Read-Only Access to Policy Definition and Compliance Reports – fast manual

Create a Custom Role definition file e.g.:

notepad $env:TMP\PolicyReader.json


“Name”: “Policy Reader”,
“Id”: “0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8”,
“IsCustom”: true,
“Description”: “Policy Reader.”,
“Actions”: [
“NotActions”: [

“DataActions”: [

“NotDataActions”: [

“AssignableScopes”: [

Using PowerShell:

Select-AzSubscription -SubscriptionId x-x-x-x-xxx
New-AzRoleDefinition -InputFile $env:TMP\PolicyReader.json
Get-AzRoleDefinition | ? {$_.IsCustom -eq $true} | FT Name, IsCustom

Unfortunately, you must do it for each subscription.

You can also use Security Reader role that allows you to access to workspaces and support –

This is fast outline – to understand what you are doing please visit: