6.7.2

Minor fix (Sandbox naming)

6.7.0

Changes (2025-May-19 / 6.7.0 Minor)

• New feature "ALZ Policy Assignments Checker" - This new view, will compare the current deployed ALZ hierarchy with the ALZ archetypes definitions and point out the missing policy assignments. It will also reference the missing policy assignments' payloads and AzAdvertizer links.
  • New switch-parameter -ALZPolicyAssignmentsChecker - Execute the ALZPolicyAssignmentsChecker feature
  • New Parameter -ALZManagementGroupsIds - Provide the Management Group Ids of the deployed ALZ hierarchy (more details: Parameters)

6.6.1

Changes (2024-November-01 / 6.6.1 Patch)

• HTML fix filters TenantSummary PolicyAssignment, ScopeInsights PolicySetAssignments
• use AzAPICall PowerShell module version 1.2.4 (Handle 'subscription not registered' /providers/Microsoft.Security/settings)

Changes (2024-October-26 / 6.6.0 Minor)

• Microsoft Defender for Cloud Coverage (Tenant Summary and CSV export). Example html:

• MicrosoftDefenderForCloudCoverage_preview
• CostOptimization add microsoft.network/privateendpoints for intent=cost savings
• extend ResourcesAll.csv output with sku and kind information
• update API reference '/subscriptions/subscriptionId/resources' use API version 2024-03-01 (previous 2023-07-01)

Changes (2024-October-9 / 6.5.5 Patch)

• introduce a new optional parameter -SubscriptionIdWhitelist, which defines the subscriptions that must match in order to be processed.

6.5.0

Changes (2024-August-15 / 6.5.0 Minor/Patch)

• ALZ policy refresh H2 FY24 (initiatives.json)
• DevSkim, PSScriptAnalyzer and OpenSSF Scorecard integration
• fixes and optimization based on DevSkim, PSScriptAnalyzer and OpenSSF Scorecard findings
• api version mapping in param block for cloud environment api version availability drift
• update GitHub workflows to use azure/login@v2 (previous: azure/login@v1):
• AzGovViz_OIDC.yml
• AzGovViz.yml
• update getConsumption (getConsumptionv2): instead of full Management Group scope costmanagement data retrieval, batch by Subscription quotaId in batches of 100. Failing batches and batches of Subscriptions of quotaId CSP_2015-05-01 (see param block variable SubscriptionQuotaIdsThatDoNotSupportCostManagementManagementGroupScopeQuery) will fallback to get costmanagement data per Subscription.
• html; update jquery; source tablefilter js
• update .devcontainer/devcontainer.json
• use AzAPICall PowerShell module version 1.2.3 (Handle costManagement error SubscriptionCostDisabled)

6.4.3

Changes (2024-Mar-19 / 6.4.3 Minor) - thanks @JanElholm

• Support for -DoAzureConsumptionPreviousMonth - Azure Consumption data should be collected/reported for the previous month

6.4.0

Changes (2024-Feb-06 / 6.4.0 Minor)

• change PowerShell parallel handling / batches
• add addition JSON outputs 'definitions_tracking' and 'assignments_tracking' (JSON filenames have no displayName included; GUIDs only)
• update ARM API-version for RBAC Role definitions. Using 2022-05-01-preview instead of 2018-11-01-preview consequently
• fix *_roleDefinitions.csv - description partially missing
• optimize array handling / best practices
• optimize getting private endpoint capable resource types / in case resource provider 'microsoft.network' is not registered, try with next available subscription instead of throwing
• use AzAPICall PowerShell module version 1.2.0
• documentation update - style guidance, links updates - kudos @ckittel

6.3.7

Changes (2024-Jan-08 / 6.3.7 Minor)

fix: Ignore ARMLocation in case not Public Cloud (AzureCloud)

6.3.6

Changes (2023-Dec-17 / 6.3.6 Minor)

• fix: processing of Service Principal names that contain special characters
• fix: RBAC reporting correct RBAC Role assignment related Policy assignment Policy definition displayName
• update ARM API-version for CostManagement. Using 2023-03-01 instead of 2019-11-01

Changes (2023-Dec-15 / 6.3.5 Minor) - thanks @kaiaschulz

• Checking if the response of the storage account properties request is a byte array (type 'byte[]') and decode it to a string
• Different handling of BOM (Byte order mark) for XML returns on storage account properties request (since Powershell version 7.4.0)
• use AzAPICall PowerShell module version 1.1.85

6.3.4

Changes (2023-Nov-13 / 6.3.4 Minor)

• introduce new parameter -ARMLocation. Define the Azure Resource Manager (ARM) location to use (default is to use westeurope; this is used to optimize the built-in Azure RBAC Role definitions tracking)
• hardening the automated AzAPICall PowerShell module installation by adding retry mechanism in case of failure (Azure DevOps/GitHub)
• tolerating more up to date AzAPICall version when executing outside of Azure DevOps/GitHub
• update ARM API-version for Resources. Using 2023-07-01 instead of 2021-04-01
• update /.azuredevops/pipelines/AzGovViz.variables.yml
  • add parameter -ARMLocation
• update README.md
  • update API reference
• use AzAPICall PowerShell module version 1.1.84

6.3.3

Changes (2023-Oct-22 / 6.3.3 Minor)

• introduce new optional parameter -AzAPICallSkipAzContextSubscriptionValidation ref
• update ARM API-version for RBAC Role definitions. Using 2022-05-01-preview instead of 2018-11-01-preview. This will show us 'conditions' example
• update /.azuredevops/pipelines/AzGovViz.variables.yml
  • add parameter -AzAPICallSkipAzContextSubscriptionValidation
  • structure AzAPICall related variables
  • Azure Active Directory becomes Microsoft Entra ID
• update README.md and setup.md
  • OIDC for Azure DevOps
  • update API reference
  • Azure Active Directory becomes Microsoft Entra ID
• use AzAPICall PowerShell module version 1.1.83