Skip to content
  • There are no suggestions because the search field is empty.

How do I read the Cloud Security assessment results?

This article describes how to read assessment results in Cloud Security. After an assessment is completed, each check in the report ends with one of four outcomes. 

How to open Scan report
The scan report is opened from Assessments > Scans, by selecting the Cloud filter and clicking the relevant scan in the list 

The following outcomes apply across all supported platforms: Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and Oracle Cloud 

Outcome: Meaning: Recomended action
Fail The configuration does not match the baseline. The finding includes the observed value, the required value, and a direct link to the relevant page in the Microsoft admin center. Remediate using the Solution tab on the finding
Warn The configuration partially meets the baseline, or matches a weaker setting that is still permitted.

Review and decide whether to harden further.
Unknown This check must be verified manually in the Microsoft admin center. Verify manually using the Solution steps; record the outcome.

Every finding carries the baseline control ID so the upstream rationale can be looked up at any time. 

Why do some checks require manual verification? 

Some checks are marked Manual verification required. This occurs for one of two reasons. 

1. The data is not exposed via API integration

A small set of settings is only visible in the admin portal itself, with no supported API endpoint to query. For those checks, the assessment reports the control as manual and provides the exact path through the admin center to verify it, rather than attempting to produce an unverifiable result. 

2. The control concerns a third-party product 

Some baseline controls apply only if a non-native product is in use. The assessment cannot inspect external systems, so the check is marked as manual for environments where a third-party product applies. 

Manual verification findings in the report include a plain description of what to verify and where to find the setting in the platform's admin center.