How To Export and Backup Azure Policy Definitions

3 Min. Read

In this article, we will share with you how to export and backup Azure Policy definitions with PowerShell.


A common theme in cloud environments is enforcing organizational standards and adopting cloud governance since day one. And this is very important since it will give you the ability to define policies, processes, and procedures. These policies then dictate what can be done and verify that what does exist is correct. A service from Microsoft called Azure Policy is a great way to make that happen and take proactive action.

Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by continuously evaluating your resources for non-compliance with assigned policies.

In this article, we will share with you a PowerShell script that will help you to export Azure Policy (custom) definitions, and then upload them to an Azure storage account for backup. This comes in handy when working and updating many policies, so you can have a backup copy to revert back if needed, and this is also helpful for auditing purposes. Please note that this approach is not perfect in any way, but I think it serves its purpose.

PowerShell script

Here is the script that will do the job for you. As a prerequisite, you need to have a storage account and one container with private access.

A script used to export and backup all Azure Policy custom definitions

A script used to get the list of all Azure Policy custom definitions in your Azure Subscription(s).
Finally, it will export the Policies into JSON files and then upload them to an Azure storage account.

Created   : 2021-01-07
Version   : 1.0
Author    : Charbel Nemnom
Twitter   : @CharbelNemnom
Blog      :
Disclaimer: This script is provided "AS IS" with no warranties.

# Define Variables
$date = Get-Date -Format "dd-MM-yyyy"
$storageAccountRG     = "rg-storage-backup"
$storageAccountName   = "storaccazpolicybackup01"
$storageContainerName = "azure-policies"

# Get Storage Account Key
$storageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $storageAccountRG -AccountName $storageAccountName).Value[0]

# Set AzStorageContext
$destinationContext = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey

# Generate SAS URI Token which is valid for 15 minutes ONLY
$containerSASURI = New-AzStorageContainerSASToken -Context $destinationContext -ExpiryTime(get-date).AddSeconds(900) -FullUri -Name $storageContainerName -Permission rw

# Export Azure Policy definitions
$policies = Get-AzPolicyDefinition | Where-Object {$_.Properties.PolicyType -eq "Custom"}
foreach ($policy in $policies) {
$ | ConvertTo-Json -Depth 12 | `
 Out-File "$($home)/clouddrive/Backup_$($$date.json"
# Backup Azure Policy to Azure Storage
 azcopy cp "$($home)/clouddrive/Backup_$($$date.json" $containerSASURI 

# Delete Azure Policies from the Azure Shell cloud drive
Remove-Item Backup* -Force

From the example above, we are performing the following steps:

  • Generate a temporary shared access signature (SAS) URI token for the container valid for 15 minutes with (Read and Write) permission.
  • Export all Azure Policy (custom) definitions as a JSON file.
  • Upload the Policies to a storage container using the AzCopy command line.
  • Finally, delete the JSON files from the cloud shell drive.

Run the script

To run the script, you need to use the Azure Cloud Shell at (, or you can use the Azure Cloud Shell Connector in Windows Terminal.

How To Export and Backup Azure Policy Definitions 1

The policies will be exported to the clouddrive path following the Policy Display name. In my example, I have 4 custom policies.

How To Export and Backup Azure Policy Definitions 2

Finally, switch to the storage account container and check the policies are uploaded as shown in the figure below.

How To Export and Backup Azure Policy Definitions 3

Please note that you can accomplish the same thing using Azure CLI, however, I prefer to use Azure PowerShell. Additionally, you can automate further and have it run on a scheduled basis.


In this article, we showed you how to export and backup Azure Policy definitions with PowerShell.

Azure Cloud Shell is so powerful, you don’t need to install Azure CLI or PowerShell modules locally on your machine to automate your tasks.

This is version 1.0 of this tool, do you want additional features? Please feel free to leave a comment below.

Hope this helps!

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Related Posts


Export All NSG Rules from All Azure Subscriptions with PowerShell

Sync Between Azure File Share and Azure Blob Container


Let me know what you think, or ask a question...

The content of this website is copyrighted from being plagiarized!

You can copy from the 'Code Blocks' in 'Black' by selecting the Code.

Please send your feedback to the author using this form for any 'Code' you like.

Thank you for visiting!