Not able to list polices on management group

[murarisumit]

Describe the bug
Not able to list polices on management group.

az policy assignment list \
--disable-scope-strict-match \
--scope "/providers/Microsoft.Management/managementGroups/my-mg-group" 
--query [].name

To Reproduce

Steps to reproduce the behavior.

1. Create a policy

 az policy definition create \
   --management-group my-mg-group
   --name 'sumit-enforce-nsg-on-subnett' \
   --display-name 'Sumit- NSG X on every subnet' \
   --description 'This policy enforces a specific NSG on every subnet' \
   --rules <azurepolicy.rules.json> \
   --params <azurepolicy.parameters.json> \
   --mode All 

2. Assign the policy to management group.

az policy assignment create \
  --name "Force nsg in subnet" \
  --scope "/providers/Microsoft.Management/managementGroups/my-mg-group" \
  --policy "/providers/Microsoft.Management/managementgroups/my-mg-group/providers/Microsoft.Authorization/policyDefinitions/sumit-enforce-nsg-on-subnett" \
  -p '{"nsgId": { "value":"sumit-test-vm-nsg"}}'

below command should work, but not working for me.

az policy assignment list \
--disable-scope-strict-match \
--scope "/providers/Microsoft.Management/managementGroups/my-mg-group" 
--query [].name

Expected behavior
I should be able to list the assigned polices in management group

Environment summary

Install : pip
CLI version: azure-cli 2.0.60 *
OS version: macOS Mojave 10.14.4
Shell type: bash

Additional context
Add any other context about the problem here.

[achandmsft]

Hi Sumit (@murarisumit) ,
Thanks a lot for your bug report! Could you please send us what error you are getting when you try to list the assigned policies?

Thanks,
Arun Chandrasekhar
Principal Program Manager
Azure Management Experience

[murarisumit]

Sorry for late reply, but when I just went into scope without --disable-scope-strict-match flag. I am getting empty list.

When trying with --disable-scope-strict-match flag, I am getting policies from different scope, but still not the policy that I'm able to view in azure UI portal and created by using az policy assignment create command.

[yonzhan]

add to S164.

[zhoxing-ms]

We are already upgrading this issue, you can work around it for a while in this way:
az rest --method get --uri "https://management.azure.com/providers/Microsoft.Management/managementGroups/{managementGroups}/providers/Microsoft.Authorization/policyAssignments?api-version=2019-09-01&$filter=atScope()"

[zhoxing-ms]

@pilor Please pay attention to this issue. After upgrading the Service and SDK, please let us know. Thanks