Query Details
Policy Creation
Query
//Who created a new policy against which resource group and the type of policy created AzureActivity | where ResourceProviderValue == "MICROSOFT.POLICYINSIGHTS" | where ActivitySubstatusValue == "Created" | project Caller, CallerIpAddress, ResourceGroup, Type
Explanation
This query looks for activities in Azure where a new policy was created using Policy Insights. It retrieves the information about who created the policy, their IP address, the resource group against which the policy was created, and the type of policy that was created.
Details
Rod Trent
Released: June 24, 2021
Tables
AzureActivity
Keywords
AzureActivity,ResourceProviderValue,MICROSOFT.POLICYINSIGHTS,ActivitySubstatusValue,Created,Caller,CallerIpAddress,ResourceGroup,Type
Operators
where==where==project