This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 61%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
I have create simple Azure custom policy to check tags is exist or not, and assigned it to subscription level. It is showing the non compliances resources and resource group on policy blade as expected. But when I check on activity log, it is not listing any log for operation policy audit check.
Also, I have send activity logs into Log analytic but no luck.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Kiran Kolte Welcome to Microsoft Q & A Community Forum. Resources are evaluated at specific times during the resource lifecycle, the policy assignment lifecycle, and for regular ongoing compliance evaluation(learn more). Only when evaluated, the respective activity will be logged accordingly. Can you please execute below Kusto query in your log analytics workspace by increasing time range and check if there are any logs available ?
AzureActivity
| where Category == "Policy"
@Kiran Kolte Did you get chance to look into my previous comment? Kindly revert if you need further assistance.
Thanks @SwathiDhanwada-MSFT for quick response. I have gone through comments but still no luck.
If you see below screen short 1, policy evaluation has been done and 5 resource groups are non-compliance with define policy. As per my understanding the expecting behavior here is the same log should be visible in 2nd and 3rd screenshot
But event log is not visible in the activity log and log analytics.
@Kiran Kolte As requested in private message to you, I recommend engaging our technical support team to investigate further. Please file a support case using these steps. Kindly revert if you have further questions.
@SwathiDhanwada-MSFT Thanks. I have fill the support request for the same.
Thanks @Kiran Kolte for sharing support case number. Sharing the resolution for the benefit of broader community.
AzureActivity command which is stored in the AzureActivity table, follows the instructions from this documentation. Microsoft Technical Support team noticed that when the Resource Group becomes non-complaint it does not log in the Activity Log. This happens because there are two types of operations that occurs in policies, Greenfield operations, and Brown field operations.
However, if you want to get non-complaint resources in your portal, you can use Azure Resource Graph. Azure Resource Graph will help you query your resources which includes compliance states and display the results for you. You can go a step further and query the number of non-complaint policies, create a chart out of them and pin to your dashboard; this documentation explains how this is possible.
To perform a count query for a particular policy, for example the "Audit Resource Group for resource expiry date" to get the non-complaint policies kindly use this query below
policyresources
| where properties['policyDefinitionName'] == "INSERT_VALUE_HERE"
| where properties['complianceState'] == "NonCompliant"
| summarize count() by tostring(properties.complianceState)