Skill

azure-best-practices

This skill should be used when the user asks to "review Azure resources", "audit resource compliance", "check Azure best practices", "review naming conventions", "evaluate tagging strategy", "assess security baselines", "optimize Azure costs", "improve resource reliability", "check Well-Architected Framework alignment", "find orphaned resources", "audit Azure tags", "run a WARA assessment", "check Azure Policy compliance", or "find resources missing tags".

npx claudepluginhub caleb-terry/caleb-plugins --plugin azure-resources

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/azure-resources:azure-best-practices

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Always load the relevant references when advising on Azure resource management:

Supporting Files

references/cost-optimization.mdreferences/naming-conventions.mdreferences/reliability-checklist.mdreferences/resource-graph-queries.mdreferences/security-baselines.mdreferences/tagging-strategy.md

SKILL.md

124 lines · ~1.5k tokens

Similar Skills

azure-compliance

204

Runs azqr for Azure compliance and security audits, monitors Key Vault keys/secrets/certificates for expirations, and validates resource configurations.

15 files

azure

azure-security-posture-hardening

Reviews Azure security posture, baseline hardening, managed identity adoption, Key Vault posture, private access decisions, Policy guardrails, and logging/audit gap analysis. Useful when hardening workloads without defaulting to broad access or public exposure.

6 files3 tools

vanguard-frontier-agentic

azure-well-architected-framework

Guides Azure solutions using Well-Architected Framework pillars: reliability, security, cost optimization, operational excellence, performance efficiency, with CLI best practices.

azure-master

Stats

Parent stars0

MaintenanceFair

Last CommitMar 10, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Azure Best Practices — Well-Architected Framework, Naming, Tagging & Governance

Always load the relevant references when advising on Azure resource management:

references/naming-conventions.md — CAF naming patterns, abbreviation table, per-resource validation rules
references/tagging-strategy.md — 5 foundational tag categories, minimum required tags, Azure Policy enforcement
references/security-baselines.md — per-resource-type security checks with CLI commands
references/cost-optimization.md — right-sizing, reserved instances, orphaned resource detection
references/reliability-checklist.md — availability zones, backup policies, redundancy tiers, DR patterns
references/resource-graph-queries.md — ready-to-use KQL queries for common audit tasks

Well-Architected Framework — 5 Pillars

Every Azure resource review should consider all five WAF pillars. Azure Advisor maps to four of them directly.

Pillar	Advisor Category	Key Concern
Reliability	HighAvailability	Resiliency, availability zones, backup, DR
Security	Security	Data protection, encryption, RBAC, network isolation
Cost Optimization	Cost	Right-sizing, reserved instances, orphaned resources
Operational Excellence	OperationalExcellence	Monitoring, diagnostics, tagging, automation
Performance Efficiency	Performance	Scaling, load balancing, caching, SKU selection

Design Principles per Pillar

Reliability: Design for business requirements, design for resilience, design for recovery, design for operations, keep it simple.

Security: Plan security readiness, protect confidentiality, protect integrity, protect availability, sustain and evolve security posture.

Cost Optimization: Develop cost-management discipline, design with cost-efficiency mindset, design for usage optimization, design for rate optimization, monitor and optimize over time.

Operational Excellence: Embrace DevOps culture, establish development standards, evolve operations with observability, automate for efficiency, adopt safe deployment practices.

Performance Efficiency: Negotiate realistic performance targets, design to meet capacity requirements, achieve and sustain performance, optimize for long-term improvement.

Quick Reference

Azure CLI Essentials

# Authentication
az login
az account show
az account list --output table
az account set --subscription {sub-id}

# Resource enumeration
az resource list --resource-group {rg} --output table
az resource show --ids {resource-id} --output json

# Azure Resource Graph (preferred for bulk queries)
az graph query -q "Resources | summarize count() by type" --output table
az graph query -q "Resources | where resourceGroup == '{rg}'" --output table

# Azure Advisor
az advisor recommendation list --output json
az advisor recommendation list --category Cost
az advisor recommendation list --category HighAvailability
az advisor recommendation list --category Security
az advisor recommendation list --refresh

# Policy compliance
az policy state list --resource-group {rg} --output table

# Security assessments
az security assessment list --output json

Naming Convention Pattern

Official CAF pattern: {abbreviation}-{workload}-{environment}-{region}-{instance}

Example: vm-sqlprod-prod-eastus2-001

Refer to references/naming-conventions.md for the full abbreviation table and per-resource validation rules.

Minimum Required Tags

Every resource should have at minimum:

Tag Key	Category	Purpose
`environment`	Functional	Which environment (dev/staging/prod)
`application`	Functional	Which workload or app
`costcenter`	Accounting	Cost allocation
`owner`	Ownership	Accountability
`criticality`	Classification	Business criticality level

Refer to references/tagging-strategy.md for the full tagging strategy.

Security Essentials

Never allow public access without explicit justification
Enforce encryption at rest and in transit for all data services
Use managed identities instead of service principal secrets
Scope RBAC to the narrowest resource group possible
Enable diagnostic logging on all resources
Use private endpoints for PaaS services in production

Refer to references/security-baselines.md for per-resource-type checks.

Audit Workflow — Collect → Analyze → Report

Follow the WARA (Well-Architected Reliability Assessment) pattern:

Collect: Pull resource inventory via Resource Graph, Advisor recommendations, and Policy compliance state
Analyze: Check naming, tagging, security baselines, and pillar-specific concerns
Report: Generate structured findings with severity levels and remediation steps

Use references/resource-graph-queries.md for ready-to-use collection queries.

Azure Resource Graph

Prefer az graph query over az resource list for bulk operations — it supports KQL queries across all subscriptions. For ready-to-use queries covering resource inventory, tagging audit, orphaned resource detection, security checks, reliability assessment, and cost analysis, load references/resource-graph-queries.md.

azure-best-practices

Invocation

Context Preview

Supporting Files

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

azure-best-practices

Invocation

Context Preview

Supporting Files

SKILL.md

Azure Best Practices — Well-Architected Framework, Naming, Tagging & Governance

Well-Architected Framework — 5 Pillars

Design Principles per Pillar

Quick Reference

Azure CLI Essentials

Naming Convention Pattern

Minimum Required Tags

Security Essentials

Audit Workflow — Collect → Analyze → Report

Azure Resource Graph

Similar Skills

Help us improve

Azure Best Practices — Well-Architected Framework, Naming, Tagging & Governance

Well-Architected Framework — 5 Pillars

Design Principles per Pillar

Quick Reference

Azure CLI Essentials

Naming Convention Pattern

Minimum Required Tags

Security Essentials

Audit Workflow — Collect → Analyze → Report

Azure Resource Graph