Azure Security Posture Review

Overview

This skill performs a structured security assessment of Azure environments against the CIS Microsoft Azure Foundations Benchmark v2.1.0. The benchmark is organized into nine sections covering identity management, security center, storage, database services, logging and monitoring, networking, virtual machines, Key Vault, and App Service. Each recommendation is evaluated by inspecting infrastructure-as-code definitions (Terraform, Bicep, ARM templates), Azure CLI output, or configuration files available in the repository.

The CIS Azure Foundations Benchmark v2.1.0 provides prescriptive guidance across nine domains. This skill evaluates each applicable control and produces a findings report with CIS recommendation IDs, severity ratings, and actionable remediation steps.

When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

• Reviewing Azure infrastructure-as-code before deployment
• Assessing an existing Azure environment's security posture against CIS benchmarks
• Preparing for a CIS benchmark audit or compliance assessment
• Evaluating Entra ID configurations, NSG rules, Defender for Cloud, Storage account security, or Key Vault access policies
• Onboarding a new Azure subscription into a security program