Merge pull request #121137 from DCtheGeek/dmc-policy-vscodeupdate

ShannonLeavitt · web-flow · commit c6b1416908e2 · 2020-10-20T13:22:20.000-06:00
Policy: Update to Policy extension for VSCode
diff --git a/articles/governance/policy/how-to/extension-for-vscode.md b/articles/governance/policy/how-to/extension-for-vscode.md
@@ -1,17 +1,17 @@
 ---
 title: Azure Policy extension for Visual Studio Code
 description: Learn how to use the Azure Policy extension for Visual Studio Code to look up Azure Resource Manager aliases.
-ms.date: 10/14/2020
+ms.date: 10/20/2020
 ms.topic: how-to
 ---
 # Use Azure Policy extension for Visual Studio Code
 
-> Applies to Azure Policy extension version **0.0.21** and newer
+> Applies to Azure Policy extension version **0.1.0** and newer
 
 Learn how to use the Azure Policy extension for Visual Studio Code to look up
-[aliases](../concepts/definition-structure.md#aliases) and review resources and policies. First,
-we'll describe how to install the Azure Policy extension in Visual Studio Code. Then we'll walk
-through how to look up aliases.
+[aliases](../concepts/definition-structure.md#aliases), review resources and policies, export
+objects, and evaluate policy definitions. First, we'll describe how to install the Azure Policy
+extension in Visual Studio Code. Then we'll walk through how to look up aliases.
 
 Azure Policy extension for Visual Studio Code can be installed on all platforms that are supported
 by Visual Studio Code. This support includes Windows, Linux, and macOS.
@@ -192,6 +192,64 @@ the treeview, the Azure Policy extension opens the JSON that represents the poli
 all its Resource Manager property values. The extension can validate the opened Azure Policy JSON
 schema.
 
+## Export objects
+
+Objects from your subscriptions can be exported to a local JSON file. In either the **Resources** or
+**Policies** pane, hover over or select an exportable object. At the end of the highlighted row,
+select the save icon and select a folder to save that resources JSON.
+
+The following objects can be exported locally:
+
+- Resources pane
+  - Resource groups
+  - Individual resources (either in a resource group or under a Resource Provider)
+- Policies pane
+  - Policy assignments
+  - Built-in policy definitions
+  - Custom policy definitions
+  - Initiatives
+
+## On-demand evaluation scan
+
+An evaluation scan can be started with the Azure Policy extension for Visual Studio Code. To start
+an evaluation, select and pin each of the following objects: a resource, a policy definition, and a
+policy assignment.
+
+1. To pin each object, find it in either the **Resources** pane or the **Policies** pane and select
+   the pin to an edit tab icon. Pinning an object adds it to the **Evaluation** pane of the
+   extension.
+1. In the **Evaluation** pane, select one of each object and use the select for evaluation icon to
+   mark it as included in the evaluation.
+1. At the top of the **Evaluation** pane, select the run evaluation icon. A new pane in Visual
+   Studio Code opens with the resulting evaluation details in JSON form.
+
+> [!NOTE]
+> If the selected policy definition is either an
+> [AuditIfNotExists](../concepts/effects.md#auditifnotexists) or
+> [DeployIfNotExists](../concepts/effects.md#deployifnotexists), in the **Evaluation** pane use the
+> plus icon to selected a _related_ resource for the existence check.
+
+The evaluation results provide information about the policy definition and policy assignment along
+with the **policyEvaluations.evaluationResult** property. The output looks similar to the following
+example:
+
+```json
+{
+    "policyEvaluations": [
+        {
+            "policyInfo": {
+                ...
+            },
+            "evaluationResult": "Compliant",
+            "effectDetails": {
+                "policyEffect": "Audit",
+                "existenceScope": "None"
+            }
+        }
+    ]
+}
+```
+
 ## Sign out
 
 From the menu bar, go to **View** > **Command Palette**, and then enter **Azure: Sign Out**.
diff --git a/articles/governance/policy/how-to/get-compliance-data.md b/articles/governance/policy/how-to/get-compliance-data.md
@@ -125,7 +125,7 @@ resource group:
 az policy state trigger-scan --resource-group "MyRG"
 ```
 
-You can chose not to wait for the asynchronous process to complete before continuing with the
+You can choose not to wait for the asynchronous process to complete before continuing with the
 **no-wait** parameter.
 
 #### On-demand evaluation scan - Azure PowerShell
@@ -215,6 +215,13 @@ with the status:
 }
 ```
 
+#### On-demand evaluation scan - Visual Studio Code
+
+The Azure Policy extension for Visual Studio code is capable of running an evaluation scan for a
+specific resource. This scan is a synchronous process, unlike the Azure PowerShell and REST methods.
+For details and steps, see
+[On-demand evaluation with the VS Code extension](./extension-for-vscode.md#on-demand-evaluation-scan).
+
 ## How compliance works
 
 In an assignment, a resource is **Non-compliant** if it doesn't follow policy or initiative rules
