Azure Compliance

Name: Azure Compliance
Author: microsoft

microsoft/azure-skills·MIT

Run Azure best-practice and compliance scans with azqr and audit Key Vault keys, secrets, and certificates before or after shipping workloads.

Overview

Azure Compliance is an agent skill most often used in Ship (also Operate) that runs azqr-based best-practice scans and Key Vault expiration audits on Azure resources.

Install

npx skills add https://github.com/microsoft/azure-skills --skill azure-compliance

What is this skill?

Runs azqr (Azure Quick Review) for comprehensive resource configuration assessment
Audits Key Vault keys, secrets, and certificates for expiration and upcoming expiry
Uses MCP tools for subscriptions, resource groups, and Key Vault item inspection
Surfaces orphaned or misconfigured resources as part of posture review
Activation triggers cover compliance scan, security audit, and best-practices language
Primary capabilities: comprehensive resources assessment and Key Vault expiration monitoring
MCP-integrated azqr and Key Vault inspection workflow

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 373k installs on skills.sh; 1.2k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You need to know whether Azure resources and Key Vault material meet best practices and which certificates or secrets are expired or about to expire—without a manual audit checklist.

Who is it for?

Indie SaaS on Azure who want a repeatable compliance scan and Key Vault expiry review before launch or during production hygiene.

Skip if: Deploying fixes automatically (use azure-deploy), pure resource inventory without audit framing (use azure-resource-lookup), or non-Azure environments.

When should I use this skill?

User asks for Azure compliance scan, security audit, azqr, best practices, Key Vault expiration, or orphaned/misconfigured resource review.

What do I get? / Deliverables

You get a compliance-oriented assessment via azqr plus Key Vault expiration visibility so you can prioritize fixes before or after release.

azqr assessment summary
Key Vault expiry report
Misconfiguration and orphan findings for remediation

Recommended Skills

Openclaw Secure Linux Cloudxixu-me/skills

Deploy OpenClaw on a hardened Linux cloud VPS with rootless Podman and SSH-tunneled control UI access.201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

Provision Microsoft Entra Agent Identity blueprints and per-instance agent principals, then configure OAuth fmi_path and…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Red-team Firestore security rules after edits so solo builders catch update bypasses and authority bugs before productio…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Red-team Firestore security rules after edits so create/update gaps, authority spoofing, and abuse paths get caught befo…20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Run a conservative, manual-first security checklist on OpenClaw SKILL.md packages before installing from ClawHub, GitHub…19.2k installs·62 stars

Gws Modelarmorgoogleworkspace/cli

Wire Google Model Armor into your agent or SaaS so prompts and model outputs are sanitized through named templates befor…15.2k installs·26.9k stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Compliance and security auditing are canonical on the Ship shelf because they validate configuration and posture before and around production release. Security subphase fits azqr assessments, policy-style validation, orphaned/misconfigured resource review, and Key Vault expiration monitoring.

Also useful

OperateInfrastructure & cost

Also useful

ValidateScope & plan

Where it fits

Example use

ShipSecurity

Run azqr on a staging subscription the week before turning on paid traffic.

Example use

OperateInfrastructure & cost

Monthly Key Vault expiration pass to renew certificates before automation breaks.

Example use

ValidateScope & plan

Quick posture check on a proof-of-concept resource group before committing to full build-out.

How it compares

Checker and audit workflow around azqr and Key Vault—not a resource lister or deployment skill.

Common Questions / FAQ

Who is azure-compliance for?

Solo builders and small teams shipping on Azure who need best-practice validation, security posture review, and Key Vault expiration monitoring through agent-guided steps.

When should I use azure-compliance?

Use it in Ship before release to run azqr, validate policy-style configuration, and check Key Vault expiry; in Operate during security hygiene or after incidents; and in Validate when a prototype needs a quick posture baseline before committing to production shape.

Is azure-compliance safe to install?

It guides audits that read Azure configuration and Key Vault metadata via your credentials and tools like azqr. Review the Security Audits panel on this page and run scans in non-production first when possible.

Workflow Chain

Then invoke: azure resource lookup

SKILL.md

READMESKILL.md - Azure Compliance

# Azure Compliance & Security Auditing

## Quick Reference

| Property | Details |
|---|---|
| Best for | Compliance scans, security audits, Key Vault expiration checks |
| Primary capabilities | Comprehensive Resources Assessment, Key Vault Expiration Monitoring |
| MCP tools | azqr, subscription and resource group listing, Key Vault item inspection |

## When to Use This Skill

- Run azqr or Azure Quick Review for compliance assessment
- Validate Azure resource configuration against best practices
- Identify orphaned or misconfigured resources
- Audit Key Vault keys, secrets, and certificates for expiration

## Skill Activation Triggers

Activate this skill when user wants to:
- Check Azure compliance or best practices
- Assess Azure resources for configuration issues
- Run azqr or Azure Quick Review
- Identify orphaned or misconfigured resources
- Review Azure security posture
- "Show me expired certificates/keys/secrets in my Key Vault"
- "Check what's expiring in the next 30 days"
- "Audit my Key Vault for compliance"
- "Find secrets without expiration dates"
- "Check certificate expiration dates"

## Prerequisites

- Authentication: user is logged in to Azure via `az login`
- Permissions to read resource configuration and Key Vault metadata

## Assessments

| Assessment | Reference |
|------------|-----------|
| Comprehensive Compliance (azqr) | [references/azure-quick-review.md](references/azure-quick-review.md) |
| Key Vault Expiration | [references/azure-keyvault-expiration-audit.md](references/azure-keyvault-expiration-audit.md) |
| Resource Graph Queries | [references/azure-resource-graph.md](references/azure-resource-graph.md) |

## MCP Tools

| Tool | Purpose |
|------|---------|
| `mcp_azure_mcp_extension_azqr` | Run azqr compliance scans |
| `mcp_azure_mcp_subscription_list` | List available subscriptions |
| `mcp_azure_mcp_group_list` | List resource groups |
| `keyvault_key_list` | List all keys in vault |
| `keyvault_key_get` | Get key details including expiration |
| `keyvault_secret_list` | List all secrets in vault |
| `keyvault_secret_get` | Get secret details including expiration |
| `keyvault_certificate_list` | List all certificates in vault |
| `keyvault_certificate_get` | Get certificate details including expiration |

## Assessment Workflow

1. Select scope (subscription or resource group) for Comprehensive Resources Assessment.
2. Run azqr and capture output artifacts.
3. Analyze Scan Results and summarize findings and recommendations.
4. Review Key Vault Expiration Monitoring output for keys, secrets, and certificates.
5. Classify issues and propose remediation or fix steps for each finding.

### Priority Classification

| Priority | Guidance |
|---|---|
| Critical | Immediate remediation required for high-impact exposure |
| High | Resolve within days to reduce risk |
| Medium | Plan a resolution in the next sprint |
| Low | Track and fix during regular maintenance |

## Error Handling

| Error | Message | Remediation |
|---|---|---|
| Authentication required | "Please login" | Run `az login` and retry |
| Access denied | "Forbidden" | Confirm permissions and fix role assignments |
| Missing resource | "Not found" | Verify subscription and resource group selection |

## Best Practices

- Run compliance scans on a regular schedule (weekly or monthly)
- Track findings over time and verify remediation effectiveness
- Separate compliance reporting from remediation execution
- Keep Key Vault e

What is this skill?

Runs azqr (Azure Quick Review) for comprehensive resource configuration assessment

Audits Key Vault keys, secrets, and certificates for expiration and upcoming expiry

Uses MCP tools for subscriptions, resource groups, and Key Vault item inspection

Surfaces orphaned or misconfigured resources as part of posture review

Activation triggers cover compliance scan, security audit, and best-practices language

Primary capabilities: comprehensive resources assessment and Key Vault expiration monitoring

MCP-integrated azqr and Key Vault inspection workflow

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 373k installs on skills.sh; 1.2k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

OperateInfrastructure & cost

Also useful

ValidateScope & plan

Where it fits

Example use

ShipSecurity

Run azqr on a staging subscription the week before turning on paid traffic.

Example use

OperateInfrastructure & cost

Monthly Key Vault expiration pass to renew certificates before automation breaks.

Example use

ValidateScope & plan

Quick posture check on a proof-of-concept resource group before committing to full build-out.

SKILL.md

READMESKILL.md - Azure Compliance

# Azure Compliance & Security Auditing

## Quick Reference

| Property | Details |
|---|---|
| Best for | Compliance scans, security audits, Key Vault expiration checks |
| Primary capabilities | Comprehensive Resources Assessment, Key Vault Expiration Monitoring |
| MCP tools | azqr, subscription and resource group listing, Key Vault item inspection |

## When to Use This Skill

- Run azqr or Azure Quick Review for compliance assessment
- Validate Azure resource configuration against best practices
- Identify orphaned or misconfigured resources
- Audit Key Vault keys, secrets, and certificates for expiration

## Skill Activation Triggers

Activate this skill when user wants to:
- Check Azure compliance or best practices
- Assess Azure resources for configuration issues
- Run azqr or Azure Quick Review
- Identify orphaned or misconfigured resources
- Review Azure security posture
- "Show me expired certificates/keys/secrets in my Key Vault"
- "Check what's expiring in the next 30 days"
- "Audit my Key Vault for compliance"
- "Find secrets without expiration dates"
- "Check certificate expiration dates"

## Prerequisites

- Authentication: user is logged in to Azure via `az login`
- Permissions to read resource configuration and Key Vault metadata

## Assessments

| Assessment | Reference |
|------------|-----------|
| Comprehensive Compliance (azqr) | [references/azure-quick-review.md](references/azure-quick-review.md) |
| Key Vault Expiration | [references/azure-keyvault-expiration-audit.md](references/azure-keyvault-expiration-audit.md) |
| Resource Graph Queries | [references/azure-resource-graph.md](references/azure-resource-graph.md) |

## MCP Tools

| Tool | Purpose |
|------|---------|
| `mcp_azure_mcp_extension_azqr` | Run azqr compliance scans |
| `mcp_azure_mcp_subscription_list` | List available subscriptions |
| `mcp_azure_mcp_group_list` | List resource groups |
| `keyvault_key_list` | List all keys in vault |
| `keyvault_key_get` | Get key details including expiration |
| `keyvault_secret_list` | List all secrets in vault |
| `keyvault_secret_get` | Get secret details including expiration |
| `keyvault_certificate_list` | List all certificates in vault |
| `keyvault_certificate_get` | Get certificate details including expiration |

## Assessment Workflow

1. Select scope (subscription or resource group) for Comprehensive Resources Assessment.
2. Run azqr and capture output artifacts.
3. Analyze Scan Results and summarize findings and recommendations.
4. Review Key Vault Expiration Monitoring output for keys, secrets, and certificates.
5. Classify issues and propose remediation or fix steps for each finding.

### Priority Classification

| Priority | Guidance |
|---|---|
| Critical | Immediate remediation required for high-impact exposure |
| High | Resolve within days to reduce risk |
| Medium | Plan a resolution in the next sprint |
| Low | Track and fix during regular maintenance |

## Error Handling

| Error | Message | Remediation |
|---|---|---|
| Authentication required | "Please login" | Run `az login` and retry |
| Access denied | "Forbidden" | Confirm permissions and fix role assignments |
| Missing resource | "Not found" | Verify subscription and resource group selection |

## Best Practices

- Run compliance scans on a regular schedule (weekly or monthly)
- Track findings over time and verify remediation effectiveness
- Separate compliance reporting from remediation execution
- Keep Key Vault e

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is azure-compliance for?

When should I use azure-compliance?

Is azure-compliance safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is azure-compliance for?

When should I use azure-compliance?

Is azure-compliance safe to install?

SKILL.md