ArchitectureAzureCompliance

Aligning Azure Governance to the Well-Architected Framework

How Unsave maps security, cost, and compliance checks to Microsoft's Well-Architected Framework pillars.

3 min read

What Is the Well-Architected Framework?

Microsoft's Azure Well-Architected Framework (WAF) is a set of guiding principles for building and operating cloud workloads. It's organized into five pillars:

  1. Reliability — Resiliency, availability, disaster recovery
  2. Security — Identity, network, data protection, threat detection
  3. Cost Optimization — Waste elimination, right-sizing, reservation planning
  4. Operational Excellence — Monitoring, alerting, deployment practices
  5. Performance Efficiency — Scaling, load testing, capacity planning

Most organizations know about WAF in theory. Few operationalize it with automated, continuous assessment.

Security Pillar Alignment

Unsave's 103 security checks map directly to WAF Security pillar recommendations:

Identity and Access Management

  • MFA enforcement aligns with WAF's "use strong authentication" principle
  • PIM monitoring supports "use just-in-time access" guidance
  • RBAC analysis implements "apply least privilege" recommendation
  • Guest access controls follow "manage external identities" best practice

Network Security

  • NSG rule validation supports "segment and filter network traffic"
  • RDP/SSH restriction checks align with "minimize attack surface"
  • Network Watcher enablement implements "monitor network traffic"

Data Protection

  • Storage encryption checks support "encrypt data at rest"
  • HTTPS enforcement implements "encrypt data in transit"
  • Key Vault configuration aligns with "manage secrets securely"

Cost Optimization Pillar Alignment

The WAF Cost Optimization pillar emphasizes three themes that Unsave directly addresses:

  1. Understand your costs — Cost analysis and breakdown by subscription, resource group, and resource type
  2. Eliminate waste — Seven automated waste detectors for common resource types
  3. Optimize workloads — Right-sizing engine with 14-day metric analysis and SKU recommendations

The FinOps Score provides a single metric that maps to WAF's recommendation to "establish a cost optimization practice."

Operational Excellence Pillar

Unsave contributes to Operational Excellence through:

  • Continuous monitoring — Recurring scans detect configuration drift
  • Alerting — Custom alert rules on security score, cost, and compliance changes
  • Audit trail — Activity log ingestion and change tracking
  • Reporting — Automated PDF reports for governance reviews

Using WAF as a Communication Tool

One of the most valuable aspects of WAF alignment is communication. When presenting to leadership, mapping findings to WAF pillars translates technical issues into business language:

  • "We have 3 critical security findings" becomes "Our Security pillar maturity has gaps in identity management"
  • "There's $2,800 in monthly waste" becomes "Our Cost Optimization pillar needs attention on resource right-sizing"
  • "CIS compliance is at 87%" becomes "Our Security pillar compliance readiness is strong but has specific gaps"

Align your Azure governance to the Well-Architected Framework. Try Unsave free at unsave.io.