Stats

Actions

Tags

Help us improve

Share bugs, ideas, or general feedback.

azure-compliance | azure

Skill

azure-compliance

From azure

Runs Azure compliance audits with azqr and Key Vault expiration checks for secrets, keys, certificates. Detects misconfigurations, orphaned resources, and security issues.

$

npx claudepluginhub attentiondotnet/azure-skills

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/azure:azure-compliance

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

| Property | Details |

Supporting Files

references/auth-best-practices.mdreferences/azqr-recommendations.mdreferences/azqr-remediation-patterns.mdreferences/azure-keyvault-expiration-audit.mdreferences/azure-quick-review.mdreferences/azure-resource-graph.mdreferences/sdk/azure-keyvault-certificates-rust.mdreferences/sdk/azure-keyvault-keys-rust.mdreferences/sdk/azure-keyvault-keys-ts.mdreferences/sdk/azure-keyvault-py.mdreferences/sdk/azure-keyvault-secrets-rust.mdreferences/sdk/azure-keyvault-secrets-ts.mdreferences/sdk/azure-security-keyvault-keys-dotnet.mdreferences/sdk/azure-security-keyvault-keys-java.mdreferences/sdk/azure-security-keyvault-secrets-java.md

SKILL.md

109 lines · ~1.2k tokens

Similar Skills

azure-compliance

1.2k

Runs Azure compliance scans with azqr and audits Key Vault keys, secrets, and certificates for expiration. Use before resource reviews or security posture checks.

15 files

azure-security-posture-hardening

16

Reviews Azure security posture, baseline hardening, managed identity adoption, Key Vault posture, private access decisions, Policy guardrails, and logging/audit gap analysis. Useful when hardening workloads without defaulting to broad access or public exposure.

6 files3 tools

vanguard-frontier-agentic

detecting-misconfigured-azure-storage

23

Detects misconfigured Azure Storage accounts including public blob containers, missing encryption, permissive SAS tokens, disabled logging, and network violations using Azure CLI, PowerShell, and Defender for Storage. For security audits and compliance.

Stats

LanguageBicep

Stars0

MaintenanceExcellent

Last CommitApr 10, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

azure-compliance

expiration-audit

security-posture

compliance-scan

Help us improve

Share bugs, ideas, or general feedback.

Azure Compliance & Security Auditing

Quick Reference

Property	Details
Best for	Compliance scans, security audits, Key Vault expiration checks
Primary capabilities	Comprehensive Resources Assessment, Key Vault Expiration Monitoring
MCP tools	azqr, subscription and resource group listing, Key Vault item inspection

When to Use This Skill

Run azqr or Azure Quick Review for compliance assessment
Validate Azure resource configuration against best practices
Identify orphaned or misconfigured resources
Audit Key Vault keys, secrets, and certificates for expiration

Skill Activation Triggers

Activate this skill when user wants to:

Check Azure compliance or best practices
Assess Azure resources for configuration issues
Run azqr or Azure Quick Review
Identify orphaned or misconfigured resources
Review Azure security posture
"Show me expired certificates/keys/secrets in my Key Vault"
"Check what's expiring in the next 30 days"
"Audit my Key Vault for compliance"
"Find secrets without expiration dates"
"Check certificate expiration dates"

Prerequisites

Authentication: user is logged in to Azure via az login
Permissions to read resource configuration and Key Vault metadata

Assessments

Assessment	Reference
Comprehensive Compliance (azqr)	references/azure-quick-review.md
Key Vault Expiration	references/azure-keyvault-expiration-audit.md
Resource Graph Queries	references/azure-resource-graph.md

MCP Tools

Tool	Purpose
`mcp_azure_mcp_extension_azqr`	Run azqr compliance scans
`mcp_azure_mcp_subscription_list`	List available subscriptions
`mcp_azure_mcp_group_list`	List resource groups
`keyvault_key_list`	List all keys in vault
`keyvault_key_get`	Get key details including expiration
`keyvault_secret_list`	List all secrets in vault
`keyvault_secret_get`	Get secret details including expiration
`keyvault_certificate_list`	List all certificates in vault
`keyvault_certificate_get`	Get certificate details including expiration

Assessment Workflow

Select scope (subscription or resource group) for Comprehensive Resources Assessment.
Run azqr and capture output artifacts.
Analyze Scan Results and summarize findings and recommendations.
Review Key Vault Expiration Monitoring output for keys, secrets, and certificates.
Classify issues and propose remediation or fix steps for each finding.

Priority Classification

Priority	Guidance
Critical	Immediate remediation required for high-impact exposure
High	Resolve within days to reduce risk
Medium	Plan a resolution in the next sprint
Low	Track and fix during regular maintenance

Error Handling

Error	Message	Remediation
Authentication required	"Please login"	Run `az login` and retry
Access denied	"Forbidden"	Confirm permissions and fix role assignments
Missing resource	"Not found"	Verify subscription and resource group selection

Best Practices

Run compliance scans on a regular schedule (weekly or monthly)
Track findings over time and verify remediation effectiveness
Separate compliance reporting from remediation execution
Keep Key Vault expiration policies documented and enforced

SDK Quick References

For programmatic Key Vault access, see the condensed SDK guides:

Key Vault (Python): Secrets/Keys/Certs
Secrets: TypeScript | Rust | Java
Keys: .NET | Java | TypeScript | Rust
Certificates: Rust