azure-compliance

작성자: Azure

포괄적인 Azure 규정 준수 및 보안 감사 기능으로, 모범 사례 평가, Key Vault 만료 모니터링, 리소스 구성 검증을 포함합니다.

npx skills add https://github.com/microsoft/GitHub-Copilot-for-Azure --skill azure-compliance

Azure Compliance & Security Auditing

Quick Reference

PropertyDetails
Best forCompliance scans, security audits, Key Vault expiration checks
Primary capabilitiesComprehensive Resources Assessment, Key Vault Expiration Monitoring
MCP toolsazqr, subscription and resource group listing, Key Vault item inspection

When to Use This Skill

  • Run azqr or Azure Quick Review for compliance assessment
  • Validate Azure resource configuration against best practices
  • Identify orphaned or misconfigured resources
  • Audit Key Vault keys, secrets, and certificates for expiration

Skill Activation Triggers

Activate this skill when user wants to:

  • Check Azure compliance or best practices
  • Assess Azure resources for configuration issues
  • Run azqr or Azure Quick Review
  • Identify orphaned or misconfigured resources
  • Review Azure security posture
  • "Show me expired certificates/keys/secrets in my Key Vault"
  • "Check what's expiring in the next 30 days"
  • "Audit my Key Vault for compliance"
  • "Find secrets without expiration dates"
  • "Check certificate expiration dates"

Prerequisites

  • Authentication: user is logged in to Azure via az login
  • Permissions to read resource configuration and Key Vault metadata

Assessments

AssessmentReference
Comprehensive Compliance (azqr)references/azure-quick-review.md
Key Vault Expirationreferences/azure-keyvault-expiration-audit.md
Resource Graph Queriesreferences/azure-resource-graph.md

MCP Tools

ToolPurpose
mcp_azure_mcp_extension_azqrRun azqr compliance scans
mcp_azure_mcp_subscription_listList available subscriptions
mcp_azure_mcp_group_listList resource groups
keyvault_key_listList all keys in vault
keyvault_key_getGet key details including expiration
keyvault_secret_listList all secrets in vault
keyvault_secret_getGet secret details including expiration
keyvault_certificate_listList all certificates in vault
keyvault_certificate_getGet certificate details including expiration

Assessment Workflow

  1. Select scope (subscription or resource group) for Comprehensive Resources Assessment.
  2. Run azqr and capture output artifacts.
  3. Analyze Scan Results and summarize findings and recommendations.
  4. Review Key Vault Expiration Monitoring output for keys, secrets, and certificates.
  5. Classify issues and propose remediation or fix steps for each finding.

Priority Classification

PriorityGuidance
CriticalImmediate remediation required for high-impact exposure
HighResolve within days to reduce risk
MediumPlan a resolution in the next sprint
LowTrack and fix during regular maintenance

Error Handling

ErrorMessageRemediation
Authentication required"Please login"Run az login and retry
Access denied"Forbidden"Confirm permissions and fix role assignments
Missing resource"Not found"Verify subscription and resource group selection

Best Practices

  • Run compliance scans on a regular schedule (weekly or monthly)
  • Track findings over time and verify remediation effectiveness
  • Separate compliance reporting from remediation execution
  • Keep Key Vault expiration policies documented and enforced

SDK Quick References

For programmatic Key Vault access, see the condensed SDK guides:

Azure의 다른 스킬

azure-ai
Azure
Azure AI: Search, Speech, OpenAI, Document Intelligence에 사용됩니다. 검색, 벡터/하이브리드 검색, 음성-텍스트 변환, 텍스트-음성 변환, 전사, OCR을 지원합니다.
appinsights-instrumentation
Azure
Azure Application Insights를 사용하여 웹앱을 계측하기 위한 가이드입니다. 원격 분석 패턴, SDK 설정 및 구성 참조를 제공합니다.
azure-aigateway
Azure
Azure API Management(APIM)을 AI 게이트웨이로 구성하여 AI 모델, MCP 서버, 에이전트를 보호, 관찰, 제어합니다. 속도 제한, 의미론적 캐싱, 콘텐츠 안전, 로드 밸런싱에 도움이 됩니다.
azure-compute
Azure
워크로드 요구 사항, 성능 요구 사항 및 예산 제약 조건에 따라 Azure VM 크기, VM Scale Sets(VMSS) 및 구성을 추천합니다.
azure-cost-optimization
Azure
Azure 구독 전반에서 실제 비용, 사용률 메트릭을 분석하여 비용 절감 기회를 식별하고 정량화하며, 실행 가능한 최적화 권장 사항을 생성합니다.
azure-deploy
Azure
Azure에 배포를 실행합니다. 준비 및 검증 후 최종 단계입니다. azd up, azd deploy 또는 인프라 프로비저닝 명령을 실행합니다.
azure-diagnostics
Azure
Azure에서 프로덕션 문제를 디버깅하고 문제를 해결합니다. Container Apps 및 Function Apps 진단, KQL을 사용한 로그 분석, 상태 확인, 일반적인 문제 해결을 다룹니다.
azure-hosted-copilot-sdk
Azure
GitHub Copilot SDK 앱을 Azure에 빌드하고 배포합니다.