Azure合规性安全审计工具 - 密钥保管库过期检查与资源配置评估

azure-compliance by microsoft/azure-skills

76,600 周安装量

497 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/microsoft/azure-skills --skill azure-compliance

🇨🇳中文介绍

Azure 合规性与安全审计

快速参考

属性	详情
最佳适用场景	合规性扫描、安全审计、密钥保管库过期检查
主要能力	全面的资源评估、密钥保管库过期监控
MCP 工具	azqr、订阅和资源组列表、密钥保管库项目检查

何时使用此技能

运行 azqr 或 Azure 快速审查以进行合规性评估
根据最佳实践验证 Azure 资源配置
识别孤立或配置错误的资源
审计密钥保管库中的密钥、机密和证书是否过期

技能激活触发器

当用户想要执行以下操作时激活此技能：

检查 Azure 合规性或最佳实践
评估 Azure 资源配置问题
运行 azqr 或 Azure 快速审查
识别孤立或配置错误的资源
审查 Azure 安全态势
"显示我的密钥保管库中过期的证书/密钥/机密"
"检查未来 30 天内即将过期的内容"
"审计我的密钥保管库是否符合合规要求"
"查找没有过期日期的机密"
"检查证书过期日期"

先决条件

身份验证：用户已通过 az login 登录到 Azure
具有读取资源配置和密钥保管库元数据的权限

评估

🇺🇸English

Azure Compliance & Security Auditing

Quick Reference

Property	Details
Best for	Compliance scans, security audits, Key Vault expiration checks
Primary capabilities	Comprehensive Resources Assessment, Key Vault Expiration Monitoring
MCP tools	azqr, subscription and resource group listing, Key Vault item inspection

When to Use This Skill

Run azqr or Azure Quick Review for compliance assessment
Validate Azure resource configuration against best practices
Identify orphaned or misconfigured resources
Audit Key Vault keys, secrets, and certificates for expiration

Skill Activation Triggers

Activate this skill when user wants to:

Check Azure compliance or best practices
Assess Azure resources for configuration issues
Run azqr or Azure Quick Review
Identify orphaned or misconfigured resources
Review Azure security posture
"Show me expired certificates/keys/secrets in my Key Vault"
"Check what's expiring in the next 30 days"
"Audit my Key Vault for compliance"
"Find secrets without expiration dates"
"Check certificate expiration dates"

Prerequisites

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

相关 Skills

暂无相关 Skills

评估	参考
全面合规性 (azqr)	references/azure-quick-review.md
密钥保管库过期	references/azure-keyvault-expiration-audit.md
资源图查询	references/azure-resource-graph.md

工具	用途
`mcp_azure_mcp_extension_azqr`	运行 azqr 合规性扫描
`mcp_azure_mcp_subscription_list`	列出可用订阅
`mcp_azure_mcp_group_list`	列出资源组
`keyvault_key_list`	列出保管库中的所有密钥
`keyvault_key_get`	获取密钥详情（包括过期信息）
`keyvault_secret_list`	列出保管库中的所有机密
`keyvault_secret_get`	获取机密详情（包括过期信息）
`keyvault_certificate_list`	列出保管库中的所有证书
`keyvault_certificate_get`	获取证书详情（包括过期信息）

为"全面的资源评估"选择范围（订阅或资源组）。
运行 azqr 并捕获输出工件。
分析扫描结果，总结发现和建议。
审查密钥保管库过期监控的输出（针对密钥、机密和证书）。
对问题进行分类，并为每个发现提出修复或解决步骤。

优先级	指导原则
严重	需要立即修复，以防止高风险暴露
高	在几天内解决以降低风险
中	计划在下一个冲刺周期内解决
低	在定期维护期间跟踪并修复

错误	消息	修复方法
需要身份验证	"请登录"	运行 `az login` 并重试
访问被拒绝	"禁止访问"	确认权限并修复角色分配
资源缺失	"未找到"	验证订阅和资源组选择

定期（每周或每月）运行合规性扫描
随时间跟踪发现并验证修复效果
将合规性报告与修复执行分开
记录并强制执行密钥保管库过期策略

有关以编程方式访问密钥保管库，请参阅简明的 SDK 指南：

密钥保管库 (Python) : 机密/密钥/证书
机密 : TypeScript | Rust | Java
密钥 : .NET | Java | TypeScript | Rust
证书 : Rust

Authentication: user is logged in to Azure via az login
Permissions to read resource configuration and Key Vault metadata

Assessment	Reference
Comprehensive Compliance (azqr)	references/azure-quick-review.md
Key Vault Expiration	references/azure-keyvault-expiration-audit.md
Resource Graph Queries	references/azure-resource-graph.md

Tool	Purpose
`mcp_azure_mcp_extension_azqr`	Run azqr compliance scans
`mcp_azure_mcp_subscription_list`	List available subscriptions
`mcp_azure_mcp_group_list`	List resource groups
`keyvault_key_list`	List all keys in vault
`keyvault_key_get`	Get key details including expiration
`keyvault_secret_list`	List all secrets in vault
`keyvault_secret_get`	Get secret details including expiration
`keyvault_certificate_list`	List all certificates in vault
`keyvault_certificate_get`	Get certificate details including expiration

Select scope (subscription or resource group) for Comprehensive Resources Assessment.
Run azqr and capture output artifacts.
Analyze Scan Results and summarize findings and recommendations.
Review Key Vault Expiration Monitoring output for keys, secrets, and certificates.
Classify issues and propose remediation or fix steps for each finding.

Priority Classification

Priority	Guidance
Critical	Immediate remediation required for high-impact exposure
High	Resolve within days to reduce risk
Medium	Plan a resolution in the next sprint
Low	Track and fix during regular maintenance

Error	Message	Remediation
Authentication required	"Please login"	Run `az login` and retry
Access denied	"Forbidden"	Confirm permissions and fix role assignments
Missing resource	"Not found"	Verify subscription and resource group selection

Run compliance scans on a regular schedule (weekly or monthly)
Track findings over time and verify remediation effectiveness
Separate compliance reporting from remediation execution
Keep Key Vault expiration policies documented and enforced

SDK Quick References

For programmatic Key Vault access, see the condensed SDK guides:

Key Vault (Python) : Secrets/Keys/Certs
Secrets : TypeScript | Rust | Java
Keys : .NET | Java | TypeScript | Rust
Certificates : Rust

Azure合规性安全审计工具 - 密钥保管库过期检查与资源配置评估

🇨🇳中文介绍

Azure 合规性与安全审计

快速参考

何时使用此技能

技能激活触发器

先决条件

评估

🇺🇸English

Azure Compliance & Security Auditing

Quick Reference

When to Use This Skill

Skill Activation Triggers

Prerequisites

相关 Skills

MCP 工具

评估工作流程

优先级分类

错误处理

最佳实践

SDK 快速参考

Assessments

MCP Tools

Assessment Workflow

Priority Classification

Error Handling

Best Practices

SDK Quick References