- 24 Jun 2026
- 2 Minutes to read
- Print
- DarkLight
- Download PDF
AI security checklist
- Updated on 24 Jun 2026
- 2 Minutes to read
- Print
- DarkLight
- Download PDF
Overview
The AI security checklist AI Agent evaluates any resource within your Business Application against Azure security best practices and identifies hardening opportunities. It inspects the resource's current configuration, scores it across key security pillars, surfaces actionable findings with remediation steps, and estimates the time required to resolve them — all based on the resource's current configuration.

How It Works
When the agent is triggered for a resource, it inspects the resource's configuration and evaluates it across a set of security pillars applicable to that resource type. Each pillar is scored based on its current state:
- A pillar in good shape contributes its full points
- A pillar that needs review contributes half points
- A pillar that is at risk or failing contributes zero points
Together, the pillars produce an overall Security Score out of 100. The agent then identifies specific findings, ranks them by impact, and pairs each with a concrete remediation step and an estimated resolution time.
It also highlights checks that already pass, giving a clear picture of both what needs attention and what is already in good shape.
Security pillars
The agent evaluates the resource across a set of security pillars specific to the resource type. Each pillar is one component of the Security score — together they make up the 100-point total. For each pillar, the agent surfaces:
- What it is — A description of the security control and what it governs
- Why it matters — The risk or compliance implication if the pillar is not in good shape
- Your state — The resource's current standing against that pillar
Each pillar is assigned a state — Healthy, Needs Review, At Risk, or Unknown — which determines its point contribution to the overall score. Common pillars include Identity & access, Transport security, HTTPS-only, FTP deployment, Network access, and Governance, though the applicable set varies by resource type.

Security score
The Security score is built from all security pillars applicable to the resource type. Each pillar can contribute up to 16 points, for a total of 100. The score is rated as:
- Poor — Significant gaps across multiple pillars
- Fair — Some pillars passing, others at risk or unknown
- Good — Most pillars healthy with minor gaps
- Excellent — All pillars in good shape
Findings are tracked separately and do not double-count against the score — a pillar already marked at risk is not penalized again for the same issue in the findings list.

Findings
Findings represent specific security gaps identified in the resource's configuration. Each finding includes:
- Impact level — High, Medium, or Low
- Description — What is misconfigured and why it poses a risk
- Resolving step — A concrete action to fix the issue in Azure
- Estimated time — An approximate time to resolve the finding
An Estimated Total Time Required is shown at the bottom of the findings list, giving a quick sense of the overall remediation effort involved.

Checks Passed
Alongside findings, the agent surfaces controls that are already correctly configured on the resource — confirming what is already in good shape and does not require action.
