Methods, systems, and computer storage media for providing detection of unsecure network policies in a network segment and automatically remediating the unsecure policies based on pre-defined network policies in a computing environment. In particular, a security maintenance manager of an access management system in the computing environment detects an unsecure network policy based on comparing an active configuration of the network segment to an expected configuration of the network segment and modifies the active configuration to at least restore restrictions of network policies of the expected configuration to the active configuration. In operation, the security maintenance manager periodically accesses an active configuration record for the network segment and compares the active configuration record to an expected configuration record for the network segment. Based on comparing the active configuration record to the expected configuration record, restrictions are remediated (e.g., modified or added) to restore restrictions of the expected configuration record.