azure-enterprise-infra-planner

Architect and provision enterprise Azure infrastructure from workload descriptions. For cloud architects and platform engineers planning networking, identity, security, compliance, and multi-resource topologies with WAF alignment. Generates Bicep or Terraform directly (no azd). WHEN: 'plan Azure infrastructure', 'architect Azure landing zone', 'design hub-spoke network', 'plan multi-region DR topology', 'set up VNets firewalls and private endpoints', 'subscription-scope Bicep deployment', 'Azure Backup for VM workloads'. PREFER azure-prepare FOR app-centric workflows.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "azure-enterprise-infra-planner" with this command: npx skills add microsoft/azure-skills/microsoft-azure-skills-azure-enterprise-infra-planner

Azure Enterprise Infra Planner

When to Use This Skill

Activate this skill when user wants to:

  • Plan enterprise Azure infrastructure from a workload or architecture description
  • Architect a landing zone, hub-spoke network, or multi-region topology
  • Design networking infrastructure: VNets, subnets, firewalls, private endpoints, VPN gateways
  • Plan identity, RBAC, and compliance-driven infrastructure
  • Generate Bicep or Terraform for subscription-scope or multi-resource-group deployments
  • Plan disaster recovery, failover, or cross-region high-availability topologies

Quick Reference

PropertyDetails
MCP toolsget_azure_bestpractices_get, wellarchitectedframework_serviceguide_get, microsoft_docs_fetch, microsoft_docs_search, bicepschema_get
CLI commandsaz deployment group create, az bicep build, az resource list, terraform init, terraform plan, terraform validate, terraform apply
Output schemaplan-schema.md
Key referencesresearch.md, resources/, waf-checklist.md, constraints/

Workflow

Read workflow.md for detailed step-by-step instructions, including MCP tool usage, CLI commands, and decision points. Follow the phases in order, ensuring all key gates are passed before proceeding to the next phase.

PhaseActionKey Gate
1Research — WAF ToolsAll MCP tool calls complete
2Research — Refine & LookupResource list approved by user
3Plan GenerationPlan JSON written to disk
4VerificationAll checks pass, user approves
5IaC Generationmeta.status = approved
6DeploymentUser confirms destructive actions

MCP Tools

ToolPurpose
get_azure_bestpractices_getAzure best practices for code generation, operations, and deployment
wellarchitectedframework_serviceguide_getWAF service guide for a specific Azure service
microsoft_docs_searchSearch Microsoft Learn for relevant documentation chunks
microsoft_docs_fetchFetch full content of a Microsoft Learn page by URL
bicepschema_getBicep schema definition for any Azure resource type (latest API version)

Error Handling

ErrorCauseFix
MCP tool error or not availableTool call timeout, connection error, or tool doesn't existRetry once; fall back to reference files and notify user if unresolved
Plan approval missingmeta.status is not approvedStop and prompt user for approval before IaC generation or deployment
IaC validation failureaz bicep build or terraform validate returns errorsFix the generated code and re-validate; notify user if unresolved
Pairing constraint violationIncompatible SKU or resource combinationFix in plan before proceeding to IaC generation
Infra plan or IaC files not foundFiles written to wrong location or not createdVerify files exist at <project-root>/.azure/ and <project-root>/infra/; if missing, re-create the files by following workflow.md exactly

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

azure-compliance

Run Azure compliance and security audits with azqr plus Key Vault expiration checks. Covers best-practice assessment, resource review, policy/compliance validation, and security posture checks. WHEN: compliance scan, security audit, BEFORE running azqr (compliance cli tool), Azure best practices, Key Vault expiration check, expired certificates, expiring secrets, orphaned resources, compliance assessment.

Repository Source
138.9K594Microsoft
Security

azure-kubernetes

Plan, create, and configure production-ready Azure Kubernetes Service (AKS) clusters. Covers Day-0 checklist, SKU selection (Automatic vs Standard), networking options (private API server, Azure CNI Overlay, egress configuration), security, and operations (autoscaling, upgrade strategy, cost analysis). WHEN: create AKS environment, provision AKS environment, enable AKS observability, design AKS networking, choose AKS SKU, secure AKS.

Repository Source
48.3K594Microsoft
Research

microsoft-foundry

Deploy, evaluate, and manage Foundry agents end-to-end: Docker build, ACR push, hosted/prompt agent create, container start, batch eval, prompt optimization, prompt optimizer workflows, agent.yaml, dataset curation from traces. USE FOR: deploy agent to Foundry, hosted agent, create agent, invoke agent, evaluate agent, run batch eval, optimize prompt, improve prompt, prompt optimization, prompt optimizer, improve agent instructions, optimize agent instructions, optimize system prompt, deploy model, Foundry project, RBAC, role assignment, permissions, quota, capacity, region, troubleshoot agent, deployment failure, create dataset from traces, dataset versioning, eval trending, create AI Services, Cognitive Services, create Foundry resource, provision resource, knowledge index, agent monitoring, customize deployment, onboard, availability. DO NOT USE FOR: Azure Functions, App Service, general Azure deploy (use azure-deploy), general Azure prep (use azure-prepare).

Repository Source
141.5K594Microsoft
General

azure-ai

Use for Azure AI: Search, Speech, OpenAI, Document Intelligence. Helps with search, vector/hybrid search, speech-to-text, text-to-speech, transcription, OCR. WHEN: AI Search, query search, vector search, hybrid search, semantic search, speech-to-text, text-to-speech, transcribe, OCR, convert text to speech.

Repository Source
139K594Microsoft
azure-enterprise-infra-planner | V50.AI