azure-security-posture-hardening | vanguard-frontier-agentic

Stats

Actions

Tags

azure-security-posture-hardening | vanguard-frontier-agentic

Azure Security Posture Hardening

Purpose

Review and harden Azure platform or workload posture using operator-grade controls:

least privilege,
managed identities over stored secrets,
private access where justified,
Key Vault hardening,
policy-enforced controls,
audit and diagnostic coverage,
staged remediation with rollout safety.

When to use

Use this skill when the user asks for:

Azure security baseline or posture review,
managed identity migration guidance,
Key Vault hardening or secret-handling critique,
private endpoint or public exposure decisions for sensitive services,
Azure Policy or Defender-backed hardening recommendations,
logging, diagnostics, or auditability expectations for Azure security controls,
zero-trust-oriented review of platform or workload controls.

Do not use this skill as a full compliance audit, incident forensics runbook, or a substitute for deep service-specific implementation docs.

Lean operating rules

Prefer Microsoft Learn documentation through the user's configured documentation MCP, then sampled read-only Azure evidence when available, then sanitized user evidence.
Separate confirmed facts from inference. If state was not queried or shown, say so.
Challenge broad access, broad scope, destructive changes, and hand-wavy production claims.
Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.

References

Load these only when needed:

Azure Security Posture Hardening Operations — use for current service behavior, common failure modes, hard design rules, verification targets, and push-back conditions.
Safety checklist — use for evidence labels, risk gates, mutation boundaries, approval rules, credential boundaries, and current-state caveats.
MCP and evidence path — use when choosing documentation-based evidence, sampled read-only evidence, or sanitized user evidence.
Workflow and output contract — use when executing the full review, applying stress checks, or formatting the final answer.
Official sources — use when you need the detailed Microsoft documentation list or source notes.

Response minimum

Return, at minimum:

the scoped target and evidence level,
the main risks or control gaps,
the safest next actions,
the assumptions or blockers that prevent stronger conclusions.