Between Azure policy and Security Center - the export of what is or is not in compliance is now available, however there's no assistance to the individual(s) provisioning the services on how to make sure they’re provisioning accordingly.
At the moment, individuals are provisioning services which are then appearing as out of compliance when reports are ran and shared.
Proposal: export/display of Guidelines based on policies to azure service, its effect, and possible link to a regulatory compliance.
• Policy A | Deny | NIST
• Policy B | Deny | HIPPA, DoD
• Policy C | Deny |
Again, the focus for this is for the individual(s) provisioning the services and knowing beforehand what controls must be in place.