The Problem with Manual Security Reviews
Most organizations review their Azure security posture quarterly — if they're diligent. That means for up to 90 days, misconfigurations sit undetected. A Global Admin without MFA, an NSG rule allowing RDP from the internet, an app registration with expired secrets — all ticking time bombs.
What a Security Score Actually Tells You
A security score isn't just a number. When calculated correctly, it reflects the weighted risk across your entire Azure environment. Unsave evaluates 103 checks across two domains:
- Identity Domain (63 checks): Privileged access, MFA enrollment, service principal hygiene, guest access, role assignments, credential lifecycle
- Infrastructure Domain (40 checks): Network security, storage encryption, Key Vault configuration, backup readiness, logging and detection
Each check carries a severity (Critical, High, Medium, Low) and the impact on your score is logarithmically scaled — so one critical finding matters more than ten low-severity ones.
How Weighted Scoring Works
Not all misconfigurations are equal. A Global Admin without MFA is more dangerous than a missing diagnostic setting. Unsave's scoring reflects this:
| Category | Weight | What It Covers |
|---|---|---|
| Privileged Access | 25% | Global Admin MFA, standing access, PIM usage |
| Authentication | 20% | MFA coverage, Conditional Access, legacy protocols |
| Service Principals | 20% | Unused apps, excessive permissions, expired secrets |
| Guest Access | 15% | External user controls, access reviews |
| Role Assignments | 15% | Over-privileged users, Owner role usage |
| Credentials | 5% | Secret expiry, certificate rotation |
Your final score is a weighted average across these categories, with logarithmic penalty scaling for severity.
From Score to Action
The real value isn't the number itself — it's the remediation path. Every finding in Unsave includes:
- What's wrong — the specific misconfiguration
- Why it matters — the risk it introduces
- How to fix it — step-by-step guidance with Azure Portal links
- Who's affected — the exact users, apps, or resources impacted
Tracking Progress Over Time
A single assessment tells you where you stand. A series of assessments tells you whether you're improving. Unsave stores every assessment, so you can compare scores week-over-week, identify regressions, and prove progress to leadership.
Continuous vs Quarterly
With automated assessments running on demand, you catch issues the day they appear — not the quarter after. That's the difference between proactive governance and reactive compliance.
Unsave runs 103 security checks across identity and infrastructure in under 60 seconds. Start free at unsave.io.