{"id":"4cd1d15a-826a-4b0b-a99d-e4df63a53b22","shortId":"t2H5fZ","kind":"skill","title":"azure-security","tagline":"Expert knowledge for Azure Security development including troubleshooting, best practices, decision making, security, configuration, integrations & coding patterns, and deployment. Use when securing AKS workloads, SBOMs, Notation image signing, Key Vault/HSM keys, or Customer Loc","description":"# Azure Security Skill\n\nThis skill provides expert guidance for Azure Security. Covers troubleshooting, best practices, decision making, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Troubleshooting | L35-L39 | Diagnosing and resolving common Azure Customer Lockbox issues, including access request problems, approval/denial errors, and configuration or permission-related failures. |\n| Best Practices | L40-L58 | Security hardening checklists and patterns for Azure (IaaS/PaaS), covering identity, network, data encryption, secrets, DNS, and app/database protection best practices |\n| Decision Making | L59-L63 | Guidance on choosing Azure key management options (Key Vault, managed HSM, app-managed keys), including security, compliance, performance, and integration trade-offs. |\n| Security | L64-L94 | Securing Azure workloads: threat modeling mitigations, AKS image signing, crypto and data protection, ransomware defense, incident response, and Azure-specific security/operational best practices. |\n| Configuration | L95-L102 | Configuring Azure security features like antimalware, firewalls, container vulnerability tools, security logging/auditing, and upcoming managed TLS/DCV changes |\n| Integrations & Coding Patterns | L103-L107 | Guidance on generating signed SBOMs for container images, attaching them in CI/CD, and integrating software supply chain security into deployment workflows. |\n| Deployment | L108-L114 | Guides for signing and verifying container images with Notation in Azure Pipelines/GitHub Actions, plus comparing security feature availability in Azure vs Azure Government. |\n\n### Troubleshooting\n| Topic | URL |\n|-------|-----|\n| Resolve common issues with Azure Customer Lockbox | https://learn.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-faq |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Harden Azure Marketplace images before publishing | https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-marketplace-images |\n| Implement Azure data security and encryption best practices | https://learn.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices |\n| Use Azure SQL database security checklist | https://learn.microsoft.com/en-us/azure/security/fundamentals/database-security-checklist |\n| Apply security best practices to Azure IaaS workloads | https://learn.microsoft.com/en-us/azure/security/fundamentals/iaas |\n| Apply Microsoft Entra identity security best practices | https://learn.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices |\n| Apply Azure network security best practices | https://learn.microsoft.com/en-us/azure/security/fundamentals/network-best-practices |\n| Apply operational security best practices for Azure assets | https://learn.microsoft.com/en-us/azure/security/fundamentals/operational-best-practices |\n| Secure Azure App Service web and mobile applications | https://learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-app-services |\n| Secure PaaS databases with Azure SQL and Synapse | https://learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-sql |\n| Secure PaaS applications using Azure Storage features | https://learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-storage |\n| Design and operate secure PaaS deployments on Azure | https://learn.microsoft.com/en-us/azure/security/fundamentals/paas-deployments |\n| Apply Azure-specific best practices for protecting secrets | https://learn.microsoft.com/en-us/azure/security/fundamentals/secrets-best-practices |\n| Apply security best practices to Azure Service Fabric | https://learn.microsoft.com/en-us/azure/security/fundamentals/service-fabric-best-practices |\n| Implement five-step checklist to secure Entra ID | https://learn.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity |\n| Prevent Azure subdomain takeover with DNS and App Service | https://learn.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Select the right Azure key management solution | https://learn.microsoft.com/en-us/azure/security/fundamentals/key-management-choose |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Enforce AKS image signature validation with Ratify and Azure Policy | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/validating-image-signatures-using-ratify-aks |\n| Implement auditing and logging mitigations with Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-auditing-and-logging |\n| Implement authentication mitigations with Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-authentication |\n| Mitigate authorization threats in Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-authorization |\n| Secure communications based on Threat Modeling Tool findings | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-communication-security |\n| Harden configuration management using Threat Modeling Tool mitigations | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-configuration-management |\n| Implement cryptography mitigations from Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-cryptography |\n| Secure exception management using Threat Modeling Tool guidance | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-exception-management |\n| Apply secure input validation mitigations from Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-input-validation |\n| Protect sensitive data using Threat Modeling Tool mitigations | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-sensitive-data |\n| Implement secure session management from Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-session-management |\n| Apply Azure-specific security best practices for AI workloads | https://learn.microsoft.com/en-us/azure/security/fundamentals/ai-security-best-practices |\n| Configure Microsoft Antimalware in Azure with PowerShell | https://learn.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples |\n| Use Azure Certificate Authority roots and requirements | https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-certificate-authority-details |\n| Design Azure backup and restore plan against ransomware | https://learn.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to-protect-against-ransomware |\n| Implement Azure resource security best practices | https://learn.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns |\n| Configure alternate email notifications for Customer Lockbox | https://learn.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-alternative-email |\n| Control Microsoft engineer data access with Customer Lockbox | https://learn.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview |\n| Implement Azure-specific incident response practices | https://learn.microsoft.com/en-us/azure/security/fundamentals/incident-response-overview |\n| Review Azure SQL Database built-in security features | https://learn.microsoft.com/en-us/azure/security/fundamentals/infrastructure-sql |\n| Apply Azure operational security checklist actions | https://learn.microsoft.com/en-us/azure/security/fundamentals/operational-checklist |\n| Understand security access methods for Azure production network | https://learn.microsoft.com/en-us/azure/security/fundamentals/production-network |\n| Understand Azure controls for protection of customer data | https://learn.microsoft.com/en-us/azure/security/fundamentals/protection-customer-data |\n| Detect and respond to ransomware using Azure security tools | https://learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-detect-respond |\n| Use Azure-native features to protect against ransomware | https://learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-features-resources |\n| Prepare Azure environments to withstand ransomware attacks | https://learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-prepare |\n| Configure Azure Firewall Premium to mitigate ransomware | https://learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-protection-with-azure-firewall |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Configure Dependabot and Copacetic for container security | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/container-secure-supply-chain-implementation/cssc-depenadabot-quickstart |\n| Configure firewalls using Azure domain patterns | https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-domains |\n| Configure and analyze Azure security logging and auditing | https://learn.microsoft.com/en-us/azure/security/fundamentals/log-audit |\n| Adapt to upcoming Azure managed TLS and DCV changes | https://learn.microsoft.com/en-us/azure/security/fundamentals/managed-tls-changes |\n\n### Integrations & Coding Patterns\n| Topic | URL |\n|-------|-----|\n| Create and attach signed SBOMs to container images | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/attach-sbom |\n\n### Deployment\n| Topic | URL |\n|-------|-----|\n| Sign and verify container images in Azure Pipelines with Notation | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/notation-ado-task-sign |\n| Sign container images with Notation in GitHub Actions | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/notation-sign-gha |\n| Verify container image signatures with Notation in GitHub Actions | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/verify-gha |\n| Check Azure vs Azure Government security feature availability | https://learn.microsoft.com/en-us/azure/security/fundamentals/feature-availability |","tags":["azure","security","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions","azure-kubernetes-service"],"capabilities":["skill","source-microsoftdocs","skill-azure-security","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-security","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.698","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 497 github stars · SKILL.md body (11,366 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T00:53:36.973Z","embedding":null,"createdAt":"2026-04-18T22:00:02.668Z","updatedAt":"2026-04-22T00:53:36.973Z","lastSeenAt":"2026-04-22T00:53:36.973Z","tsv":"'/en-us/azure/security/container-secure-supply-chain/articles/attach-sbom':938 '/en-us/azure/security/container-secure-supply-chain/articles/container-secure-supply-chain-implementation/cssc-depenadabot-quickstart':890 '/en-us/azure/security/container-secure-supply-chain/articles/notation-ado-task-sign':954 '/en-us/azure/security/container-secure-supply-chain/articles/notation-sign-gha':965 '/en-us/azure/security/container-secure-supply-chain/articles/validating-image-signatures-using-ratify-aks':597 '/en-us/azure/security/container-secure-supply-chain/articles/verify-gha':977 '/en-us/azure/security/develop/threat-modeling-tool-auditing-and-logging':609 '/en-us/azure/security/develop/threat-modeling-tool-authentication':619 '/en-us/azure/security/develop/threat-modeling-tool-authorization':629 '/en-us/azure/security/develop/threat-modeling-tool-communication-security':640 '/en-us/azure/security/develop/threat-modeling-tool-configuration-management':651 '/en-us/azure/security/develop/threat-modeling-tool-cryptography':661 '/en-us/azure/security/develop/threat-modeling-tool-exception-management':672 '/en-us/azure/security/develop/threat-modeling-tool-input-validation':684 '/en-us/azure/security/develop/threat-modeling-tool-sensitive-data':695 '/en-us/azure/security/develop/threat-modeling-tool-session-management':706 '/en-us/azure/security/fundamentals/ai-security-best-practices':719 '/en-us/azure/security/fundamentals/antimalware-code-samples':729 '/en-us/azure/security/fundamentals/azure-certificate-authority-details':739 '/en-us/azure/security/fundamentals/azure-domains':899 '/en-us/azure/security/fundamentals/azure-marketplace-images':416 '/en-us/azure/security/fundamentals/backup-plan-to-protect-against-ransomware':750 '/en-us/azure/security/fundamentals/best-practices-and-patterns':759 '/en-us/azure/security/fundamentals/customer-lockbox-alternative-email':769 '/en-us/azure/security/fundamentals/customer-lockbox-faq':403 '/en-us/azure/security/fundamentals/customer-lockbox-overview':780 '/en-us/azure/security/fundamentals/data-encryption-best-practices':427 '/en-us/azure/security/fundamentals/database-security-checklist':436 '/en-us/azure/security/fundamentals/feature-availability':988 '/en-us/azure/security/fundamentals/iaas':447 '/en-us/azure/security/fundamentals/identity-management-best-practices':457 '/en-us/azure/security/fundamentals/incident-response-overview':790 '/en-us/azure/security/fundamentals/infrastructure-sql':802 '/en-us/azure/security/fundamentals/key-management-choose':581 '/en-us/azure/security/fundamentals/log-audit':910 '/en-us/azure/security/fundamentals/managed-tls-changes':922 '/en-us/azure/security/fundamentals/network-best-practices':466 '/en-us/azure/security/fundamentals/operational-best-practices':477 '/en-us/azure/security/fundamentals/operational-checklist':811 '/en-us/azure/security/fundamentals/paas-applications-using-app-services':488 '/en-us/azure/security/fundamentals/paas-applications-using-sql':499 '/en-us/azure/security/fundamentals/paas-applications-using-storage':509 '/en-us/azure/security/fundamentals/paas-deployments':520 '/en-us/azure/security/fundamentals/production-network':822 '/en-us/azure/security/fundamentals/protection-customer-data':833 '/en-us/azure/security/fundamentals/ransomware-detect-respond':845 '/en-us/azure/security/fundamentals/ransomware-features-resources':857 '/en-us/azure/security/fundamentals/ransomware-prepare':867 '/en-us/azure/security/fundamentals/ransomware-protection-with-azure-firewall':877 '/en-us/azure/security/fundamentals/secrets-best-practices':532 '/en-us/azure/security/fundamentals/service-fabric-best-practices':543 '/en-us/azure/security/fundamentals/steps-secure-identity':555 '/en-us/azure/security/fundamentals/subdomain-takeover':567 '/microsoftdocs/mcp/blob/main/readme.md)':161 '3':132 'accept':200 'access':166,222,774,814 'action':380,808,962,974 'adapt':911 'agent':81,125,184,198 'ai':715 'ak':26,298,586 'altern':761 'analyz':902 'antimalwar':325,722 'app':276,480,563 'app-manag':275 'app/database':255 'appli':437,448,458,467,521,533,673,707,803 'applic':485,502 'approval/denial':225 'asset':474 'attach':351,930 'attack':864 'audit':599,907 'authent':611 'author':621,733 'avail':151,385,985 'azur':2,7,38,47,217,245,267,293,311,321,378,387,389,398,409,418,429,442,459,473,479,493,504,517,523,538,557,575,593,709,724,731,741,752,783,792,804,817,824,840,848,859,869,894,903,914,948,979,981 'azure-n':847 'azure-secur':1 'azure-specif':310,522,708,782 'backup':742 'base':632 'best':12,51,234,257,314,404,423,439,453,462,470,525,535,712,755 'built':796 'built-in':795 'capabl':73 'categori':84,92,108,204,206 'certif':732 'chain':359 'chang':336,919 'check':978 'checklist':241,433,548,807 'choos':266 'ci/cd':354 'code':19,58,338,924 'combin':63 'common':216,395 'communic':631 'compar':382 'complianc':281 'configur':17,56,228,316,320,642,720,760,868,878,881,891,900 'contain':327,349,373,886,934,945,956,967 'content':68,170 'control':770,825 'copacet':884 'cover':49,247 'creat':928 'crypto':301 'cryptographi':653 'custom':36,218,399,765,776,829 'data':250,303,419,687,773,830 'databas':431,491,794 'dcv':918 'decis':14,53,259,568 'defens':306 'dependabot':882 'deploy':22,61,362,364,515,939 'descript':208 'design':510,740 'detect':834 'develop':9 'diagnos':213 'dns':253,561 'doc':176 'document':71,169 'domain':895 'e.g':96,112 'email':762 'encrypt':251,422 'enforc':585 'engin':772 'entra':450,551 'environ':860 'error':226 'except':663 'expert':4,44 'fabric':540 'failur':233 'fallback':188 'featur':323,384,506,799,850,984 'fetch':72,168,177,190 'file':102,110,117,122 'find':637 'firewal':326,870,892 'five':546 'five-step':545 'generat':345 'github':961,973 'github.com':160 'github.com/microsoftdocs/mcp/blob/main/readme.md)':159 'govern':390,982 'guid':158,368 'guidanc':45,264,343,669 'harden':240,408,641 'hsm':274 'iaa':443 'iaas/paas':246 'id':552 'ident':248,451 'imag':30,299,350,374,411,587,935,946,957,968 'implement':417,544,598,610,652,696,751,781 'import':79,123 'incid':307,785 'includ':10,221,279 'index':85,205 'input':675 'instal':155,157 'integr':18,57,284,337,356,923 'issu':220,396 'key':32,34,268,271,278,576 'knowledg':5 'l102':319 'l103':341 'l103-l107':340 'l107':342 'l108':366 'l108-l114':365 'l114':367 'l120':99 'l35':98,211 'l35-l120':97 'l35-l39':210 'l39':212 'l40':237 'l40-l58':236 'l58':238 'l59':262 'l59-l63':261 'l63':263 'l64':290 'l64-l94':289 'l94':291 'l95':318 'l95-l102':317 'latest':140 'learn':183,197 'learn-agent-skil':182,196 'learn.microsoft.com':402,415,426,435,446,456,465,476,487,498,508,519,531,542,554,566,580,596,608,618,628,639,650,660,671,683,694,705,718,728,738,749,758,768,779,789,801,810,821,832,844,856,866,876,889,898,909,921,937,953,964,976,987 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/attach-sbom':936 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/container-secure-supply-chain-implementation/cssc-depenadabot-quickstart':888 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/notation-ado-task-sign':952 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/notation-sign-gha':963 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/validating-image-signatures-using-ratify-aks':595 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/verify-gha':975 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-auditing-and-logging':607 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-authentication':617 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-authorization':627 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-communication-security':638 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-configuration-management':649 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-cryptography':659 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-exception-management':670 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-input-validation':682 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-sensitive-data':693 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-session-management':704 'learn.microsoft.com/en-us/azure/security/fundamentals/ai-security-best-practices':717 'learn.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples':727 'learn.microsoft.com/en-us/azure/security/fundamentals/azure-certificate-authority-details':737 'learn.microsoft.com/en-us/azure/security/fundamentals/azure-domains':897 'learn.microsoft.com/en-us/azure/security/fundamentals/azure-marketplace-images':414 'learn.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to-protect-against-ransomware':748 'learn.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns':757 'learn.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-alternative-email':767 'learn.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-faq':401 'learn.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview':778 'learn.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices':425 'learn.microsoft.com/en-us/azure/security/fundamentals/database-security-checklist':434 'learn.microsoft.com/en-us/azure/security/fundamentals/feature-availability':986 'learn.microsoft.com/en-us/azure/security/fundamentals/iaas':445 'learn.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices':455 'learn.microsoft.com/en-us/azure/security/fundamentals/incident-response-overview':788 'learn.microsoft.com/en-us/azure/security/fundamentals/infrastructure-sql':800 'learn.microsoft.com/en-us/azure/security/fundamentals/key-management-choose':579 'learn.microsoft.com/en-us/azure/security/fundamentals/log-audit':908 'learn.microsoft.com/en-us/azure/security/fundamentals/managed-tls-changes':920 'learn.microsoft.com/en-us/azure/security/fundamentals/network-best-practices':464 'learn.microsoft.com/en-us/azure/security/fundamentals/operational-best-practices':475 'learn.microsoft.com/en-us/azure/security/fundamentals/operational-checklist':809 'learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-app-services':486 'learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-sql':497 'learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-storage':507 'learn.microsoft.com/en-us/azure/security/fundamentals/paas-deployments':518 'learn.microsoft.com/en-us/azure/security/fundamentals/production-network':820 'learn.microsoft.com/en-us/azure/security/fundamentals/protection-customer-data':831 'learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-detect-respond':843 'learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-features-resources':855 'learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-prepare':865 'learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-protection-with-azure-firewall':875 'learn.microsoft.com/en-us/azure/security/fundamentals/secrets-best-practices':530 'learn.microsoft.com/en-us/azure/security/fundamentals/service-fabric-best-practices':541 'learn.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity':553 'learn.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover':565 'like':324 'line':94,106,207 'link':111,120 'loc':37 'local':64 'locat':88 'lockbox':219,400,766,777 'log':601,905 'logging/auditing':331 'make':15,54,260,569 'manag':269,273,277,334,577,643,664,699,915 'markdown':187,203 'marketplac':410 'mcp':146,173 'metadata.generated':127 'method':815 'microsoft':175,449,721,771 'microsoftdoc':147,174 'mitig':297,602,612,620,648,654,677,692,873 'mobil':484 'model':296,605,615,625,635,646,657,667,680,690,702 'month':133 'nativ':849 'network':165,249,460,819 'notat':29,376,951,959,971 'notif':763 'off':287 'old':134 'oper':468,512,805 'option':270 'paa':490,501,514 'pattern':20,59,243,339,896,925 'perform':282 'permiss':231 'permission-rel':230 'pipelin':949 'pipelines/github':379 'plan':745 'plus':381 'polici':594 'powershel':726 'practic':13,52,235,258,315,405,424,440,454,463,471,526,536,713,756,787 'prefer':171 'premium':871 'prepar':858 'prevent':556 'problem':224 'product':818 'protect':256,304,528,685,827,852 'provid':43 'publish':413 'pull':138 'queri':179,193 'quick':66 'quick-refer':65 'rang':95 'ransomwar':305,747,838,854,863,874 'ratifi':591 'read':101,116 'refer':67,121 'relat':232 'relev':89 'remot':70 'repositori':144 'request':223 'requir':164,736 'resolv':215,394 'resourc':753 'respond':836 'respons':308,786 'restor':744 'return':186,202 'review':791 'right':574 'root':734 'sbom':28,347,932 'secret':252,529 'section':90 'secur':3,8,16,25,39,48,55,239,280,288,292,322,330,360,383,420,432,438,452,461,469,478,489,500,513,534,550,582,630,662,674,697,711,754,798,806,813,841,887,904,983 'security.md':113,114 'security/operational':313 'select':572 'sensit':686 'servic':481,539,564 'session':698 'sign':31,300,346,370,931,942,955 'signatur':588,969 'skill':40,42,78,163,185,199 'skill-azure-security' 'softwar':357 'solut':578 'source-microsoftdocs' 'specif':312,524,710,784 'specifi':105 'sql':430,494,793 'step':547 'storag':505 'string':180,194 'subdomain':558 'suggest':135,152 'suppli':358 'synaps':496 'takeov':559 'text/markdown':201 'threat':295,604,614,622,624,634,645,656,666,679,689,701 'tls':916 'tls/dcv':335 'tool':148,329,606,616,626,636,647,658,668,681,691,703,842 'topic':392,406,570,583,879,926,940 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'trade':286 'trade-off':285 'troubleshoot':11,50,209,391 'understand':812,823 'upcom':333,913 'url':393,407,571,584,880,927,941 'use':23,76,82,100,115,172,189,428,503,644,665,688,730,839,846,893 'user':137,154 'valid':589,676 'vault':272 'vault/hsm':33 'verifi':372,944,966 'version':141 'vs':388,980 'vulner':328 'web':482 'webpag':191 'withstand':862 'workflow':363 'workload':27,294,444,716","prices":[{"id":"07eadc1a-39b1-434e-87c9-419e45b2e5e9","listingId":"4cd1d15a-826a-4b0b-a99d-e4df63a53b22","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T22:00:02.668Z"}],"sources":[{"listingId":"4cd1d15a-826a-4b0b-a99d-e4df63a53b22","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-security","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-security","isPrimary":false,"firstSeenAt":"2026-04-18T22:00:02.668Z","lastSeenAt":"2026-04-22T00:53:36.973Z"}],"details":{"listingId":"4cd1d15a-826a-4b0b-a99d-e4df63a53b22","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-security","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":497,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-04-19T02:43:40Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"41f57fd04a003a189b73be47078083dbbba2c757","skill_md_path":"skills/azure-security/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-security"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-security","description":"Expert knowledge for Azure Security development including troubleshooting, best practices, decision making, security, configuration, integrations & coding patterns, and deployment. Use when securing AKS workloads, SBOMs, Notation image signing, Key Vault/HSM keys, or Customer Lockbox access, and other Azure Security related development tasks. Not for Azure Defender For Cloud (use azure-defender-for-cloud), Azure Firewall (use azure-firewall), Azure DDos Protection (use azure-ddos-protection), Azure Web Application Firewall (use azure-web-application-firewall).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-security"},"updatedAt":"2026-04-22T00:53:36.973Z"}}