Skip to content

Managed-Solution-LLC/CSP-Assessment

BranchesTags

Repository files navigation

Azure Complete Assessment Tool

A comprehensive PowerShell-based assessment tool for Azure environments that combines cost optimization, security analysis, and compliance checking in one automated report.

πŸš€ Features

Cost Optimization

  • βœ… Identifies unattached disks and associated costs
  • βœ… Finds unused public IP addresses
  • βœ… Detects stopped (but not deallocated) VMs
  • βœ… Identifies Azure Hybrid Benefit opportunities
  • βœ… Analyzes license utilization and waste
  • βœ… Calculates potential monthly and annual savings

Security & Identity Management

  • πŸ” Global Administrator Analysis - Identifies excessive admin accounts
  • πŸ” Privileged Identity Management (PIM) - Checks if PIM is enabled
  • πŸ” Multi-Factor Authentication (MFA) - Analyzes MFA coverage
  • πŸ” Conditional Access Policies - Reviews CA policy configuration
  • πŸ” Network Security Groups - Flags risky NSG rules
  • πŸ” Storage Security - Identifies insecure storage accounts
  • πŸ” Backup Coverage - Finds VMs without backup protection
  • πŸ” Monitoring Status - Checks VM monitoring configuration

License & Feature Optimization

  • πŸ’³ License Analysis - Identifies unused and underutilized licenses
  • πŸ’³ Cost Breakdown - Estimates monthly waste by license type
  • πŸ“‹ Feature Detection - Identifies underutilized Azure features
    • Microsoft Defender for Cloud
    • Azure Policy
    • Azure Blueprints
    • Log Analytics
    • Conditional Access

Subscription & Permission Management

  • πŸ” Subscription Discovery - Lists all accessible subscriptions
  • βœ… Permission Verification - Validates user has proper access
  • πŸ“Š Multi-Subscription Support - Check permissions across all subscriptions

πŸ“‹ Prerequisites

Required Azure Modules

# Core Azure module
Install-Module -Name Az -Force -AllowClobber

# Azure AD modules (for identity and license checks)
Install-Module -Name AzureAD -Force -AllowClobber
Install-Module -Name AzureADPreview -Force -AllowClobber  # For PIM features

Required Permissions

  • Minimum: Reader role on subscription
  • Recommended: Reader + Security Reader
  • For Full Assessment: Global Reader or equivalent in Azure AD

Azure AD Licensing (for full security features)

  • Azure AD Free: Basic security checks
  • Azure AD Premium P1: Conditional Access policies
  • Azure AD Premium P2: Privileged Identity Management (PIM)

🎯 Quick Start

1. Connect to Azure

# Connect to Azure subscription
Connect-AzAccount

# Connect to Azure AD (for identity and license checks)
Connect-AzureAD

2. Check Your Permissions

# Verify you have access
.\Complete-Azure-Assessment.ps1 -CheckPermissions

# Check all subscriptions
.\Complete-Azure-Assessment.ps1 -SearchAllSubscriptions -CheckPermissions

3. Run the Assessment

# Run full assessment
.\Complete-Azure-Assessment.ps1 -ClientName "YourClientName"

# Run on specific subscription
.\Complete-Azure-Assessment.ps1 -ClientName "YourClientName" -SubscriptionId "your-subscription-id"

πŸ“Š What Gets Assessed

Cost Analysis ($$$)

Check Impact Action
Unattached Disks $20-500/month Delete after 30 days
Unused Public IPs $10-100/month Remove immediately
Stopped VMs $50-500/month Deallocate or delete
Azure Hybrid Benefit $100-1000/month savings Enable AHB
Unused Licenses $50-500/month Remove quarterly

Security Checks (πŸ”’)

Check Risk Level Compliance Impact
Global Admins >5 Critical SOC 2, ISO 27001
PIM Not Enabled Critical Privileged access requirement
Risky NSG Rules Critical Security breach risk
No MFA Critical Account compromise
No Backups High Data loss risk
Insecure Storage High Data exposure

Identity & Licensing (πŸ‘₯)

Check Benefit
Global Admin Count Security best practices
PIM Status Just-in-time privileged access
MFA Coverage 99.9% reduction in account compromise
Conditional Access Zero Trust architecture
License Utilization Cost optimization

πŸ“¦ Output Files

The assessment generates a comprehensive package with:

Reports

  • Master-Assessment-Report.md - Complete findings and recommendations
  • summary.json - Machine-readable summary for automation

Identity & Security

  • Global-Administrators.csv - All Global Admin accounts
  • Conditional-Access-Policies.csv - CA policy details
  • VMs-Without-Backup.csv - Backup coverage gaps
  • Risky-NSG-Rules.csv - Security rules to remediate
  • Insecure-Storage.csv - Storage security issues

Cost Optimization

  • Unattached-Disks.csv - Orphaned disks with costs
  • Unused-PublicIPs.csv - Unused IPs to remove
  • Stopped-VMs.csv - VMs to deallocate
  • Azure-HybridBenefit.csv - AHB savings opportunities
  • License-Analysis.csv - License utilization and waste

Permission Reports

  • All-Subscriptions.csv - All accessible subscriptions
  • Permission-Check-Results.csv - Access verification results

All files are packaged in a ZIP archive for easy download and sharing.

🎨 Usage Examples

Basic Assessment

.\Complete-Azure-Assessment.ps1 -ClientName "Contoso"

Multi-Subscription Environment

# First, discover all subscriptions
.\Complete-Azure-Assessment.ps1 -SearchAllSubscriptions

# Check permissions across all subscriptions
.\Complete-Azure-Assessment.ps1 -SearchAllSubscriptions -CheckPermissions

# Run assessment on specific subscription
.\Complete-Azure-Assessment.ps1 -ClientName "Contoso" -SubscriptionId "12345678-1234-1234-1234-123456789abc"

Permission Check Only

# Check if you can run the assessment
.\Complete-Azure-Assessment.ps1 -CheckPermissions

# No assessment runs, just permission verification

πŸ“ˆ Sample Output

╔══════════════════════════════════════════════════════╗
β•‘                 ASSESSMENT COMPLETE                    β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

πŸ“Š FINDINGS SUMMARY:

πŸ’° Cost Savings:
   Monthly Savings: $850
   Annual Savings:  $10,200

πŸ” Security & Identity:
   Global Admins: 3 βœ“
   PIM Enabled: βœ“ Yes
   Critical Issues: 2

πŸ’³ License Optimization:
   Unused Licenses: 15
   Potential Savings: $180/month

πŸ“‹ Underutilized Features: 3

πŸ“¦ ZIP FILE READY:
   ~/clouddrive/AzureAssessments/Contoso-Assessment-20251111-1430.zip

πŸ› οΈ Advanced Features

Security Scoring

  • Automatic prioritization of critical security issues
  • Compliance framework mapping (SOC 2, ISO 27001, NIST)
  • Risk-based recommendations

Cost Projections

  • Monthly and annual savings calculations
  • ROI analysis with payback period
  • 3-year net benefit calculations

Implementation Roadmap

Four-phase approach:

  1. Week 1: Quick wins (cost savings)
  2. Week 2: Security remediation
  3. Weeks 3-4: Optimization
  4. Month 2: Advanced security features

πŸ“š Documentation

πŸ” Security Features Deep Dive

Global Administrator Management

  • Identifies all Global Admin accounts
  • Recommends limiting to 2-4 accounts
  • Detects emergency access accounts
  • Tracks last sign-in activity

Privileged Identity Management (PIM)

  • Checks if PIM is enabled
  • Counts eligible role assignments
  • Recommends just-in-time access
  • Requires Azure AD Premium P2

License Optimization

  • Analyzes all Microsoft cloud licenses
  • Identifies unused licenses and waste
  • Calculates monthly and annual costs
  • Provides right-sizing recommendations
  • Supports:
    • Azure AD Premium (P1/P2)
    • Microsoft 365 (E3/E5)
    • Office 365
    • EMS (E3/E5)
    • Power BI Pro
    • Project/Visio

Conditional Access

  • Lists all CA policies
  • Shows enabled vs. disabled status
  • Recommends core policies:
    • Require MFA for all users
    • Block legacy authentication
    • Require compliant devices
    • Risk-based controls

🎯 Target Audience

  • MSPs/CSPs - Multi-client Azure assessments
  • IT Consultants - Client environment analysis
  • Azure Administrators - Regular optimization reviews
  • Security Teams - Compliance and security audits
  • Finance Teams - Cost optimization initiatives

πŸ’‘ Benefits

For MSPs/CSPs

  • Quick client environment assessment
  • Professional, branded reports
  • Identifies upsell opportunities
  • Demonstrates value

For Enterprises

  • Regular optimization reviews
  • Compliance documentation
  • Cost savings identification
  • Security posture improvement

For Auditors

  • Automated compliance checks
  • Audit-ready documentation
  • Historical trending
  • Executive summaries

βš™οΈ Customization

The script can be customized to:

  • Adjust cost estimates for different regions
  • Modify security thresholds
  • Add custom checks
  • Integrate with ticketing systems
  • Export to different formats

🀝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

πŸ“„ License

See LICENSE file for details.

πŸ†˜ Support

For issues, questions, or contributions:

  1. Check the documentation in the repository
  2. Review existing issues
  3. Create a new issue with details

πŸ”„ Version History

Version 2.0 (November 2025)

  • ✨ Added Global Administrator analysis
  • ✨ Added Privileged Identity Management (PIM) checks
  • ✨ Added Multi-Factor Authentication (MFA) coverage analysis
  • ✨ Added Conditional Access policy review
  • ✨ Added comprehensive license optimization
  • ✨ Added underutilized features detection
  • ✨ Added subscription discovery and permission checks
  • 🎨 Enhanced reporting with security scoring
  • πŸ“Š Added detailed identity and access management section

Version 1.0

  • Initial release with cost optimization
  • Basic security checks
  • Network security analysis
  • Backup coverage assessment

πŸ“ž Contact

For professional services or custom assessments, please contact Managed Solution LLC.

Built with ❀️ for Azure optimization and security

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages