Set-AzPolicyAttestation

Module:: Az.PolicyInsights Module

Modifies a policy attestation.

Syntax

ByName (Default)

Set-AzPolicyAttestation
    -Name <String>
    [-Scope <String>]
    [-ResourceGroupName <String>]
    [-PolicyAssignmentId <String>]
    [-ComplianceState <String>]
    [-PolicyDefinitionReferenceId <String>]
    [-ExpiresOn <DateTime>]
    [-Owner <String>]
    [-Comment <String>]
    [-Evidence <PSAttestationEvidence[]>]
    [-AssessmentDate <DateTime>]
    [-Metadata <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

ByResourceId

Set-AzPolicyAttestation
    -ResourceId <String>
    [-PolicyAssignmentId <String>]
    [-ComplianceState <String>]
    [-PolicyDefinitionReferenceId <String>]
    [-ExpiresOn <DateTime>]
    [-Owner <String>]
    [-Comment <String>]
    [-Evidence <PSAttestationEvidence[]>]
    [-AssessmentDate <DateTime>]
    [-Metadata <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

ByInputObject

Set-AzPolicyAttestation
    -InputObject <PSAttestation>
    [-PolicyAssignmentId <String>]
    [-ComplianceState <String>]
    [-PolicyDefinitionReferenceId <String>]
    [-ExpiresOn <DateTime>]
    [-Owner <String>]
    [-Comment <String>]
    [-Evidence <PSAttestationEvidence[]>]
    [-AssessmentDate <DateTime>]
    [-Metadata <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

The Set-AzPolicyAttestation cmdlet modifies a policy attestation. Specify an attestation by Id or by Name and scope, or via piping.

Note: An existing policy attestation's policyAssignmentId or policyDefinitionReferenceId cannot be modified.

Examples

Example 1: Update an attestation by name

Set-AzContext -Subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4"
# Update the existing attestation by resource name at subscription scope (default)
$comment = "Setting the state to non compliant"
$attestationName = "attestation-subscription"
$policyAssignmentId = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/Microsoft.Authorization/policyAssignments/PSAttestationSubAssignment"
Set-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "NonCompliant" -Comment $comment

Id                          : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.policyinsights/attestations/
                              attestation-subscription
Name                        : attestation-subscription
Type                        : Microsoft.PolicyInsights/attestations
PolicyAssignmentId          : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
                              nts/psattestationsubassignment
PolicyDefinitionReferenceId :
ComplianceState             : NonCompliant
ExpiresOn                   :
Owner                       :
Comment                     : Setting the state to non compliant
Evidence                    :
ProvisioningState           : Succeeded
LastComplianceStateChangeAt : 1/27/2023 4:00:04 PM
AssessmentDate              :
Metadata                    :
SystemData                  :

The command here sets the compliance state and adds a comment to an existing attestation with name 'attestation-subscription' in the subscription with id 'd1acb22b-c876-44f7-b08e-3fcf9f6767f4'

Example 2: Update an attestation by ResourceId

# Get an attestation
$rgName = "ps-attestation-test-rg"
$attestationName = "attestation-RG"
$attestation = Get-AzPolicyAttestation -ResourceGroupName $rgName -Name $attestationName

# Update the existing attestation by resource ID at RG
$expiresOn = [System.DateTime]::UtcNow.AddYears(1)
Set-AzPolicyAttestation -Id $attestation.Id -ExpiresOn $expiresOn

Id                          : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/
                              microsoft.policyinsights/attestations/attestation-rg
Name                        : attestation-rg
Type                        : Microsoft.PolicyInsights/attestations
PolicyAssignmentId          : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
                              nts/psattestationrgassignment
PolicyDefinitionReferenceId :
ComplianceState             :
ExpiresOn                   : 1/27/2024 4:04:24 PM
Owner                       :
Comment                     :
Evidence                    :
ProvisioningState           : Succeeded
LastComplianceStateChangeAt : 1/27/2023 4:04:11 PM
AssessmentDate              :
Metadata                    :
SystemData                  :

The first command gets an existing attestation at the resource group 'ps-attestation-test-rg' with the name 'attestation-RG'.

The final command updates the expiry time of the policy attestation by the ResourceId property of the existing attestation.

Example 3: Update an attestation by input object

# Get an attestation
$attestationName = "attestation-resource"
$scope = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0"
$attestation = Get-AzPolicyAttestation -Name $attestationName -Scope $scope

# Update attestation by input object
$newOwner = "Test Owner 2"
$attestation | Set-AzPolicyAttestation -Owner $newOwner

Id                          : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/
                              microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/att
                              estation-resource
Name                        : attestation-resource
Type                        : Microsoft.PolicyInsights/attestations
PolicyAssignmentId          : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
                              nts/psattestationresourceassignment
PolicyDefinitionReferenceId :
ComplianceState             : NonCompliant
ExpiresOn                   :
Owner                       : Test Owner 2
Comment                     :
Evidence                    :
ProvisioningState           : Succeeded
LastComplianceStateChangeAt : 1/27/2023 2:38:17 AM
AssessmentDate              :
Metadata                    :
SystemData                  :

The first command gets an existing attestation with name 'attestation-resource' for the given resource using its resource id as the scope

The final command updates the owner of the policy attestation by using piping.

Parameters

-AssessmentDate

The time the evidence of an attestation was assessed.

Parameter properties

Type:	Nullable<T>[DateTime]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-Comment

Comments describing why this attestation was created.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-ComplianceState

The Compliance State of the resource. E.g. 'Compliant', 'NonCompliant', 'Unknown'

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Parameter properties

Type:	IAzureContextContainer
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	AzContext, AzureRmContext, AzureCredential

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Evidence

The evidence supporting the compliance state set in this attestation.

Parameter properties

Type:	PSAttestationEvidence[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-ExpiresOn

The time the compliance state set in the attestation should expire.

Parameter properties

Type:	Nullable<T>[DateTime]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-InputObject

The Attestation object.

Parameter properties

Type:	PSAttestation
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ByInputObject

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Metadata

Additional metadata for the attestation.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-Name

Resource name.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ByName

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-Owner

The person responsible for setting the state of the resource. This value is typically a Microsoft Entra object ID.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-PolicyAssignmentId

Policy assignment ID. E.g. '/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments/{assignmentName}'.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-PolicyDefinitionReferenceId

The policy definition reference ID of the individual definition. Required when the policy assignment assigns a policy set definition.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-ResourceGroupName

Resource group name.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ByName

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-ResourceId

Resource ID.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	Id

Parameter sets

ByResourceId

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	True
Value from remaining arguments:	False

-Scope

Scope of the resource. E.g. '/subscriptions/{subscriptionId}/resourceGroups/{rgName}'.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

ByName

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Share via

Set-AzPolicyAttestation

Syntax

ByName (Default)

ByResourceId

ByInputObject

Description

Examples

Example 1: Update an attestation by name

Example 2: Update an attestation by ResourceId

Example 3: Update an attestation by input object

Parameters

-AssessmentDate

Parameter properties

Parameter sets

-Comment

Parameter properties

Parameter sets

-ComplianceState

Parameter properties

Parameter sets

-Confirm

Parameter properties

Parameter sets

-DefaultProfile

Parameter properties

Parameter sets

-Evidence

Parameter properties

Parameter sets

-ExpiresOn

Parameter properties

Parameter sets

-InputObject

Parameter properties

Parameter sets

-Metadata

Parameter properties

Parameter sets

-Name

Parameter properties

Parameter sets

-Owner

Parameter properties

Parameter sets

-PolicyAssignmentId

Parameter properties

Parameter sets

-PolicyDefinitionReferenceId

Parameter properties

Parameter sets

-ResourceGroupName

Parameter properties

Parameter sets

-ResourceId

Parameter properties

Parameter sets

-Scope

Parameter properties

Parameter sets

-WhatIf

Parameter properties

Parameter sets

CommonParameters

Inputs

String

PSAttestation

Nullable<T>

PSAttestationEvidence

Object

Outputs

PSAttestation

Related Links

Feedback