Why this exists

You can't fix what you can't see.

Most Azure environments accumulate problems quietly. Permissions get over-granted, networks get flatter, costs creep up, and what's deployed slowly drifts from what's documented. By the time someone asks "are we secure? are we compliant? are we overspending?" the answers take weeks to find. This audit gives you those answers in days, with concrete next steps.

What's included

A full sweep across the dimensions that matter.

Identity & access review

Privileged roles, group memberships, service principals, guest accounts, MFA coverage, and PIM usage. Where over-privilege lives and how to reduce it.

Network audit

VNet topology, peering, NSG rules, public exposure, private endpoints, and DNS. We map what you have and flag what's at risk.

Compliance baseline check

CIS / Microsoft cloud security benchmark scoring, Defender for Cloud findings triaged by severity, regulatory gaps for ISO 27001 / SOC 2 / GDPR-relevant controls.

Cost review

Top spend categories, idle and oversized resources, missing reservations and savings plans, tag coverage, and forecast risk. Quick wins flagged.

Drift detection

Where the deployed state differs from what's in code (or what people think is there). Recommendations for an ongoing drift control process.

Operational health

Logging coverage, alerting gaps, backup configuration, single points of failure, and runbook completeness. The unglamorous stuff that bites at 3am.

Deliverables

What you get at the end.

→Audit reportWritten, structured, and specific. Findings ranked by severity and effort, with evidence for each one. No fluff, no padding.
→Remediation planA prioritised backlog of work — what to fix this week, this month, this quarter. Effort estimates and dependencies included.
→Drift baselineA point-in-time snapshot of state vs intent, plus a recommended approach to keeping them aligned going forward.
→Findings walkthroughLive session with your team. We explain every finding, take questions, and agree priorities before we leave.

Timeline

Three phases. Three to seven days.

Day 1

Access & scope

Read-only access provisioned. Scope confirmed — which subscriptions, which workloads, which compliance frameworks matter.

Days 2–5

Investigate

Automated scans plus manual review across identity, network, cost, compliance, and operational health. Evidence gathered for every finding.

Days 6–7

Report & walkthrough

Written report delivered, walkthrough session with your team, prioritised remediation plan agreed.

FAQ

Common questions.

What access do you need?

Reader at the management group or subscription level for the audit itself, plus Defender for Cloud Reader and Cost Management Reader. Read-only — we don't change anything during the audit.

Can you do the remediation work too?

Yes. The audit deliberately ends with a plan, not the work itself, so you can decide how to proceed. Common follow-ups are Brownfield Terraform Migration, Security Posture, or the FinOps Review for cost-focused remediation.

How is this different from Defender for Cloud's recommendations?

Defender catches a lot, but it's also noisy and doesn't connect findings to your business risk. We use it as a data source, then add manual review and prioritisation. You get a plan you can act on, not a list of 400 alerts to triage.

Will you find things that look bad?

Probably. Every Azure environment we've audited has had at least a few "oh" moments. The point isn't to embarrass anyone — it's to surface the issues so you can fix them before someone else finds them.

Can we run this annually?

Yes, and many teams do. Ongoing drift control is also part of the Ongoing Platform Support retainer if you want it baked into your operating rhythm.

Azure Audit & Drift Control.