Veri-Tech
Support/Tutorials/Remediate a compliance gap automatically
Veri-Guard·~8 min

Remediate a compliance gap automatically

Close a failing control with Veri-Guard auto-remediation, using a JIT write consent that auto-revokes.

Before you start

  • Professional or Enterprise plan (Guard auto-remediation is available on Pro+)
  • A completed scan with at least one failing control
  • Global Administrator available for the JIT write consent

What you'll have at the end

A previously failing control now passing, with an audit entry showing exactly what was changed.

Walkthrough

  1. 1

    Open a failing control

    From the Compliance Hub, click any failing control in the per-domain breakdown.

    Control detail view showing "Fail" status, severity, and the frameworks it satisfies.
    Control detail view showing "Fail" status, severity, and the frameworks it satisfies.
  2. 2

    Click "Remediate"

    Every failing control offers a "Generate Runbook" action for manual execution by your team. For the 330+ auto-remediable controls (Pro+), the "Remediate" button is also active — that's the auto-fix path this tutorial walks through.

    Control detail view with the Remediate button highlighted.
    Control detail view with the Remediate button highlighted.

    Note

    Runbooks are the default workflow for every control — auto-remediation is an opt-in alternative for the 330+ controls that support it. Most enterprise teams use the runbook path for audit-trail control; auto-remediation is great when you don't have bandwidth to walk every fix by hand.

  3. 3

    Review the proposed change

    A diff view shows the exact setting that will change, from/to values, and which users or groups it applies to.

    Remediation diff preview with current value, proposed value, and assignment scope.
    Remediation diff preview with current value, proposed value, and assignment scope.
  4. 4

    Approve the JIT write consent

    If you have not already granted write consent in this session, Microsoft prompts for a narrowly-scoped write permission. It auto-revokes after the remediation completes.

    Microsoft consent prompt for the JIT write app with a scoped permission list.
    Microsoft consent prompt for the JIT write app with a scoped permission list.

    Heads up

    Conditional Access changes deploy in report-only mode by default. Confirm impact before switching to enforced.

  5. 5

    Watch the change apply

    Progress shows live. A successful remediation flips the control to Pass and adds an entry to the Audit Log.

    Remediation complete state with control now showing Pass and an audit log entry.
    Remediation complete state with control now showing Pass and an audit log entry.
← All tutorialsSubmit a ticket