A PowerShell-based tool that audits Azure tenants/subscriptions and performs assessments against the Well-Architected Framework (WAF) and Cloud Adoption Framework (CAF).
- Flexible Scope: Audit a single subscription or all subscriptions in a tenant
- WAF Assessment (all 5 pillars):
- Reliability - redundancy, backup, failover
- Security - network, identity, data protection, encryption
- Cost Optimization - unused resources, right-sizing, reservations
- Operational Excellence - monitoring, alerting, automation, tagging
- Performance Efficiency - scaling, sizing, caching
- CAF Assessment (5 disciplines):
- Governance - policy, naming, tagging, management groups
- Security Baseline - Defender for Cloud, encryption, segmentation
- Identity Baseline - RBAC, PIM, service principals, guest access
- Resource Consistency - organization, IaC, lifecycle, orphaned resources
- Cost Management - budgets, cost allocation, accountability
- Dual Output: JSON (machine-readable) + HTML (visual report with scores and charts)
- Scored Results: Each pillar/discipline gets a 0-100 score
- Actionable Recommendations: Every finding includes remediation guidance with links to Microsoft docs
# Install Az PowerShell module
Install-Module Az -Scope CurrentUser -Force
# Required sub-modules (installed with Az):
# Az.Accounts, Az.Resources, Az.Compute, Az.Network,
# Az.Storage, Az.Sql, Az.KeyVault, Az.Monitor,
# Az.Security, Az.Advisor, Az.RecoveryServices.\AzureAudit.ps1.\AzureAudit.ps1 -SubscriptionId "00000000-0000-0000-0000-000000000000".\AzureAudit.ps1 -TenantId "your-tenant-id" -OutputPath "C:\Reports".\AzureAudit.ps1 -SkipCAF.\AzureAudit.ps1 -SkipWAFReports are generated in the output/ directory (or custom path):
| File | Description |
|---|---|
AzureAudit-YYYYMMDD-HHmmss.json |
Full audit data with all findings, scores, and metadata |
AzureAudit-YYYYMMDD-HHmmss.html |
Visual report with score bars, severity badges, and findings tables |
AzureAudit/
├── AzureAudit.ps1 # Main entry point
├── README.md # This file
├── modules/
│ ├── Auth.psm1 # Azure authentication
│ ├── Discovery.psm1 # Resource enumeration
│ ├── Reporting.psm1 # JSON + HTML report generation
│ ├── WAF/
│ │ ├── Reliability.psm1
│ │ ├── Security.psm1
│ │ ├── CostOptimization.psm1
│ │ ├── OperationalExcellence.psm1
│ │ └── PerformanceEfficiency.psm1
│ └── CAF/
│ ├── Governance.psm1
│ ├── SecurityBaseline.psm1
│ ├── IdentityBaseline.psm1
│ ├── ResourceConsistency.psm1
│ └── CostManagement.psm1
├── templates/
│ └── report.html # HTML report template
└── output/ # Generated reports
Each pillar/discipline receives a score from 0-100:
- Start at 100
- Critical finding: -10 points
- High finding: -10 points
- Medium finding: -5 points
- Low finding: -2 points
- Minimum score: 0
| Severity | Meaning |
|---|---|
| Critical | Immediate security risk or data exposure |
| High | Significant gap that should be addressed urgently |
| Medium | Important improvement opportunity |
| Low | Best practice recommendation |
To add new checks:
- Open the relevant module (e.g.,
modules/WAF/Security.psm1) - Add your check logic inside the
foreach ($sub in $Discovery.Subscriptions)loop - Use
New-Findingto create findings:
$findings += New-Finding -Severity "High" -Category "Security" `
-Resource $resourceName -ResourceType "Microsoft.Type/resource" `
-SubscriptionId $sub.Id `
-Description "What's wrong" `
-Recommendation "How to fix it" `
-WAFLink "https://learn.microsoft.com/..."The identity running this tool needs at minimum:
- Reader role on target subscriptions
- Security Reader for Defender for Cloud data
- Reader on Management Groups (for CAF Governance checks)
For a full audit, Global Reader at the tenant level is recommended.
MIT