Skills azure-compliance
🛡️

azure-compliance

Safe ⚙️ External commands🌐 Network access

Azure Compliance Scanner

This skill helps security teams audit Azure resources for compliance violations, monitor Key Vault expiration dates, and implement remediation best practices using official Microsoft tooling.

Supports: Claude Codex Code(CC)
🥈 77 Silver
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "azure-compliance". Run azqr compliance scan on my subscription

Expected outcome:

Compliance Scan Results:

Critical (3):
- Storage accounts with public access enabled
- Key Vaults without purge protection
- SQL servers without firewall rules

High (7):
- Web apps without HTTPS
- Function apps using legacy runtime
- Load balancers without availability zones

Medium (12):
- Storage accounts with weak encryption
- VMs without managed identities
- Containers without private registries

Using "azure-compliance". Show expiring Key Vault items

Expected outcome:

Key Vault Expiration Report:

Expiring in 7 days:
- Certificate: ssl-cert-prod (expires: Feb 28, 2026)
- Secret: db-password-main (expires: Mar 1, 2026)

Expiring in 30 days:
- Key: encryption-key-backup (expires: Mar 15, 2026)
- Certificate: client-auth-cert (expires: Mar 20, 2026)

Security Audit

Safe
v1 • 2/21/2026

This is an official Microsoft Azure compliance documentation skill. Static findings flagged Azure CLI commands in markdown documentation, reference URLs to Azure documentation, and mentions of deprecated protocols - all are legitimate compliance content. The skill provides remediation patterns, SDK references, and best practices for Azure compliance. No malicious intent detected.

15
Files scanned
1,306
Lines analyzed
2
findings
1
Total audits

Risk Factors

⚙️ External commands
No specific locations recorded
🌐 Network access
No specific locations recorded
Audited by: claude

Quality Score

50
Architecture
100
Maintainability
87
Content
50
Community
100
Security
91
Spec Compliance

What You Can Build

Security Teams Running Periodic Audits

Security teams use this skill to perform scheduled compliance audits across Azure subscriptions, identifying misconfigurations and expired certificates.

DevOps Validating Resource Configurations

DevOps engineers validate that newly deployed resources meet organizational compliance policies before production deployment.

Cloud Administrators Monitoring Key Vault

Cloud administrators monitor Key Vault to prevent service disruptions from expired certificates, secrets, and keys.

Try These Prompts

Run Full Compliance Scan 
Run azqr compliance scan on my Azure subscription and summarize the findings by severity
Check Key Vault Expirations 
Show me all expired and expiring (within 30 days) keys, secrets, and certificates in my Key Vault
Find Specific Compliance Issue 
Find all storage accounts without private endpoints and show me the remediation steps
Generate Compliance Report 
Generate a comprehensive compliance report for my subscription including all critical and high findings with remediation recommendations

Best Practices

  • Run compliance scans on a regular schedule (weekly or monthly) to track trends over time
  • Separate compliance reporting from remediation execution to maintain audit trails
  • Use priority classifications to focus remediation efforts on critical and high findings first

Avoid

  • Do not use this skill for deploying resources - it is read-only compliance assessment
  • Avoid running scans on production subscriptions during business hours without scheduling
  • Do not ignore medium and low findings - they often become critical over time

Frequently Asked Questions

What is azqr?
azqr (Azure Quick Review) is a Microsoft tool that scans Azure resources for compliance against best practices. It identifies configuration issues and provides remediation recommendations.
Does this skill modify my Azure resources?
No, this skill only reads and analyzes your Azure resources. It does not modify, deploy, or delete any resources. Remediation commands are provided as documentation for you to execute separately.
What permissions do I need to run scans?
You need Azure Reader role or equivalent permissions to run compliance scans. For Key Vault expiration monitoring, you need Key Vault Reader permissions.
How often should I run compliance scans?
Microsoft recommends running compliance scans weekly for active environments and at least monthly for stable environments. Run additional scans after major deployments.
Can I integrate this with CI/CD pipelines?
Yes, you can integrate azqr scans into CI/CD pipelines. The skill provides the commands and documentation for automated compliance checking in deployment workflows.
What is the difference between this and Azure Advisor?
Azure Advisor provides personalized recommendations, while azqr provides comprehensive compliance scanning against security benchmarks. This skill combines both approaches for thorough assessment.

Developer Details

Author

microsoft

License

MIT

Repository

https://github.com/microsoft/github-copilot-for-azure/tree/main/plugin/skills/azure-compliance/

Ref

main

File structure

📁 references/

📁 sdk/

📄 azure-keyvault-certificates-rust.md

📄 azure-keyvault-keys-rust.md

📄 azure-keyvault-keys-ts.md

📄 azure-keyvault-py.md

📄 azure-keyvault-secrets-rust.md

📄 azure-keyvault-secrets-ts.md

📄 azure-security-keyvault-keys-dotnet.md

📄 azure-security-keyvault-keys-java.md

📄 azure-security-keyvault-secrets-java.md

📄 azqr-recommendations.md

📄 azqr-remediation-patterns.md

📄 azure-keyvault-expiration-audit.md

📄 azure-quick-review.md

📄 azure-resource-graph.md

📄 SKILL.md