Audit Your Entire Azure Tenant in Under 20 Minutes : AI-Driven CAF & WAF Compliance
Summary
Based on the Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF), this project automates the audit of an entire Azure tenant in minutes, using AI and a sovereign environment to keep data confidential.
Introduction
Nowadays, auditing an Azure tenant can take several days. A tenant is composed of numerous resources : subscriptions, resource groups, security policies, network configurations, identity and access management (IAM), etc. Each element needs to be manually reviewed, navigating from service to service in the Azure portal, exporting data, cross-referencing it with CAF and WAF recommendations, and producing a coherent report. It is a long, tedious process, often prone to errors and oversights.
The goal here is to let artificial intelligence go through all these steps, generating a complete audit report in just a few minutes, while staying within a sovereign environment to ensure the confidentiality of your data.
To build this solution, we started from the foundation of one of our previous projects : Building the N1 Agent : An AI-Powered Kubernetes Assistant.
We highly recommend reading it first, as it covers the fundamental concepts and detailed technical implementation that this project builds upon. Here, we will only go through the specific adjustments made for this new use case.
Architecture Overview
Here's the architecture we've implemented :
Since the core infrastructure was already battle-tested with the N1 Agent, we kept it as-is and focused on what this use case actually needed. Same network layout, same machine segmentation, same core stack : OpenWebUI as the chat interface, n8n for workflow automation, Azure AI Foundry for sovereign model deployment, MCPO as a proxy layer for MCP Servers, and the MCP protocol itself.
The main addition for this use case is the Azure MCP Server, which exposes Azure resource management capabilities as HTTP endpoints through MCPO. We also integrated Open Terminal, which we'll cover further down.
Technical Implementation
Before the AI can audit anything, it needs access to the tenant. That means setting up an App Registration on the target tenant and granting it Read-Only access, following the principle of least privilege, the AI should only be able to see, never touch.
Azure MCP Server
Everything runs in Docker. Once the stack is up, the key step is configuring the mcpo-config.json file with your MCP Server settings. You'll point it to the official Microsoft Azure MCP package and provide your App Registration credentials, either inline or via environment variables :
{
"mcpServers": {
"azure-tenant": {
"command": "npx",
"args": ["-y", "@azure/mcp@latest", "server", "start"],
"env": {
"AZURE_TENANT_ID": "your-tenant-id",
"AZURE_CLIENT_ID": "your-client-id",
"AZURE_CLIENT_SECRET": "your-client-secret",
"AZURE_TOKEN_CREDENTIALS": "prod"
}
}
}
}
A couple of things worth noting here :
The
serverstartsubcommand tells the Azure MCP package to run as an MCP Server and expose its endpoints. Without it, the package simply exits.AZURE_TOKEN_CREDENTIALS: "prod"tells the Azure Identity library to authenticate using a client secret, the right mode when working with an App Registration.
From there, the AI can query the tenant through direct prompts, or you can wire it into an n8n workflow to schedule regular audits and auto-generate reports :
Open Terminal
The Azure MCP Server gets you far, but it has limitations. Not every Azure resource has a dedicated MCP endpoint, notably around network security, Entra ID auditing, and fine-grained RBAC. On top of that, some resource queries require many sequential calls (resources within a resource group, for instance), which burns through tokens fast and risks hitting context limits.
For a truly exhaustive audit, you want full Azure CLI access. That's where Open Terminal comes in.
Open Terminal is a tool built by the OpenWebUI team, released in early February 2026. It's a self-hosted remote shell server that exposes a REST API, letting AI agents run shell commands, manage files, and interact with a live environment.
Setup is minimal. On your local machine :
# One-liner with uvx (no install needed)
uvx open-terminal run --host 0.0.0.0 --port 8000 --api-key your-secret-key
# Or install with pip
pip install open-terminal
open-terminal run --host 0.0.0.0 --port 8000 --api-key your-secret-key
Or as a Docker container if you'd rather not expose your host :
docker run -d --name open-terminal --restart unless-stopped -p 8000:8000 -v open-terminal:/home/user -e OPEN_TERMINAL_API_KEY=your-secret-key ghcr.io/open-webui/open-terminal
Once it's running, connect it to OpenWebUI via Settings > Integrations > Open Terminal (+), fill in the fields, and the terminal becomes available directly inside your conversations.
From there, ask the AI to install the Azure CLI, authenticate with your tenant (personal account or App Registration), and it'll start running az commands, giving it significantly more coverage than MCP endpoints alone.
Challenges
If Open Terminal gives the AI full CLI access, why use the Azure MCP Server at all ?
This is actually a broader question the community has been debating : is MCP becoming obsolete now that tools like Open Terminal exist ?
Our take : Open Terminal gives you more coverage, but it comes with real trade-offs. It either runs on your local machine or requires a dedicated container on your infra, and crucially, access cannot be scoped. Whatever account was used to set it up is the one the AI has access to. A poorly written prompt or a hallucination could result in arbitrary packages being installed on the machine. On on-premises infrastructure, that's a serious risk.
MCP, on the other hand, gives the AI a well-defined set of tools with clear descriptions. It knows what it can call, and nothing else. That's what makes it valuable : standardization and constraints. In security-sensitive contexts, both matter.
Beyond security, the Azure MCP Server is actively evolving, and what it already delivers is genuinely useful. It produces a solid report that surfaces the areas worth digging into, and for most use cases, knowing where to investigate is already the hard part. The Azure CLI adds more detail, but either way, an expert review is always the final step.
In practice, our answer is : not obsolete, just different. MCP and Open Terminal solve different problems, and understanding that distinction is what makes the combination powerful. We found that using both together works well : give the AI access to both tools in its system prompt, and let it pick the right one depending on the situation.
Conclusion
What a Cloud Engineer or Architect typically spends ~5 days on, inventorying resources, running a full CAF/WAF audit across every layer, writing the report, the AI completes in under 20 minutes :
This isn't about replacing experts. It's about eliminating the repetitive, time-consuming work that buries them.
The goal is to enable pre-auditing : quickly identifying the critical points that need deeper investigation, so the expert can focus directly on what matters. Beyond one-off audits, we also generate weekly reports on our tenants through n8n workflows, so nothing stays hidden for long.
