Governance & Compliance
Policy enforcement, audit trails and risk management
Compliance Score
96%
3% vs last month
Active Policies
6
2% new this month
Audit Events (7d)
6
5% vs last week
Open Risks
3
1% vs last week
Compliance Frameworks
Azure Policy79%
142 ControlsPassed: 112Failed: 30
CIS Azure v2.085%
100 ControlsPassed: 85Failed: 15
ISO 27001:202292%
114 ControlsPassed: 105Failed: 9
NIST CSF 2.073%
108 ControlsPassed: 79Failed: 29
Policy Management
| Policy Name | Scope | Effect | Compliance |
|---|---|---|---|
| Require HTTPS on App Services | Subscription | Deny | 98% |
| Audit SQL Server TDE | RG-Cockpit | Audit | 100% |
| Allowed locations: East US 2 | Subscription | Deny | 96% |
| Require tag: Environment | Subscription | Append | 84% |
| Audit VMs without managed disks | RG-Cockpit | Audit | 100% |
| Disable public network access on SQL | RG-Cockpit | Deny | 100% |
Risk Register
Unpatched critical CVEs on API VMsOpen
Security•L: HighI: HighSecOps
No MFA on break-glass accountsMitigated
Identity•L: MediumI: HighIAM Team
SQL backups not geo-redundantOpen
Resilience•L: LowI: HighDBA
Expired TLS certificate on legacy APIAccepted
Security•L: MediumI: MediumDevOps
Insufficient logging retention (30d)Open
Compliance•L: LowI: MediumOps
Audit Log
| Timestamp | User | Action | Resource | Result |
|---|---|---|---|---|
| 2026-06-14 22:01 | john.doe@contoso.com | Delete | vm-api-prod-01 | failure |
| 2026-06-14 21:47 | admin@contoso.com | PolicyAssign | RG-Cockpit | success |
| 2026-06-14 20:33 | jane.smith@contoso.com | RoleAssign | sql-cockpit-dev | success |
| 2026-06-14 18:55 | deploy-sp | Deploy | app-cockpit-web-dev | success |
| 2026-06-14 17:22 | john.doe@contoso.com | ConfigChange | kv-cockpit-dev | warning |
| 2026-06-14 16:10 | admin@contoso.com | Create | storage-ingestion-dev | success |