Sample Azure SecurityIQ Report

Prepared by MTSL DevOps Team

📅 Assessment Date: January 14, 2026
Motherson Logo
⚠️

Security Posture Assessment Complete

Your Azure Security Score is 58.72% (25.24/43 points). Several security controls require attention to strengthen your environment's defense posture.

📊
Security Score
58.72%
25.24 / 43 points
🔴
Critical Findings
3
Requires urgent remediation
🟠
High Severity
7
Action within 14 days
🏗️
Resources Assessed
200+
Across 48 resource groups

📊 Security Score Overview

58.72%
25.24 / 43 points
Security Score

Control Categories

Enable MFA
100%
Protect data in transit
89%
Enable encryption at rest
72%
Apply system updates
65%
Restrict network access
58%
Remediate security configs
42%

🔴 Critical Security Findings

Urgent Remediation Required
Critical

Unencrypted Data in Transit for APIs

12 Resources

12 API endpoints are not enforcing HTTPS/TLS encryption for data in transit. This allows potential interception of sensitive data during transmission. All API endpoints must enforce TLS 1.2 or higher to protect data confidentiality and integrity.

📋 Enable HTTPS enforcement → Configure TLS 1.2 minimum
Critical

Privileged Access Management Not Configured

5 Resources

5 critical resources lack Privileged Access Management (PAM) controls. Without PAM, there's no audit trail for privileged operations, and no ability to enforce just-in-time access. This creates significant risk for unauthorized administrative actions.

📋 Implement Azure PIM → Configure access reviews
Critical

Database Backup Retention Policy Missing

8 Resources

8 databases do not have backup retention policies configured. Without proper backup retention, you cannot recover from ransomware attacks or data corruption incidents. Backup retention should be configured for at least 30 days with geo-redundancy.

📋 Configure backup retention policies → Enable geo-redundant backups

🟠 High Severity Findings

Action Within 14 Days
High

Logging Not Enabled for Critical Resources

18 Resources

18 critical resources do not have diagnostic logging enabled. Without logging, you cannot detect security incidents, troubleshoot issues, or maintain compliance audit trails. Enable diagnostic logging for all critical resources and send logs to a centralized Log Analytics workspace.

📋 Enable diagnostic settings → Configure Log Analytics retention
High

Weak Password Policies on User Accounts

24 Resources

24 user accounts are configured with weak password policies. Weak passwords are vulnerable to brute force attacks. Enforce strong password requirements including minimum length of 14 characters, complexity requirements, and regular password rotation policies.

📋 Update password policies → Enforce complexity requirements
High

Insufficient Role-Based Access Control (RBAC)

Multiple

Several resources have overly permissive RBAC assignments. Users and service principals have more permissions than necessary for their roles. Implement the principle of least privilege by assigning only the minimum required permissions.

📋 Audit RBAC assignments → Apply least privilege principle
High

Secrets Stored in Application Configuration

Multiple

Secrets and connection strings are stored in plain text within application configuration files and environment variables. This exposes sensitive credentials to unauthorized access. Migrate all secrets to Azure Key Vault with proper access controls.

📋 Migrate secrets to Key Vault → Configure managed identities
High

Outdated TLS Versions in Use

Multiple

Some services are still accepting TLS 1.0 and 1.1 connections. These older versions have known vulnerabilities. Disable TLS 1.0 and 1.1, and enforce TLS 1.2 or higher across all services.

📋 Disable legacy TLS versions → Enforce TLS 1.2 minimum
High

Missing Security Headers on Web Applications

6 Resources

Web applications are missing critical security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options. These headers protect against common web vulnerabilities like XSS and clickjacking attacks.

📋 Configure security headers → Implement WAF rules

🟡 Medium Severity Findings

Action Within 30 Days
Medium

Resource Tagging Not Standardized

42 Resources

42 resources lack consistent tagging standards. Proper tagging is essential for cost allocation, resource organization, and compliance tracking. Implement a standardized tagging strategy across all resources.

📋 Define tagging policy → Apply tags to resources
Medium

Monitoring Alerts Not Configured

Multiple

Critical resources lack monitoring alerts for security events. Without alerts, security incidents may go undetected. Configure alerts for failed authentication attempts, privilege escalation, and unusual resource access patterns.

📋 Configure Azure Monitor alerts → Set up action groups
Medium

Compliance Standards Not Documented

Environment

Security compliance standards and policies are not formally documented. Documentation is essential for maintaining compliance with regulations like HIPAA, PCI-DSS, or SOC 2. Create and maintain security policy documentation.

📋 Document security policies → Establish compliance framework
Medium

Disaster Recovery Plan Not Tested

Multiple

Disaster recovery and business continuity plans have not been tested recently. Regular testing ensures that recovery procedures work as expected. Conduct quarterly DR drills and document results.

📋 Schedule DR testing → Document recovery procedures
Medium

Unused Resources Not Cleaned Up

15 Resources

15 unused resources (unattached disks, unused public IPs, orphaned NICs) are still provisioned and incurring costs. These resources also increase the attack surface. Implement a resource cleanup policy and remove unused resources regularly.

📋 Identify unused resources → Remove orphaned resources

🔍 Security Controls Assessment

Control Category Score Status Unhealthy Resources Priority
Enable MFA 3 / 3 Healthy 0 Complete
Protect data in transit 2.66 / 3 Healthy Minor issues Low
Enable encryption at rest 2.88 / 4 Needs Improvement 12 resources Medium
Apply system updates 2.6 / 6 Needs Improvement 18 machines High
Remediate security configurations 1.68 / 4 Unhealthy 24 resources High
Restrict unauthorized network access 2.5 / 4 Needs Improvement 12 resources High
Secure management ports 2.1 / 3 Needs Improvement 8 VMs Medium
Enable endpoint protection 2.5 / 3 Needs Improvement 5 machines Medium
Enable auditing and logging 2.91 / 4 Needs Improvement 18 resources High
Remediate vulnerabilities 1.5 / 6 Unhealthy Multiple Critical

💾 Application Security Analysis

15 Web Applications Assessed
Application HTTPS Enforced Security Headers WAF Enabled Risk Level
API Gateway - Production Enabled Missing Enabled High
Customer Portal Enabled Missing Disabled High
Admin Dashboard Enabled Configured Enabled Low
Mobile API Endpoint Disabled Missing Disabled Critical
Reporting Service Enabled Partial Enabled Medium
Integration API Enabled Missing Partial High
Other Applications (9) Enabled Partial Partial Medium

Remediation Action Plan

🔴 Immediate Actions (48-72 Hours)

  • ✓ Enforce HTTPS on all API endpoints
  • ✓ Implement Privileged Access Management (PIM)
  • ✓ Configure database backup retention policies
  • ✓ Enable TLS 1.2 minimum enforcement

🟡 Short-term Actions (1-2 Weeks)

  • ✓ Add security headers to web applications
  • ✓ Enable diagnostic logging for all resources
  • ✓ Migrate secrets to Azure Key Vault
  • ✓ Enforce strong password policies

🟢 Long-term Actions (1-3 Months)

  • ✓ Implement standardized tagging strategy
  • ✓ Configure comprehensive monitoring alerts
  • ✓ Document security compliance standards
  • ✓ Conduct quarterly disaster recovery drills

🛡️ Security Score Improvement Target

58.72%
Current Score
72%
30-Day Target
85%+
90-Day Target

Implementing critical and high-priority recommendations can improve your security score by up to 26+ points

* Security recommendations, timelines, and improvement targets are subject to change based on further assessment of the environment and business requirements.