{"id":"4cd1d15a-826a-4b0b-a99d-e4df63a53b22","shortId":"t2H5fZ","kind":"skill","title":"azure-security","tagline":"Expert knowledge for Azure Security development including troubleshooting, best practices, decision making, security, configuration, integrations & coding patterns, and deployment. Use when securing AKS and container images, SBOMs, Notation signing, Key Vault/HSM keys, or Custome","description":"# Azure Security Skill\n\nThis skill provides expert guidance for Azure Security. Covers troubleshooting, best practices, decision making, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Troubleshooting | L35-L39 | Diagnosing and resolving common Azure Customer Lockbox issues, including access request problems, approval/denial errors, and configuration or permission-related failures. |\n| Best Practices | L40-L61 | Security hardening checklists and patterns for Azure IaaS/PaaS: identity, network, data encryption, secrets, ransomware defense, incident response, and app/database protection. |\n| Decision Making | L62-L66 | Guidance on choosing Azure key management options (Key Vault, managed HSM, app-managed keys), including security, compliance, performance, and integration trade-offs. |\n| Security | L67-L94 | Security hardening for Azure workloads: threat modeling mitigations, AKS image signing, ransomware defense, Azure SQL and network protections, antimalware, certificates, and operational security best practices. |\n| Configuration | L95-L103 | Configuring Azure security features: container scanning (Dependabot/Copacetic), firewall rules via domain patterns, customer-managed keys, security logging/auditing, and managed TLS/DCV changes. |\n| Integrations & Coding Patterns | L104-L108 | Guidance on generating signed SBOMs for container images, attaching them in CI/CD, and integrating software supply chain security into deployment workflows. |\n| Deployment | L109-L115 | Guides for signing and verifying container images with Notation in Azure Pipelines/GitHub Actions, plus comparing security feature availability in Azure vs Azure Government. |\n\n### Troubleshooting\n| Topic | URL |\n|-------|-----|\n| Resolve common issues with Azure Customer Lockbox | https://learn.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-faq |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Harden Azure Marketplace images before publishing | https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-marketplace-images |\n| Apply Azure data security and encryption best practices | https://learn.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices |\n| Use Azure SQL database security checklist | https://learn.microsoft.com/en-us/azure/security/fundamentals/database-security-checklist |\n| Secure Azure IaaS workloads and virtual machines | https://learn.microsoft.com/en-us/azure/security/fundamentals/iaas |\n| Apply Azure identity and access security best practices | https://learn.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices |\n| Implement Azure-specific incident response practices and tooling | https://learn.microsoft.com/en-us/azure/security/fundamentals/incident-response-overview |\n| Implement Azure network security best practices | https://learn.microsoft.com/en-us/azure/security/fundamentals/network-best-practices |\n| Apply operational security best practices for Azure assets | https://learn.microsoft.com/en-us/azure/security/fundamentals/operational-best-practices |\n| Secure Azure App Service web and mobile applications | https://learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-app-services |\n| Secure PaaS databases with Azure SQL and Synapse | https://learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-sql |\n| Secure PaaS web and mobile apps using Azure Storage | https://learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-storage |\n| Design and operate secure Azure PaaS deployments | https://learn.microsoft.com/en-us/azure/security/fundamentals/paas-deployments |\n| Prepare Azure environments to withstand ransomware attacks | https://learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-prepare |\n| Apply Azure-specific protections against ransomware attacks | https://learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-protection |\n| Protect secrets across Azure services and pipelines | https://learn.microsoft.com/en-us/azure/security/fundamentals/secrets-best-practices |\n| Apply security best practices to Azure Service Fabric | https://learn.microsoft.com/en-us/azure/security/fundamentals/service-fabric-best-practices |\n| Implement five-step checklist to secure Entra ID | https://learn.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity |\n| Prevent Azure subdomain takeover with DNS and App Service | https://learn.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Select the right Azure key management solution | https://learn.microsoft.com/en-us/azure/security/fundamentals/key-management-choose |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Enforce AKS image signature validation with Ratify and Azure Policy | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/validating-image-signatures-using-ratify-aks |\n| Implement auditing and logging mitigations with Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-auditing-and-logging |\n| Implement authentication mitigations with Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-authentication |\n| Mitigate authorization threats in Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-authorization |\n| Secure communications based on Threat Modeling Tool findings | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-communication-security |\n| Harden configuration management using Threat Modeling Tool mitigations | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-configuration-management |\n| Implement cryptography mitigations from Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-cryptography |\n| Secure exception management using Threat Modeling Tool guidance | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-exception-management |\n| Apply secure input validation mitigations from Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-input-validation |\n| Protect sensitive data using Threat Modeling Tool mitigations | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-sensitive-data |\n| Implement secure session management from Threat Modeling Tool | https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-session-management |\n| Apply Azure-specific security best practices for AI workloads | https://learn.microsoft.com/en-us/azure/security/fundamentals/ai-security-best-practices |\n| Configure Microsoft Antimalware in Azure with PowerShell | https://learn.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples |\n| Use Azure Certificate Authority roots and requirements | https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-certificate-authority-details |\n| Design Azure backup and restore plan against ransomware | https://learn.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to-protect-against-ransomware |\n| Implement Azure resource security best practices | https://learn.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns |\n| Configure alternate email notifications for Customer Lockbox | https://learn.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-alternative-email |\n| Review Azure SQL Database built-in security features | https://learn.microsoft.com/en-us/azure/security/fundamentals/infrastructure-sql |\n| Apply Azure operational security checklist actions | https://learn.microsoft.com/en-us/azure/security/fundamentals/operational-checklist |\n| Understand security access methods for Azure production network | https://learn.microsoft.com/en-us/azure/security/fundamentals/production-network |\n| Understand Azure controls for protection of customer data | https://learn.microsoft.com/en-us/azure/security/fundamentals/protection-customer-data |\n| Detect and respond to ransomware using Azure security tools | https://learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-detect-respond |\n| Use Azure-native features to protect against ransomware | https://learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-features-resources |\n| Configure Azure Firewall Premium to mitigate ransomware | https://learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-protection-with-azure-firewall |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Configure Dependabot and Copacetic for container security | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/container-secure-supply-chain-implementation/cssc-depenadabot-quickstart |\n| Configure firewalls using Azure domain patterns | https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-domains |\n| Identify Azure services supporting customer-managed keys | https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-customer-managed-keys-support |\n| Configure and analyze Azure security logging and auditing | https://learn.microsoft.com/en-us/azure/security/fundamentals/log-audit |\n| Adapt to upcoming Azure managed TLS and DCV changes | https://learn.microsoft.com/en-us/azure/security/fundamentals/managed-tls-changes |\n\n### Integrations & Coding Patterns\n| Topic | URL |\n|-------|-----|\n| Create and attach signed SBOMs to container images | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/attach-sbom |\n\n### Deployment\n| Topic | URL |\n|-------|-----|\n| Sign and verify container images in Azure Pipelines with Notation | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/notation-ado-task-sign |\n| Sign container images with Notation in GitHub Actions | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/notation-sign-gha |\n| Verify container image signatures with Notation in GitHub Actions | https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/verify-gha |\n| Check Azure vs Azure Government security feature availability | https://learn.microsoft.com/en-us/azure/security/fundamentals/feature-availability |","tags":["azure","security","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions","azure-kubernetes-service"],"capabilities":["skill","source-microsoftdocs","skill-azure-security","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-security","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 549 github stars · SKILL.md body (11,581 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:53:58.790Z","embedding":null,"createdAt":"2026-04-18T22:00:02.668Z","updatedAt":"2026-05-18T18:53:58.790Z","lastSeenAt":"2026-05-18T18:53:58.790Z","tsv":"'/en-us/azure/security/container-secure-supply-chain/articles/attach-sbom':956 '/en-us/azure/security/container-secure-supply-chain/articles/container-secure-supply-chain-implementation/cssc-depenadabot-quickstart':897 '/en-us/azure/security/container-secure-supply-chain/articles/notation-ado-task-sign':972 '/en-us/azure/security/container-secure-supply-chain/articles/notation-sign-gha':983 '/en-us/azure/security/container-secure-supply-chain/articles/validating-image-signatures-using-ratify-aks':635 '/en-us/azure/security/container-secure-supply-chain/articles/verify-gha':995 '/en-us/azure/security/develop/threat-modeling-tool-auditing-and-logging':647 '/en-us/azure/security/develop/threat-modeling-tool-authentication':657 '/en-us/azure/security/develop/threat-modeling-tool-authorization':667 '/en-us/azure/security/develop/threat-modeling-tool-communication-security':678 '/en-us/azure/security/develop/threat-modeling-tool-configuration-management':689 '/en-us/azure/security/develop/threat-modeling-tool-cryptography':699 '/en-us/azure/security/develop/threat-modeling-tool-exception-management':710 '/en-us/azure/security/develop/threat-modeling-tool-input-validation':722 '/en-us/azure/security/develop/threat-modeling-tool-sensitive-data':733 '/en-us/azure/security/develop/threat-modeling-tool-session-management':744 '/en-us/azure/security/fundamentals/ai-security-best-practices':757 '/en-us/azure/security/fundamentals/antimalware-code-samples':767 '/en-us/azure/security/fundamentals/azure-certificate-authority-details':777 '/en-us/azure/security/fundamentals/azure-domains':906 '/en-us/azure/security/fundamentals/azure-marketplace-images':422 '/en-us/azure/security/fundamentals/backup-plan-to-protect-against-ransomware':788 '/en-us/azure/security/fundamentals/best-practices-and-patterns':797 '/en-us/azure/security/fundamentals/customer-lockbox-alternative-email':807 '/en-us/azure/security/fundamentals/customer-lockbox-faq':409 '/en-us/azure/security/fundamentals/data-encryption-best-practices':433 '/en-us/azure/security/fundamentals/database-security-checklist':442 '/en-us/azure/security/fundamentals/encryption-customer-managed-keys-support':917 '/en-us/azure/security/fundamentals/feature-availability':1006 '/en-us/azure/security/fundamentals/iaas':452 '/en-us/azure/security/fundamentals/identity-management-best-practices':463 '/en-us/azure/security/fundamentals/incident-response-overview':475 '/en-us/azure/security/fundamentals/infrastructure-sql':819 '/en-us/azure/security/fundamentals/key-management-choose':619 '/en-us/azure/security/fundamentals/log-audit':928 '/en-us/azure/security/fundamentals/managed-tls-changes':940 '/en-us/azure/security/fundamentals/network-best-practices':484 '/en-us/azure/security/fundamentals/operational-best-practices':495 '/en-us/azure/security/fundamentals/operational-checklist':828 '/en-us/azure/security/fundamentals/paas-applications-using-app-services':506 '/en-us/azure/security/fundamentals/paas-applications-using-sql':517 '/en-us/azure/security/fundamentals/paas-applications-using-storage':529 '/en-us/azure/security/fundamentals/paas-deployments':539 '/en-us/azure/security/fundamentals/production-network':839 '/en-us/azure/security/fundamentals/protection-customer-data':850 '/en-us/azure/security/fundamentals/ransomware-detect-respond':862 '/en-us/azure/security/fundamentals/ransomware-features-resources':874 '/en-us/azure/security/fundamentals/ransomware-prepare':549 '/en-us/azure/security/fundamentals/ransomware-protection':560 '/en-us/azure/security/fundamentals/ransomware-protection-with-azure-firewall':884 '/en-us/azure/security/fundamentals/secrets-best-practices':570 '/en-us/azure/security/fundamentals/service-fabric-best-practices':581 '/en-us/azure/security/fundamentals/steps-secure-identity':593 '/en-us/azure/security/fundamentals/subdomain-takeover':605 '/microsoftdocs/mcp/blob/main/readme.md)':161 '3':132 'accept':200 'access':166,222,457,831 'across':563 'action':386,825,980,992 'adapt':929 'agent':81,125,184,198 'ai':753 'ak':26,300,624 'altern':799 'analyz':920 'antimalwar':310,760 'app':276,498,523,601 'app-manag':275 'app/database':257 'appli':423,453,485,550,571,711,745,820 'applic':503 'approval/denial':225 'asset':492 'attach':357,948 'attack':546,557 'audit':637,925 'authent':649 'author':659,771 'avail':151,391,1003 'azur':2,7,38,47,217,245,267,295,305,322,384,393,395,404,415,424,435,444,454,466,477,491,497,511,525,534,541,552,564,576,595,613,631,747,762,769,779,790,809,821,834,841,857,865,876,901,908,921,932,966,997,999 'azure-n':864 'azure-secur':1 'azure-specif':465,551,746 'backup':780 'base':670 'best':12,51,234,315,410,429,459,480,488,573,750,793 'built':813 'built-in':812 'capabl':73 'categori':84,92,108,204,206 'certif':311,770 'chain':365 'chang':342,937 'check':996 'checklist':241,439,586,824 'choos':266 'ci/cd':360 'code':19,58,344,942 'combin':63 'common':216,401 'communic':669 'compar':388 'complianc':281 'configur':17,56,228,317,321,680,758,798,875,885,888,898,918 'contain':28,325,355,379,893,952,963,974,985 'content':68,170 'control':842 'copacet':891 'cover':49 'creat':946 'cryptographi':691 'custom':37,218,334,405,803,846,912 'customer-manag':333,911 'data':249,425,725,847 'databas':437,509,811 'dcv':936 'decis':14,53,259,606 'defens':253,304 'dependabot':889 'dependabot/copacetic':327 'deploy':22,61,368,370,536,957 'descript':208 'design':530,778 'detect':851 'develop':9 'diagnos':213 'dns':599 'doc':176 'document':71,169 'domain':331,902 'e.g':96,112 'email':800 'encrypt':250,428 'enforc':623 'entra':589 'environ':542 'error':226 'except':701 'expert':4,44 'fabric':578 'failur':233 'fallback':188 'featur':324,390,816,867,1002 'fetch':72,168,177,190 'file':102,110,117,122 'find':675 'firewal':328,877,899 'five':584 'five-step':583 'generat':351 'github':979,991 'github.com':160 'github.com/microsoftdocs/mcp/blob/main/readme.md)':159 'govern':396,1000 'guid':158,374 'guidanc':45,264,349,707 'harden':240,293,414,679 'hsm':274 'iaa':445 'iaas/paas':246 'id':590 'ident':247,455 'identifi':907 'imag':29,301,356,380,417,625,953,964,975,986 'implement':464,476,582,636,648,690,734,789 'import':79,123 'incid':254,468 'includ':10,221,279 'index':85,205 'input':713 'instal':155,157 'integr':18,57,284,343,362,941 'issu':220,402 'key':33,35,268,271,278,336,614,914 'knowledg':5 'l103':320 'l104':347 'l104-l108':346 'l108':348 'l109':372 'l109-l115':371 'l115':373 'l120':99 'l35':98,211 'l35-l120':97 'l35-l39':210 'l39':212 'l40':237 'l40-l61':236 'l61':238 'l62':262 'l62-l66':261 'l66':263 'l67':290 'l67-l94':289 'l94':291 'l95':319 'l95-l103':318 'latest':140 'learn':183,197 'learn-agent-skil':182,196 'learn.microsoft.com':408,421,432,441,451,462,474,483,494,505,516,528,538,548,559,569,580,592,604,618,634,646,656,666,677,688,698,709,721,732,743,756,766,776,787,796,806,818,827,838,849,861,873,883,896,905,916,927,939,955,971,982,994,1005 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/attach-sbom':954 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/container-secure-supply-chain-implementation/cssc-depenadabot-quickstart':895 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/notation-ado-task-sign':970 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/notation-sign-gha':981 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/validating-image-signatures-using-ratify-aks':633 'learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/verify-gha':993 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-auditing-and-logging':645 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-authentication':655 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-authorization':665 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-communication-security':676 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-configuration-management':687 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-cryptography':697 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-exception-management':708 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-input-validation':720 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-sensitive-data':731 'learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-session-management':742 'learn.microsoft.com/en-us/azure/security/fundamentals/ai-security-best-practices':755 'learn.microsoft.com/en-us/azure/security/fundamentals/antimalware-code-samples':765 'learn.microsoft.com/en-us/azure/security/fundamentals/azure-certificate-authority-details':775 'learn.microsoft.com/en-us/azure/security/fundamentals/azure-domains':904 'learn.microsoft.com/en-us/azure/security/fundamentals/azure-marketplace-images':420 'learn.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to-protect-against-ransomware':786 'learn.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns':795 'learn.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-alternative-email':805 'learn.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-faq':407 'learn.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices':431 'learn.microsoft.com/en-us/azure/security/fundamentals/database-security-checklist':440 'learn.microsoft.com/en-us/azure/security/fundamentals/encryption-customer-managed-keys-support':915 'learn.microsoft.com/en-us/azure/security/fundamentals/feature-availability':1004 'learn.microsoft.com/en-us/azure/security/fundamentals/iaas':450 'learn.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices':461 'learn.microsoft.com/en-us/azure/security/fundamentals/incident-response-overview':473 'learn.microsoft.com/en-us/azure/security/fundamentals/infrastructure-sql':817 'learn.microsoft.com/en-us/azure/security/fundamentals/key-management-choose':617 'learn.microsoft.com/en-us/azure/security/fundamentals/log-audit':926 'learn.microsoft.com/en-us/azure/security/fundamentals/managed-tls-changes':938 'learn.microsoft.com/en-us/azure/security/fundamentals/network-best-practices':482 'learn.microsoft.com/en-us/azure/security/fundamentals/operational-best-practices':493 'learn.microsoft.com/en-us/azure/security/fundamentals/operational-checklist':826 'learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-app-services':504 'learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-sql':515 'learn.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-storage':527 'learn.microsoft.com/en-us/azure/security/fundamentals/paas-deployments':537 'learn.microsoft.com/en-us/azure/security/fundamentals/production-network':837 'learn.microsoft.com/en-us/azure/security/fundamentals/protection-customer-data':848 'learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-detect-respond':860 'learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-features-resources':872 'learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-prepare':547 'learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-protection':558 'learn.microsoft.com/en-us/azure/security/fundamentals/ransomware-protection-with-azure-firewall':882 'learn.microsoft.com/en-us/azure/security/fundamentals/secrets-best-practices':568 'learn.microsoft.com/en-us/azure/security/fundamentals/service-fabric-best-practices':579 'learn.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity':591 'learn.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover':603 'line':94,106,207 'link':111,120 'local':64 'locat':88 'lockbox':219,406,804 'log':639,923 'logging/auditing':338 'machin':449 'make':15,54,260,607 'manag':269,273,277,335,340,615,681,702,737,913,933 'markdown':187,203 'marketplac':416 'mcp':146,173 'metadata.generated':127 'method':832 'microsoft':175,759 'microsoftdoc':147,174 'mitig':299,640,650,658,686,692,715,730,880 'mobil':502,522 'model':298,643,653,663,673,684,695,705,718,728,740 'month':133 'nativ':866 'network':165,248,308,478,836 'notat':31,382,969,977,989 'notif':801 'off':287 'old':134 'oper':313,486,532,822 'option':270 'paa':508,519,535 'pattern':20,59,243,332,345,903,943 'perform':282 'permiss':231 'permission-rel':230 'pipelin':567,967 'pipelines/github':385 'plan':783 'plus':387 'polici':632 'powershel':764 'practic':13,52,235,316,411,430,460,470,481,489,574,751,794 'prefer':171 'premium':878 'prepar':540 'prevent':594 'problem':224 'product':835 'protect':258,309,554,561,723,844,869 'provid':43 'publish':419 'pull':138 'queri':179,193 'quick':66 'quick-refer':65 'rang':95 'ransomwar':252,303,545,556,785,855,871,881 'ratifi':629 'read':101,116 'refer':67,121 'relat':232 'relev':89 'remot':70 'repositori':144 'request':223 'requir':164,774 'resolv':215,400 'resourc':791 'respond':853 'respons':255,469 'restor':782 'return':186,202 'review':808 'right':612 'root':772 'rule':329 'sbom':30,353,950 'scan':326 'secret':251,562 'section':90 'secur':3,8,16,25,39,48,55,239,280,288,292,314,323,337,366,389,426,438,443,458,479,487,496,507,518,533,572,588,620,668,700,712,735,749,792,815,823,830,858,894,922,1001 'security.md':113,114 'select':610 'sensit':724 'servic':499,565,577,602,909 'session':736 'sign':32,302,352,376,949,960,973 'signatur':626,987 'skill':40,42,78,163,185,199 'skill-azure-security' 'softwar':363 'solut':616 'source-microsoftdocs' 'specif':467,553,748 'specifi':105 'sql':306,436,512,810 'step':585 'storag':526 'string':180,194 'subdomain':596 'suggest':135,152 'suppli':364 'support':910 'synaps':514 'takeov':597 'text/markdown':201 'threat':297,642,652,660,662,672,683,694,704,717,727,739 'tls':934 'tls/dcv':341 'tool':148,472,644,654,664,674,685,696,706,719,729,741,859 'topic':398,412,608,621,886,944,958 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'trade':286 'trade-off':285 'troubleshoot':11,50,209,397 'understand':829,840 'upcom':931 'url':399,413,609,622,887,945,959 'use':23,76,82,100,115,172,189,434,524,682,703,726,768,856,863,900 'user':137,154 'valid':627,714 'vault':272 'vault/hsm':34 'verifi':378,962,984 'version':141 'via':330 'virtual':448 'vs':394,998 'web':500,520 'webpag':191 'withstand':544 'workflow':369 'workload':296,446,754","prices":[{"id":"07eadc1a-39b1-434e-87c9-419e45b2e5e9","listingId":"4cd1d15a-826a-4b0b-a99d-e4df63a53b22","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T22:00:02.668Z"}],"sources":[{"listingId":"4cd1d15a-826a-4b0b-a99d-e4df63a53b22","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-security","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-security","isPrimary":false,"firstSeenAt":"2026-04-18T22:00:02.668Z","lastSeenAt":"2026-05-18T18:53:58.790Z"}],"details":{"listingId":"4cd1d15a-826a-4b0b-a99d-e4df63a53b22","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-security","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":549,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-05-17T02:50:05Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"d12564473ecfa6f2f7129453d15c55bc42f773e1","skill_md_path":"skills/azure-security/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-security"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-security","description":"Expert knowledge for Azure Security development including troubleshooting, best practices, decision making, security, configuration, integrations & coding patterns, and deployment. Use when securing AKS and container images, SBOMs, Notation signing, Key Vault/HSM keys, or Customer Lockbox, and other Azure Security related development tasks. Not for Azure Defender For Cloud (use azure-defender-for-cloud), Azure Sentinel (use azure-sentinel), Azure DDos Protection (use azure-ddos-protection), Azure Web Application Firewall (use azure-web-application-firewall).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-security"},"updatedAt":"2026-05-18T18:53:58.790Z"}}