Governance and identity how-to guides

Use these guides to turn cached governance and access data into verified review outcomes. The pages distinguish read-only analysis from local writes and Azure-side remediation.

Goal Guide
Scan and inventory policy Inventory and assignments
Analyze policy ownership, scope, trends, and pivots Policy pivots and history
Resolve effective policy and governance risks Effective policy and advisors
Plan a staged policy change Rollout Planner and AI tools
Reconcile observed policy with IaC Policy drift and IaC
Triage identity, PIM, and applications Identity reviews and handoffs
Review and export effective access RBAC access reviews

Common operating pattern

  1. Select the intended tenant connection and the narrowest useful workload or scope.
  2. Check generated time, cache age, collector status, and truncation or partial-result warnings.
  3. Refresh only the collector needed for the decision.
  4. Filter before interpreting totals or exporting.
  5. Validate a candidate against Azure, Entra, Policy Insights, or the authoritative IaC repository.
  6. Use an approved external change process, then refresh the affected data and preserve verification evidence.

Never put client secrets, access tokens, share tokens, real tenant IDs, object IDs, or user identifiers in prompts, exports used as examples, tickets, or documentation.


Table of contents


Back to top

Azure Support Agent is open source under the MIT License.

This site uses Just the Docs, a documentation theme for Jekyll.