Azure Clarity
Remediation Blueprint | Client: Contoso Federal | Tenant: contoso-fed.onmicrosoft.com | Scanned: 2026-02-19 14:32 UTC
Overall Security Posture
C+
74 / 100
Needs Attention
↑ Initial scan — baseline established
Findings Summary
Critical
7
Immediate action required
High
14
30-day remediation
Medium
23
90-day remediation
Low
11
Best practice
Compliance Overview
Total Checks
187
Across 9 modules
Compliant
132
70.6% pass rate
Non-Compliant
55
Requires remediation
Subscriptions
4
Scanned
Module Scores — Core
Identity & Access
62
Network Security
71
Data Protection
84
Logging & Monitoring
58
Defender Config
76
Module Scores — Governance & AI
Governance & Policy
88
CIS Benchmark v3.0
69
AI Security
45
Copilot Readiness
38
Findings by Severity
Critical 7
High 14
Medium 23
Low 11
All
Non-Compliant
Compliant
Critical
High
Medium
Low
55 findings
Check ID Module Check Name Severity Status Resource CIS Ref
AI Resource Inventory — 3 resources discovered across 2 subscriptions
contoso-openai-prod
Microsoft.CognitiveServices/OpenAI
Public
Network Access Enabled — No restrictions
Private Endpoints 0
Local Auth Enabled
Managed Identity None
Content Filter Custom — reduced
Model gpt-4o / 2024-05-13
RBAC Users 12 (3 Contributor)
contoso-openai-dev
Microsoft.CognitiveServices/OpenAI
IP Restricted
Network Access IP rules: 2
Private Endpoints 0
Local Auth Enabled
Managed Identity SystemAssigned
Content Filter Default (Microsoft)
Model gpt-4o-mini / 2024-07-18
RBAC Users 4 (0 Contributor)
contoso-ml-workspace
Microsoft.MachineLearningServices
Private
Network Access Disabled
Private Endpoints 2
Managed Identity SystemAssigned
Compute Instances 3 active
Data Stores Encrypted at rest
RBAC Users 6 (1 Contributor)
AI Governance Policies
Cognitive Services — Disable public network access
Not Assigned
Cognitive Services — Use private link
Not Assigned
Cognitive Services — Restrict network access
Not Assigned
Cognitive Services — Disable local auth
Not Assigned
Shadow AI Discovery — Defender for Cloud Apps (Last 30 Days)
ChatGPT / OpenAI
47 users · 1,284 sessions
2.3 GB
uploaded
Google Gemini
18 users · 342 sessions
840 MB
uploaded
Claude (Anthropic)
12 users · 198 sessions
420 MB
uploaded
Midjourney
6 users · 89 sessions
180 MB
uploaded
Cursor IDE
3 users · 412 sessions
1.1 GB
code context
GitHub Copilot (Personal)
8 users · 2,100+ sessions
3.4 GB
code context
Copilot Readiness Score
38
Not Ready — Critical risk of data exposure
Readiness Checks
SharePoint Oversharing
25
Sensitivity Labels
15
DLP Policies
40
Conditional Access
65
License Governance
50
SharePoint Sites with "Everyone Except External Users" Access — Top Exposure Risk for Copilot
https://contoso.sharepoint.com/sites/HR-Benefits
Everyone except external · Members
4,218 docs
https://contoso.sharepoint.com/sites/Finance-Planning
Everyone except external · Members
2,891 docs
https://contoso.sharepoint.com/sites/ExecutiveComms
Everyone except external · Visitors
1,547 docs
https://contoso.sharepoint.com/sites/Legal-Contracts
Everyone except external · Members
3,102 docs
https://contoso.sharepoint.com/sites/IT-Infrastructure
Everyone except external · Owners
892 docs
https://contoso.sharepoint.com/sites/AllCompany
Everyone except external · Members
6,340 docs
Sensitivity Labels Status
Labels Published
3 labels
Labels Applied (30d)
8%
Auto-labeling Policies
None
Default Label Policy
Not Set
Copilot License Distribution
M365 Copilot Licensed
150 users
Org-wide rollout
Yes ⚠
Targeted Groups
None
Copilot Usage Policy
Not Found