A GitHub Copilot custom agent for Azure Policy governance reviews.

This repository contains a production-oriented agent definition focused on single-pass compliance analysis, standards mapping, and actionable remediation guidance.

The agent in .github/agents/azure-policy-analyzer.agent.md is designed to:

• Analyze Azure Policy posture across the highest readable scope (management group -> subscription -> resource group)
• Map findings to:
  • NIST SP 800-53 Rev. 5
  • Microsoft Cloud Security Benchmark (MCSB)
  • CIS Azure Foundations
  • ISO 27001
  • PCI DSS
  • SOC 2
• Produce structured, executive-ready reports in a single pass
• Include concrete remediation commands for high-impact findings
• Prefer Azure MCP data sources and clearly declare fallback behavior

• .github/agents/azure-policy-analyzer.agent.md: Primary custom agent definition

• Visual Studio Code with GitHub Copilot and chat enabled
• Access to Azure subscription(s)
• Azure CLI authenticated (az login) when running fallback command paths

1. Open this repository in VS Code.
2. Ensure Copilot custom agents are enabled.
3. Invoke the agent from chat and provide your audit request, for example:

Analyze my current subscription for policy exemptions and classify them by Governance Drift vs Operational Necessity.

• Analyze the compliance of my current subscription against NIST 800-53.
• Perform a single-pass compliance audit of Prod-Connectivity-RG against NIST 800-53 and identify Critical hotspots.
• Analyze my current subscription for policy exemptions and classify them by Governance Drift vs Operational Necessity.

• This agent reports control alignment and gaps; it does not issue formal compliance certification.
• Review generated remediation commands before applying changes in production.
• Avoid sharing sensitive resource identifiers publicly in issue threads.

See CONTRIBUTING.md.

See SECURITY.md.

This project is licensed under the MIT License. See LICENSE.