AI security checklist
  • 24 Jun 2026
  • 2 Minutes to read
  • Dark
    Light
  • Download PDF

AI security checklist

  • Dark
    Light
  • Download PDF

Article summary

Overview

The AI security checklist AI Agent evaluates any resource within your Business Application against Azure security best practices and identifies hardening opportunities. It inspects the resource's current configuration, scores it across key security pillars, surfaces actionable findings with remediation steps, and estimates the time required to resolve them — all based on the resource's current configuration.

AI security checklist.png

How It Works

When the agent is triggered for a resource, it inspects the resource's configuration and evaluates it across a set of security pillars applicable to that resource type. Each pillar is scored based on its current state:

  • A pillar in good shape contributes its full points
  • A pillar that needs review contributes half points
  • A pillar that is at risk or failing contributes zero points

Together, the pillars produce an overall Security Score out of 100. The agent then identifies specific findings, ranks them by impact, and pairs each with a concrete remediation step and an estimated resolution time.

It also highlights checks that already pass, giving a clear picture of both what needs attention and what is already in good shape.

Security pillars

The agent evaluates the resource across a set of security pillars specific to the resource type. Each pillar is one component of the Security score — together they make up the 100-point total. For each pillar, the agent surfaces:

  • What it is — A description of the security control and what it governs
  • Why it matters — The risk or compliance implication if the pillar is not in good shape
  • Your state — The resource's current standing against that pillar

Each pillar is assigned a state — Healthy, Needs Review, At Risk, or Unknown — which determines its point contribution to the overall score. Common pillars include Identity & access, Transport security, HTTPS-only, FTP deployment, Network access, and Governance, though the applicable set varies by resource type.

Security pillars.png

Security score

The Security score is built from all security pillars applicable to the resource type. Each pillar can contribute up to 16 points, for a total of 100. The score is rated as:

  • Poor — Significant gaps across multiple pillars
  • Fair — Some pillars passing, others at risk or unknown
  • Good — Most pillars healthy with minor gaps
  • Excellent — All pillars in good shape

Findings are tracked separately and do not double-count against the score — a pillar already marked at risk is not penalized again for the same issue in the findings list.

Security score.png

Findings

Findings represent specific security gaps identified in the resource's configuration. Each finding includes:

  • Impact level — High, Medium, or Low
  • Description — What is misconfigured and why it poses a risk
  • Resolving step — A concrete action to fix the issue in Azure
  • Estimated time — An approximate time to resolve the finding

An Estimated Total Time Required is shown at the bottom of the findings list, giving a quick sense of the overall remediation effort involved.

Findings.png

Checks Passed

Alongside findings, the agent surfaces controls that are already correctly configured on the resource — confirming what is already in good shape and does not require action.

Checks Passed.png


Was this article helpful?