This skill should be used when the user asks about "Azure CLI", "azd", "Azure Developer CLI", "resource groups", "subscriptions", "ARM templates", "Bicep", "Azure deployment", "infrastructure as code", "Azure resources", "deploy to Azure", or mentions Azure infrastructure and deployment services. Provides best practices for azd (preferred for app deployments) and az CLI for resource management.
/plugin marketplace add charris-msft/azure-plugin/plugin install charris-msft-azure-mcp@charris-msft/azure-pluginThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Azure infrastructure management encompasses resource organization, deployment automation, and governance. This skill covers Azure CLI, Resource Groups, Subscriptions, and Infrastructure as Code (ARM/Bicep).
MCP Tools Available: When the Azure MCP server is enabled, use these tools:
azure_subscription_list - List subscriptionsazure_resource_group_list - List resource groupsazure_resource_list - List resourcesazure_deployment_list - List deploymentsazure_deployment_get - Get deployment detailsazure_cli_generate - Generate Azure CLI commandsazure_quota_list - List service quotasIf Azure MCP is not enabled: Prompt the user to enable it via /mcp or run /azure:setup.
Patterns:
| Pattern | Use Case | Complexity |
|---|---|---|
| Single subscription | Small org, single project | Low |
| Environment-based | Dev/Test/Prod isolation | Medium |
| Workload-based | Application isolation | Medium |
| Business unit | Org structure alignment | High |
Recommendations:
Root Management Group
├── Platform
│ ├── Identity
│ ├── Management
│ └── Connectivity
├── Landing Zones
│ ├── Production
│ │ ├── Prod-Sub-1
│ │ └── Prod-Sub-2
│ └── Non-Production
│ ├── Dev-Sub
│ └── Test-Sub
└── Sandbox
└── Sandbox-Sub
Naming convention: rg-{workload}-{environment}-{region}-{instance}
Example: rg-contoso-prod-eastus-001
Organization strategies:
Best practices:
Required tags:
| Tag | Purpose | Example |
|---|---|---|
| Environment | Deployment stage | prod, dev, test |
| Owner | Contact person | team-platform@contoso.com |
| CostCenter | Billing attribution | CC-12345 |
| Project | Business project | project-alpha |
Optional tags:
| Tag | Purpose | Example |
|---|---|---|
| Application | Application name | contoso-web |
| DataClassification | Data sensitivity | confidential |
| CreatedBy | Automation source | terraform |
| ExpirationDate | Cleanup date | 2024-12-31 |
For application deployments, prefer Azure Developer CLI (azd).
| Tool | Use For | Approach |
|---|---|---|
| azd | Deploying applications | Application-centric, infrastructure + code |
| az | Managing resources, queries | Resource-centric, imperative commands |
| Bicep | Infrastructure only | Declarative templates |
Recommended for deploying applications to Azure.
# Check if installed
azd version
# Install (if needed)
# Windows: winget install Microsoft.Azd
# macOS: brew install azd
# Linux: curl -fsSL https://aka.ms/install-azd.sh | bash
# Start from a template
azd init --template azure-samples/todo-nodejs-mongo-aca
# Or initialize existing project
azd init
# Provision infrastructure AND deploy code
azd up
# Subsequent code deployments
azd deploy
# View what's deployed
azd show
# Clean up everything
azd down
Browse templates at: https://azure.github.io/awesome-azd/
Popular templates:
| Template | Stack | Target |
|---|---|---|
todo-nodejs-mongo-aca | Node.js + MongoDB | Container Apps |
todo-python-mongo-aca | Python + MongoDB | Container Apps |
todo-csharp-sql-aca | .NET + SQL | Container Apps |
todo-python-mongo-swa-func | Python + Functions | Static Web Apps |
Use azd when:
Use az/Bicep when:
Best for: Resource management, queries, scripting
Authentication:
az login # Interactive login
az login --service-principal # Service principal
az account set -s <sub-id> # Set subscription
az account show # Current context
Resource management:
az group list # List resource groups
az resource list -g <rg> # List resources in group
az resource show --ids <id> # Get resource details
Deployment:
az deployment group create # Deploy to resource group
az deployment sub create # Deploy to subscription
az deployment what-if # Preview changes
The azure_cli_generate MCP tool can generate Azure CLI commands:
Request: "Create a command to list all storage accounts"
Result: "az storage account list --output table"
| Feature | ARM Templates | Bicep |
|---|---|---|
| Syntax | JSON | DSL (simpler) |
| Learning curve | Steeper | Easier |
| Modularity | Linked templates | Native modules |
| Intellisense | Limited | Excellent |
| Decompilation | N/A | From ARM |
Recommendation: Use Bicep for new projects
File structure:
infra/
├── main.bicep # Entry point
├── modules/
│ ├── storage.bicep
│ ├── networking.bicep
│ └── compute.bicep
├── parameters/
│ ├── dev.bicepparam
│ ├── test.bicepparam
│ └── prod.bicepparam
└── bicepconfig.json # Linting rules
Naming conventions:
// Resource naming
var storageAccountName = 'st${workload}${environment}${uniqueString(resourceGroup().id)}'
// Use camelCase for variables and parameters
param environmentName string
var resourceGroupLocation = resourceGroup().location
Module pattern:
// main.bicep
module storage 'modules/storage.bicep' = {
name: 'storageDeployment'
params: {
location: location
storageAccountName: storageAccountName
}
}
What-If: Always preview changes before deployment:
az deployment group what-if \
--resource-group rg-myapp-prod \
--template-file main.bicep \
--parameters @parameters/prod.bicepparam
Incremental vs Complete:
Use incremental for production, complete only for clean environments.
Deployment Stacks: Manage resources as a unit:
az stack group create \
--name myStack \
--resource-group rg-myapp \
--template-file main.bicep \
--deny-settings-mode none
Common policies:
Policy assignment scopes:
| Lock Type | Effect |
|---|---|
| ReadOnly | No modifications or deletions |
| CanNotDelete | Can modify, cannot delete |
Apply to critical resources:
1. List subscriptions with azure_subscription_list
2. Set context to subscription
3. List resource groups with azure_resource_group_list
4. List resources with azure_resource_list
1. List deployments with azure_deployment_list
2. Get deployment details with azure_deployment_get
3. Review deployment status and outputs
Use azure_quota_list to check service limits.
Request increases before hitting limits.
Use azure_cli_generate for complex commands.
Verify generated commands before execution.
Essential components:
Additional components:
Hub VNet
├── Azure Firewall
├── VPN/ExpressRoute Gateway
├── Bastion Host
└── Central services
Spoke VNets (peered to hub)
├── Application Spoke
├── Data Spoke
└── Management Spoke
| Resource Type | Backup Method |
|---|---|
| VMs | Azure Backup |
| SQL Database | Automated backups |
| Cosmos DB | Continuous backup |
| Storage | Versioning + GRS |
| App Service | Backup feature |
| Operation | MCP Tool | Description |
|---|---|---|
| List subscriptions | azure_subscription_list | Get all subscriptions |
| List resource groups | azure_resource_group_list | Get resource groups |
| List resources | azure_resource_list | Get resources |
| List deployments | azure_deployment_list | Get deployments |
| Get deployment | azure_deployment_get | Get deployment details |
| Generate CLI | azure_cli_generate | Generate Azure CLI |
| List quotas | azure_quota_list | Get service quotas |
| Resource | Pattern | Example |
|---|---|---|
| Resource Group | rg-{app}-{env}-{region} | rg-contoso-prod-eastus |
| Storage Account | st{app}{env}{unique} | stcontosoprod001 |
| Virtual Network | vnet-{app}-{env}-{region} | vnet-contoso-prod-eastus |
| Subnet | snet-{purpose} | snet-frontend |
| Key Vault | kv-{app}-{env} | kv-contoso-prod |
| App Service | app-{app}-{env} | app-contoso-prod |
azd (for application deployments):
azd init --template <template-name> # Initialize from template
azd up # Provision + deploy
azd deploy # Deploy code only
azd down # Tear down everything
az (for resource management):
# List and set subscription
az account list --output table
az account set --subscription "Sub Name"
# Resource groups
az group list --output table
az group create -n rg-name -l eastus
# Deployments (infrastructure only)
az deployment group create -g rg-name -f main.bicep
az deployment group what-if -g rg-name -f main.bicep
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.