WAFAzureWell-ArchitectedAssessment

Azure Well-Architected Framework Assessment: A Complete Guide

Everything you need to know about running an Azure WAF assessment — what it measures, how to interpret results, and how to automate it.

3 min read

What Is a Well-Architected Framework Assessment?

An Azure Well-Architected Framework (WAF) assessment evaluates your cloud workloads against Microsoft's five architectural pillars: Reliability, Security, Cost Optimization, Operational Excellence, and Performance Efficiency. It's the gold standard for measuring whether your Azure environment follows best practices.

The Five Pillars

1. Security

The security pillar covers identity management, network protection, data encryption, and threat detection. Key areas include:

  • MFA enforcement and Conditional Access policies
  • Network segmentation with NSGs and Azure Firewall
  • Encryption at rest and in transit
  • Azure Defender and Security Center configuration
  • Privileged Identity Management (PIM) adoption

2. Cost Optimization

Cost optimization focuses on eliminating waste, right-sizing resources, and using pricing models effectively:

  • Identifying idle and orphaned resources
  • Right-sizing VMs, databases, and App Service plans
  • Reserved Instance coverage analysis
  • Budget tracking and anomaly detection
  • Tag governance for cost allocation

3. Reliability

Reliability ensures your workloads can recover from failures and meet availability targets:

  • Redundancy and failover configuration
  • Backup policies and recovery testing
  • Availability zone distribution
  • Health probes and monitoring

4. Operational Excellence

Operational excellence covers deployment practices, monitoring, and incident response:

  • Infrastructure as Code adoption
  • CI/CD pipeline maturity
  • Monitoring and alerting coverage
  • Runbook automation

5. Performance Efficiency

Performance efficiency ensures resources are appropriately scaled for demand:

  • Autoscaling configuration
  • Caching strategies
  • Database query optimization
  • CDN and edge deployment

How to Run a WAF Assessment

Microsoft's Built-In Tool

Microsoft offers the Azure Well-Architected Review — a questionnaire-based self-assessment. It is useful for initial orientation but relies entirely on self-reported answers.

Automated Assessment with Unsave

Unsave automates the WAF assessment by directly analyzing your Azure environment:

  1. Connect your tenant via OAuth consent (read-only)
  2. Run an assessment — 103 automated checks execute in under 60 seconds
  3. Review findings mapped to WAF pillars with severity scoring
  4. Track progress with historical comparisons and trend analysis

No questionnaires. No manual data collection. Just connect and scan.

WAF Assessment Metrics That Matter

The most actionable metrics from a WAF assessment include:

MetricWhat It Tells You
Security ScoreWeighted posture across identity and infrastructure checks
FinOps ScoreCost optimization maturity (0-100)
Compliance CoveragePercentage of CIS/SOC 2/ISO 27001 controls satisfied
Waste DetectedMonthly dollar value of idle and orphaned resources
Credential HealthService principals with expiring or expired credentials

Continuous vs Point-in-Time Assessment

A WAF assessment done once is a snapshot. Environments change daily — new resources, modified configurations, role assignment changes. Continuous assessment catches drift immediately instead of waiting for the next quarterly review.

Unsave runs assessments on every scan (configurable from hourly to daily), so your WAF metrics always reflect current state.

Run your first Azure Well-Architected Framework assessment in 60 seconds. No agents, no questionnaires. Try Unsave free at unsave.io.