Infrastructure & Policy Widgets

Three widgets cover what is running in your tenant and how it is governed: Infrastructure Overview, Policy Assignments, and Policy Compliance. They share the layout described in Shared Widget Behavior, this page covers the metric cards, click destinations, and per-widget defaults.

Assignments vs. Compliance

Policy Assignments shows what is assigned (the inputs to Azure's policy engine). Policy Compliance shows the resulting evaluation state (the outputs). They reflect the assignment and state sides of the same Azure feature.

Infrastructure Overview

Total counts for management groups, subscriptions, resource groups, and resources discovered in the latest scan. The external-link icon on the title opens the Explorer. Requires the Data Read permission.

These metric cards are informational only, not clickable. Use the external-link icon on the title to drill into the Explorer.

Recent Changes

Time-window dropdown defaults to 3 days, with options 1 day, 3 days, 7 days, 14 days, and 31 days. Click any row to open the Changes page with both scans pre-selected.

Policy Assignments

Counts of policy and initiative assignments at the latest scan, broken out by type and enforcement state. The external-link icon on the title opens Policy Assignments. Requires the Policy Read permission.

Five metric cards count assignments by type and enforcement state, plus active exemptions:

Policies: Assignments of single policy definitions.
Initiatives: Assignments of policy sets.
Enforced: Assignments with enforcement enabled.
Not Enforced: Audit-only assignments.
Exemptions: Active policy exemptions.

Click any card to open Policy Assignments filtered to that type or state.

Recent Changes

Same dropdown defaults as Infrastructure Overview. Click a row to open Policy Assignment Changes with both scans pre-selected.

Policy Compliance

Per-resource compliance state at the latest scan. The external-link icon on the title opens Policy Compliance. Requires the Policy Read permission.

Five metric cards count resources by their current compliance state:

Compliant: Resources currently compliant.
Non-Compliant: Resources flagged non-compliant.
Exempt: Resources exempted from policy evaluation.
Conflict: Resources where two assignments yield conflicting evaluation results.
Unknown: Resources Azure could not evaluate.

Click any card to open Policy Compliance filtered to that state.

Recent Changes

Same dropdown defaults. Click a row to open Policy Compliance Changes with both scans pre-selected.

Shared Behavior

Default time window: 3 days across all three widgets.
Scope filter integration. If you have narrowed the global view filter to a single subscription, counts and changes reflect that scope only.
Compliance counts include only resources Azure has actually evaluated. Newly created resources may briefly appear under Unknown until Azure runs evaluation against them.

Troubleshooting

Infrastructure Overview shows 0 management groups

Answer

Some tenants have no custom management groups beyond the implicit Tenant Root Group. The Tenant Root Group is included if it is discovered. If the count is zero, the most likely cause is that the latest scan failed to read management-group data, check Scan History for warnings.

My Policy Compliance Conflict count is non-zero, what do I do?

Answer

Click the Conflict card to drill into Policy Compliance filtered to conflicts. The detail page shows which two assignments are conflicting on each resource so you can resolve the conflict at its source.

Recent Changes is empty even though I added a policy yesterday

Answer

The widget only shows scans where the count moved between two scans. If only one scan has run since your change, there is no prior scan to compare against. The next scan will produce a comparable pair, and the change will appear.

← Previous: Security Widgets Next: Cost Widgets →