azure-compliance
작성자: Azure
포괄적인 Azure 규정 준수 및 보안 감사 기능으로, 모범 사례 평가, Key Vault 만료 모니터링, 리소스 구성 검증을 포함합니다.
npx skills add https://github.com/microsoft/GitHub-Copilot-for-Azure --skill azure-complianceAzure Compliance & Security Auditing
Quick Reference
| Property | Details |
|---|---|
| Best for | Compliance scans, security audits, Key Vault expiration checks |
| Primary capabilities | Comprehensive Resources Assessment, Key Vault Expiration Monitoring |
| MCP tools | azqr, subscription and resource group listing, Key Vault item inspection |
When to Use This Skill
- Run azqr or Azure Quick Review for compliance assessment
- Validate Azure resource configuration against best practices
- Identify orphaned or misconfigured resources
- Audit Key Vault keys, secrets, and certificates for expiration
Skill Activation Triggers
Activate this skill when user wants to:
- Check Azure compliance or best practices
- Assess Azure resources for configuration issues
- Run azqr or Azure Quick Review
- Identify orphaned or misconfigured resources
- Review Azure security posture
- "Show me expired certificates/keys/secrets in my Key Vault"
- "Check what's expiring in the next 30 days"
- "Audit my Key Vault for compliance"
- "Find secrets without expiration dates"
- "Check certificate expiration dates"
Prerequisites
- Authentication: user is logged in to Azure via
az login - Permissions to read resource configuration and Key Vault metadata
Assessments
| Assessment | Reference |
|---|---|
| Comprehensive Compliance (azqr) | references/azure-quick-review.md |
| Key Vault Expiration | references/azure-keyvault-expiration-audit.md |
| Resource Graph Queries | references/azure-resource-graph.md |
MCP Tools
| Tool | Purpose |
|---|---|
mcp_azure_mcp_extension_azqr | Run azqr compliance scans |
mcp_azure_mcp_subscription_list | List available subscriptions |
mcp_azure_mcp_group_list | List resource groups |
keyvault_key_list | List all keys in vault |
keyvault_key_get | Get key details including expiration |
keyvault_secret_list | List all secrets in vault |
keyvault_secret_get | Get secret details including expiration |
keyvault_certificate_list | List all certificates in vault |
keyvault_certificate_get | Get certificate details including expiration |
Assessment Workflow
- Select scope (subscription or resource group) for Comprehensive Resources Assessment.
- Run azqr and capture output artifacts.
- Analyze Scan Results and summarize findings and recommendations.
- Review Key Vault Expiration Monitoring output for keys, secrets, and certificates.
- Classify issues and propose remediation or fix steps for each finding.
Priority Classification
| Priority | Guidance |
|---|---|
| Critical | Immediate remediation required for high-impact exposure |
| High | Resolve within days to reduce risk |
| Medium | Plan a resolution in the next sprint |
| Low | Track and fix during regular maintenance |
Error Handling
| Error | Message | Remediation |
|---|---|---|
| Authentication required | "Please login" | Run az login and retry |
| Access denied | "Forbidden" | Confirm permissions and fix role assignments |
| Missing resource | "Not found" | Verify subscription and resource group selection |
Best Practices
- Run compliance scans on a regular schedule (weekly or monthly)
- Track findings over time and verify remediation effectiveness
- Separate compliance reporting from remediation execution
- Keep Key Vault expiration policies documented and enforced
SDK Quick References
For programmatic Key Vault access, see the condensed SDK guides:
- Key Vault (Python): Secrets/Keys/Certs
- Secrets: TypeScript | Rust | Java
- Keys: .NET | Java | TypeScript | Rust
- Certificates: Rust
Azure의 다른 스킬
azure-ai
Azure
Azure AI: Search, Speech, OpenAI, Document Intelligence에 사용됩니다. 검색, 벡터/하이브리드 검색, 음성-텍스트 변환, 텍스트-음성 변환, 전사, OCR을 지원합니다.
appinsights-instrumentation
Azure
Azure Application Insights를 사용하여 웹앱을 계측하기 위한 가이드입니다. 원격 분석 패턴, SDK 설정 및 구성 참조를 제공합니다.
azure-aigateway
Azure
Azure API Management(APIM)을 AI 게이트웨이로 구성하여 AI 모델, MCP 서버, 에이전트를 보호, 관찰, 제어합니다. 속도 제한, 의미론적 캐싱, 콘텐츠 안전, 로드 밸런싱에 도움이 됩니다.
azure-compute
Azure
워크로드 요구 사항, 성능 요구 사항 및 예산 제약 조건에 따라 Azure VM 크기, VM Scale Sets(VMSS) 및 구성을 추천합니다.
azure-cost-optimization
Azure
Azure 구독 전반에서 실제 비용, 사용률 메트릭을 분석하여 비용 절감 기회를 식별하고 정량화하며, 실행 가능한 최적화 권장 사항을 생성합니다.
azure-deploy
Azure
Azure에 배포를 실행합니다. 준비 및 검증 후 최종 단계입니다. azd up, azd deploy 또는 인프라 프로비저닝 명령을 실행합니다.
azure-diagnostics
Azure
Azure에서 프로덕션 문제를 디버깅하고 문제를 해결합니다. Container Apps 및 Function Apps 진단, KQL을 사용한 로그 분석, 상태 확인, 일반적인 문제 해결을 다룹니다.
azure-hosted-copilot-sdk
Azure
GitHub Copilot SDK 앱을 Azure에 빌드하고 배포합니다.