**ANALYSIS SKILL** — Manage Azure Local security: security baseline/defaults, BitLocker encryption, Secure Boot, Microsoft Defender for Cloud, and compliance assurance (ISO 27001, PCI DSS, HIPAA, FedRAMP). WHEN: "Azure Local security", "security baseline Azure Local", "BitLocker Azure Local", "Secure Boot Azure Local", "Defender for Cloud Azure Local", "Azure Local compliance", "application control WDAC". USE FOR: hardening an Azure Local instance and mapping to compliance standards. DO NOT USE FOR: cloud subscription compliance scans (use azure-compliance).
**ANALYSIS SKILL** — Manage Azure Local security: security baseline/defaults, BitLocker encryption, Secure Boot, Microsoft Defender for Cloud, and compliance assurance (ISO 27001, PCI DSS, HIPAA, FedRAMP). WHEN: "Azure Local security", "security baseline Azure Local", "BitLocker Azure Local", "Secure Boot Azure Local", "Defender for Cloud Azure Local", "Azure Local compliance", "application control WDAC". USE FOR: hardening an Azure Local instance and mapping to compliance standards. DO NOT USE FOR: cloud subscription compliance scans (use azure-compliance).
compatibility
Works with Claude Code, GitHub Copilot, VS Code, and any Agent Skills compatible tool.
This skill is grounded in the vendored Microsoft docs under docs/upstream/azure-local/. Prefer those files over prior knowledge, cite the file you used, and treat Microsoft Learn as canonical when the weekly mirror lags.
Triggers
Activate this skill when the user wants to:
Review or adjust the security baseline / security defaults
Manage BitLocker, Secure Boot updates, and Application Control
Connect Defender for Cloud, or map the platform to a compliance standard
Rules
Prefer the vendored docs under docs/upstream/azure-local/; cite the exact file used.
Start from the secured-core baseline before layering additional controls.
Map controls to the relevant standard (ISO 27001 / PCI DSS / HIPAA / FedRAMP) via the security book.
Microsoft Learn / discovered governance wins over the mirror on any conflict.
Steps
Baseline — review security features and manage the secured-core baseline/defaults.
Data & boot protection — manage BitLocker encryption and Secure Boot updates.
Threat protection — enable Microsoft Defender for Cloud.
Assurance — map controls to ISO 27001 / PCI DSS / HIPAA / FedRAMP via the security book.