
$script:requireAuthorizationForGroupCreation = $settingsMG.properties.requireAuthorizationForGroupCreation
16+
}
17+
else {
18+
Write-Host " default ManagementGroup: $(($azAPICallConf['checkContext']).Tenant.Id) (Tenant Root)"
19+
$script:defaultManagementGroupId = ($azAPICallConf['checkContext']).Tenant.Id
20+
$script:requireAuthorizationForGroupCreation = $false
21+
}
1422
}
1523
else {
16-
Write-Host " default ManagementGroup: $(($azAPICallConf['checkContext']).Tenant.Id) (Tenant Root)"
17-
$script:defaultManagementGroupId = ($azAPICallConf['checkContext']).Tenant.Id
18-
$script:requireAuthorizationForGroupCreation = $false
24+
Write-Host " default ManagementGroup: could not be determined, flagging default ManagementGroup as 'unknown.'"
25+
$script:defaultManagementGroupId = 'unknown.'
26+
$script:requireAuthorizationForGroupCreation = 'unknown.'
1927
}
28+
2029
}

version.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
{
2-
"ProductVersion": "6.6.2"
2+
"ProductVersion": "6.6.3"
33
}

0 commit comments

Comments
 (0)