AuditForge automates the data collection layer of Azure environment audits across 9 categories — IAM, networking, security, cost, reliability, and more. So your architect spends time on judgment calls, not query runs.
Two architects can't run 15 Azure audits simultaneously when every data collection step is done by hand. AuditForge removes the bottleneck.
The audit and the remediation are always separate commercial engagements. This is not a structural quirk — it is the model. You don't buy conclusions before you have findings.
AuditForge collects environment data across 9 categories. The architect reviews, applies judgment, and delivers a structured report with prioritized findings — severity-scored, action-ready.
Only after the audit report is reviewed and accepted. A separate scope, separate proposal, separate engagement — based on the findings from Engagement 1. Never bundled upfront.
AuditForge handles the data layer. The architect handles the analysis. Three phases, three mandatory human checkpoints.
Client grants Reader access via a dedicated vendor account. AuditForge never requests Contributor or Owner permissions. Scope is locked — no changes outside the agreed subscription boundary.
AuditForge runs structured Azure CLI and Python queries across 9 audit categories. Raw data is collected, normalized, and surfaced as structured findings with preliminary severity flags for architect review.
The architect reviews all findings, applies contextual judgment, confirms or adjusts severity scores, and triggers the Word report generator. Client receives a structured report — executive summary, technical detail, and remediation priority matrix.
Every AuditForge engagement covers all 9 categories by default. Category 9 is architect-only — AuditForge surfaces utilization metrics; sizing decisions require business context only your team has.
Entra ID roles, privileged assignments, service principals, MFA coverage, Conditional Access, guest account posture.
VNet topology, NSG rule analysis, peering posture, Private DNS zones, public IP exposure, NVA coverage.
Defender for Cloud coverage and recommendations, Policy assignments, secure score by subscription, Key Vault access patterns.
VM inventory, SKU utilization, availability set vs zone coverage, unmanaged disks, orphaned resources, patch compliance.
Storage account security posture, public blob access, encryption at rest, soft delete, SQL TDE, Cosmos DB configuration.
Log Analytics workspace coverage, diagnostic settings per resource, alert rule audit, Azure Monitor gaps, Activity Log retention.
Tagging compliance across subscriptions, budget alert coverage, idle resource detection, Advisor cost recommendations, orphaned resource audit.
Backup coverage per VM and database, Recovery Services vaults, availability zone distribution, SLA exposure analysis.
Raw utilization metrics surfaced by AuditForge — CPU, memory, IOPS, Reserved Instance coverage. Sizing conclusions require architect judgment and client business context.
Every finding is scored by probability × impact. The architect reviews all preliminary scores before report generation — no automated severity is final.
| Level | Definition | Example | Expected action |
|---|---|---|---|
| Critical | Active risk, likely exploitable, regulatory breach | Public SA with sensitive data, no MFA on Global Admin | Remediate within 24–48 hours |
| High | Significant exposure, not immediately exploitable | NSG allows 0.0.0.0/0 inbound on non-standard port | Remediate within 1–2 weeks |
| Medium | Deviation from best practice, limited direct impact | Missing diagnostic settings on 30% of resources | Address in next sprint cycle |
| Low | Hygiene gap, minor risk, no compliance impact | Incomplete resource tagging, soft delete disabled | Include in ongoing governance backlog |
| Informational | Observation only, no action required | Legacy SKU in use but within support lifecycle | Document for future planning |
AuditForge requires a Reader role assigned to a dedicated HelixLab vendor account — never Contributor, never Owner, never your own credentials. The principle: if data collection requires write access, it's not audit data collection. All access is revoked at engagement close.
Every AuditForge engagement delivers a structured, professional report alongside all underlying data — no findings without evidence, no evidence without traceability.
A professional Word document with executive summary and full technical section. Organized by category, severity-sorted, with finding IDs for traceability.
The structured JSON findings file behind the report. Every flag, every metric, every data point that informed the report — delivered in machine-readable format for your own tooling.
A prioritized action list — sortable by severity, category, or effort. Designed to feed directly into Engagement 2 scoping if the client proceeds to remediation.
A structured walkthrough of the findings with the lead architect. Review the report, ask questions about any finding, and align on which items require immediate action before Engagement 2 is considered.
The audit engagement is fixed-price. No hourly rates, no scope creep, no surprises. Engagement 2 is scoped and quoted separately after findings are reviewed.
A complete Azure environment audit delivered as a structured report with severity-ranked findings, a remediation priority matrix, and a 60-minute architect review session.
Most Azure environments accumulate technical debt in silence. AuditForge makes it visible — prioritized, structured, and actionable — before it becomes a breach or a budget problem.