Get-AzPolicyAttestation
Gets policy attestations.
Syntax
ListBySubscriptionId (Default)
Get-AzPolicyAttestation
[-SubscriptionId <String[]>]
[-Filter <String>]
[-Top <Int32>]
[-DefaultProfile <PSObject>]
[<CommonParameters>]
ListByResourceGroup
Get-AzPolicyAttestation
-ResourceGroupName <String>
[-SubscriptionId <String[]>]
[-Filter <String>]
[-Top <Int32>]
[-DefaultProfile <PSObject>]
[<CommonParameters>]
GetBySubscriptionId
Get-AzPolicyAttestation
-Name <String>
[-SubscriptionId <String[]>]
[-DefaultProfile <PSObject>]
[<CommonParameters>]
GetByResourceGroup
Get-AzPolicyAttestation
-Name <String>
-ResourceGroupName <String>
[-SubscriptionId <String[]>]
[-DefaultProfile <PSObject>]
[<CommonParameters>]
GetOrListByResourceId
Get-AzPolicyAttestation
-ResourceId <String>
[-Name <String>]
[-Filter <String>]
[-Top <Int32>]
[-DefaultProfile <PSObject>]
[<CommonParameters>]
GetByScope
Get-AzPolicyAttestation
-Name <String>
-Scope <String>
[-DefaultProfile <PSObject>]
[<CommonParameters>]
ScopeList
Get-AzPolicyAttestation
-Scope <String>
[-Filter <String>]
[-Top <Int32>]
[-DefaultProfile <PSObject>]
[<CommonParameters>]
GetViaIdentity
Get-AzPolicyAttestation
-InputObject <IPolicyInsightsIdentity>
[-DefaultProfile <PSObject>]
[<CommonParameters>]
Description
The Get-AzPolicyAttestation cmdlet gets all policy attestations in a scope or a particular attestation.
Examples
Example 1: Get all policy attestations in the current subscription
Get-AzPolicyAttestation | fl
AssessmentDate :
Comment :
ComplianceState : Compliant
Evidence :
ExpiresOn :
Id : /subscriptions/e5a130f3-57fd-46b6-9c55-03d21a853935/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rgscope-crud
LastComplianceStateChangeAt : 3/26/2026 9:28:05 PM
Metadata : {
}
Name : Attestation-RGScope-Crud
Owner :
PolicyAssignmentId : /subscriptions/e5a130f3-57fd-46b6-9c55-03d21a853935/providers/microsoft.authorization/policyassignments/psattestationrgassignment
PolicyDefinitionReferenceId :
ProvisioningState : Succeeded
ResourceGroupName : ps-attestation-test-rg
SystemDataCreatedAt : 3/26/2026 9:28:05 PM
SystemDataCreatedBy : username@microsoft.com
SystemDataCreatedByType : User
SystemDataLastModifiedAt : 3/26/2026 9:28:05 PM
SystemDataLastModifiedBy : username@microsoft.com
SystemDataLastModifiedByType : User
Type : Microsoft.PolicyInsights/attestations
AssessmentDate :
Comment :
ComplianceState : Compliant
Evidence :
ExpiresOn :
Id : /subscriptions/e5a130f3-57fd-46b6-9c55-03d21a853935/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyins
ights/attestations/attestation-resourcescope-crud
LastComplianceStateChangeAt : 3/26/2026 9:28:50 PM
Metadata : {
}
Name : Attestation-ResourceScope-Crud
Owner :
PolicyAssignmentId : /subscriptions/e5a130f3-57fd-46b6-9c55-03d21a853935/providers/microsoft.authorization/policyassignments/psattestationresourceassignment
PolicyDefinitionReferenceId :
ProvisioningState : Succeeded
ResourceGroupName : ps-attestation-test-rg
SystemDataCreatedAt : 3/26/2026 9:28:50 PM
SystemDataCreatedBy : username@microsoft.com
SystemDataCreatedByType : User
SystemDataLastModifiedAt : 3/26/2026 9:28:50 PM
SystemDataLastModifiedBy : username@microsoft.com
SystemDataLastModifiedByType : User
Type : Microsoft.PolicyInsights/attestations
AssessmentDate :
Comment :
ComplianceState : Compliant
Evidence :
ExpiresOn :
Id : /subscriptions/e5a130f3-57fd-46b6-9c55-03d21a853935/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud
LastComplianceStateChangeAt : 3/26/2026 9:01:05 PM
Metadata : {
}
Name : Attestation-SubscriptionScope-Crud
Owner :
PolicyAssignmentId : /subscriptions/e5a130f3-57fd-46b6-9c55-03d21a853935/providers/microsoft.authorization/policyassignments/psattestationsubassignment
PolicyDefinitionReferenceId :
ProvisioningState : Succeeded
ResourceGroupName :
SystemDataCreatedAt : 3/26/2026 9:01:05 PM
SystemDataCreatedBy : username@microsoft.com
SystemDataCreatedByType : User
SystemDataLastModifiedAt : 3/26/2026 9:01:05 PM
SystemDataLastModifiedBy : username@microsoft.com
SystemDataLastModifiedByType : User
Type : Microsoft.PolicyInsights/attestations
This command gets all the attestations created at or underneath the subscription of the current context.
Example 2: Get a specific policy attestation
Get-AzPolicyAttestation -ResourceGroupName "ps-attestation-test-rg" -Name "Attestation-RGScope-Crud"
AssessmentDate :
Comment :
ComplianceState : Compliant
Evidence :
ExpiresOn :
Id : /subscriptions/e5a130f3-57fd-46b6-9c55-03d21a853935/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rgscope-crud
LastComplianceStateChangeAt : 3/26/2026 9:28:05 PM
Metadata : {
}
Name : Attestation-RGScope-Crud
Owner :
PolicyAssignmentId : /subscriptions/e5a130f3-57fd-46b6-9c55-03d21a853935/providers/microsoft.authorization/policyassignments/psattestationrgassignment
PolicyDefinitionReferenceId :
ProvisioningState : Succeeded
ResourceGroupName : ps-attestation-test-rg
SystemDataCreatedAt : 3/26/2026 9:28:05 PM
SystemDataCreatedBy : username@microsoft.com
SystemDataCreatedByType : User
SystemDataLastModifiedAt : 3/26/2026 9:28:05 PM
SystemDataLastModifiedBy : username@microsoft.com
SystemDataLastModifiedByType : User
Type : Microsoft.PolicyInsights/attestations
This command gets the attestation named 'Attestation-RGScope-Crud' at the resource group 'ps-attestation-test-rg'.
Example 3: Get 5 policy attestations in a subscription with optional filters
Get-AzPolicyAttestation -Top 5 -Filter "PolicyAssignmentId eq '/subscriptions/e5a130f3-57fd-46b6-9c55-03d21a853935/providers/microsoft.authorization/policyassignments/PSAttestationResourceAssignment'"
AssessmentDate :
Comment :
ComplianceState : Compliant
Evidence :
ExpiresOn :
Id : /subscriptions/e5a130f3-57fd-46b6-9c55-03d21a853935/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyins
ights/attestations/attestation-resourcescope-crud
LastComplianceStateChangeAt : 3/26/2026 9:28:50 PM
Metadata : {
}
Name : Attestation-ResourceScope-Crud
Owner :
PolicyAssignmentId : /subscriptions/e5a130f3-57fd-46b6-9c55-03d21a853935/providers/microsoft.authorization/policyassignments/psattestationresourceassignment
PolicyDefinitionReferenceId :
ProvisioningState : Succeeded
ResourceGroupName : ps-attestation-test-rg
SystemDataCreatedAt : 3/26/2026 9:28:50 PM
SystemDataCreatedBy : username@microsoft.com
SystemDataCreatedByType : User
SystemDataLastModifiedAt : 3/26/2026 9:28:50 PM
SystemDataLastModifiedBy : username@microsoft.com
SystemDataLastModifiedByType : User
Type : Microsoft.PolicyInsights/attestations
This command gets a max of 5 policy attestations underneath the current context's subscription.
Only policy attestations for the given policy assignment will be retrieved.
Parameters
-DefaultProfile
The DefaultProfile parameter is not functional.
Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Parameter properties
Type: PSObject
Default value: None Supports wildcards: False DontShow: False Aliases: AzureRMContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Filter
Filter expression using OData notation.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ListBySubscriptionId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ListByResourceGroup
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
GetOrListByResourceId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ScopeList
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Identity Parameter
Type: Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.Models.IPolicyInsightsIdentity
Default value: None Supports wildcards: False DontShow: False
GetViaIdentity
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-Name
The name of the attestation.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: AttestationName
Parameter sets
GetBySubscriptionId
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
GetByResourceGroup
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
GetByScope
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
The name of the resource group.
The name is case insensitive.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ListByResourceGroup
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
GetByResourceGroup
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceId
ID of the resource that an attestation or attestations were made against or an ID of an attestation.
Cmdlet will return a single attestation if this is an ID of an attestation or will return a list of attestations if this is a resource ID that attestations were made against.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
GetOrListByResourceId
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Scope
Scope of the resource.
E.g.
'subscriptions/{subscriptionId}/resourceGroups/{rgName}'.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
GetByScope
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ScopeList
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SubscriptionId
The ID of the target subscription.
Uses current subscription if one isn't provided.
Parameter properties
Type: String [ ]
Default value: (Get-AzContext).Subscription.Id Supports wildcards: False DontShow: False
Parameter sets
ListBySubscriptionId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ListByResourceGroup
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
GetBySubscriptionId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
GetByResourceGroup
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Top
Maximum number of records to return.
If not provided, the maximum number of records returned is determined by the Azure Policy service (currently 1000).
Parameter properties
Type: Int32
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ListBySubscriptionId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ListByResourceGroup
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
GetOrListByResourceId
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ScopeList
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.Models.IPolicyInsightsIdentity
Outputs
Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.Models.IAttestation
