Agent skill

azure-mcp

Comprehensive Azure cloud management skill using Azure CLI. Manage 40+ Azure services including storage, databases, containers, monitoring, security, AI services, messaging, and infrastructure. Use for any Azure resource management, configuration, troubleshooting, or deployment tasks.

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/azure-mcp-housegarofalo-claude-code-base

SKILL.md

Azure MCP - Comprehensive Azure Management Skill

Manage Azure resources using Azure CLI across all major services.

Triggers

Use this skill when you see:

  • azure, az cli, azure resource
  • azure storage, blob, cosmos, keyvault
  • azure aks, kubernetes, container
  • azure monitor, log analytics
  • azure sql, postgres, mysql
  • event grid, service bus, functions
  • app service, resource group, subscription

Instructions

Authentication

bash
# Login interactively
az login

# Login with service principal
az login --service-principal \
    --username <APP_ID> \
    --password <PASSWORD> \
    --tenant <TENANT_ID>

# Login with managed identity
az login --identity

# Set subscription
az account set --subscription "My Subscription"

# List subscriptions
az account list --output table

Resource Groups

bash
# Create resource group
az group create --name mygroup --location eastus

# List resource groups
az group list --output table

# Delete resource group
az group delete --name mygroup --yes --no-wait

# List resources in group
az resource list --resource-group mygroup --output table

Storage Accounts

bash
# Create storage account
az storage account create \
    --name mystorageaccount \
    --resource-group mygroup \
    --location eastus \
    --sku Standard_LRS \
    --kind StorageV2

# List storage accounts
az storage account list --resource-group mygroup --output table

# Get connection string
az storage account show-connection-string \
    --name mystorageaccount \
    --resource-group mygroup

# Create container
az storage container create \
    --name mycontainer \
    --account-name mystorageaccount

# Upload blob
az storage blob upload \
    --account-name mystorageaccount \
    --container-name mycontainer \
    --name myblob \
    --file ./localfile.txt

# List blobs
az storage blob list \
    --account-name mystorageaccount \
    --container-name mycontainer \
    --output table

Key Vault

bash
# Create Key Vault
az keyvault create \
    --name mykeyvault \
    --resource-group mygroup \
    --location eastus \
    --enable-rbac-authorization

# Set secret
az keyvault secret set \
    --vault-name mykeyvault \
    --name mysecret \
    --value "secret-value"

# Get secret
az keyvault secret show \
    --vault-name mykeyvault \
    --name mysecret

# List secrets
az keyvault secret list --vault-name mykeyvault --output table

# Create key
az keyvault key create \
    --vault-name mykeyvault \
    --name mykey \
    --kty RSA \
    --size 2048

App Service

bash
# Create App Service plan
az appservice plan create \
    --name myplan \
    --resource-group mygroup \
    --sku B1 \
    --is-linux

# Create Web App
az webapp create \
    --name mywebapp \
    --resource-group mygroup \
    --plan myplan \
    --runtime "PYTHON:3.11"

# Configure settings
az webapp config appsettings set \
    --name mywebapp \
    --resource-group mygroup \
    --settings KEY=value

# Deploy from Git
az webapp deployment source config \
    --name mywebapp \
    --resource-group mygroup \
    --repo-url https://github.com/org/repo \
    --branch main

# View logs
az webapp log tail \
    --name mywebapp \
    --resource-group mygroup

Azure SQL

bash
# Create SQL server
az sql server create \
    --name mysqlserver \
    --resource-group mygroup \
    --location eastus \
    --admin-user sqladmin \
    --admin-password "Password123!"

# Create database
az sql db create \
    --name mydb \
    --resource-group mygroup \
    --server mysqlserver \
    --service-objective S0

# Configure firewall
az sql server firewall-rule create \
    --name AllowAzure \
    --resource-group mygroup \
    --server mysqlserver \
    --start-ip-address 0.0.0.0 \
    --end-ip-address 0.0.0.0

# Get connection string
az sql db show-connection-string \
    --server mysqlserver \
    --name mydb \
    --client ado.net

Azure PostgreSQL

bash
# Create PostgreSQL Flexible Server
az postgres flexible-server create \
    --name mypostgres \
    --resource-group mygroup \
    --location eastus \
    --admin-user pgadmin \
    --admin-password "Password123!" \
    --sku-name Standard_D2s_v3 \
    --tier GeneralPurpose \
    --storage-size 32

# Create database
az postgres flexible-server db create \
    --resource-group mygroup \
    --server-name mypostgres \
    --database-name mydb

# Configure firewall
az postgres flexible-server firewall-rule create \
    --resource-group mygroup \
    --name mypostgres \
    --rule-name AllowAll \
    --start-ip-address 0.0.0.0 \
    --end-ip-address 255.255.255.255

Virtual Networks

bash
# Create VNet
az network vnet create \
    --name myvnet \
    --resource-group mygroup \
    --location eastus \
    --address-prefix 10.0.0.0/16 \
    --subnet-name default \
    --subnet-prefix 10.0.1.0/24

# Create subnet
az network vnet subnet create \
    --name mysubnet \
    --resource-group mygroup \
    --vnet-name myvnet \
    --address-prefix 10.0.2.0/24

# Create NSG
az network nsg create \
    --name mynsg \
    --resource-group mygroup \
    --location eastus

# Add NSG rule
az network nsg rule create \
    --name AllowHTTP \
    --nsg-name mynsg \
    --resource-group mygroup \
    --priority 100 \
    --destination-port-ranges 80 443 \
    --access Allow \
    --protocol Tcp

Monitoring

bash
# Create Log Analytics workspace
az monitor log-analytics workspace create \
    --workspace-name myworkspace \
    --resource-group mygroup \
    --location eastus

# Create alert rule
az monitor metrics alert create \
    --name "High CPU Alert" \
    --resource-group mygroup \
    --scopes /subscriptions/.../resourceGroups/mygroup/providers/Microsoft.Compute/virtualMachines/myvm \
    --condition "avg Percentage CPU > 80" \
    --window-size 5m \
    --evaluation-frequency 1m

# Query logs
az monitor log-analytics query \
    --workspace /subscriptions/.../workspaces/myworkspace \
    --analytics-query "AzureActivity | take 10"

# Create Application Insights
az monitor app-insights component create \
    --app myappinsights \
    --resource-group mygroup \
    --location eastus \
    --workspace /subscriptions/.../workspaces/myworkspace

Service Bus

bash
# Create namespace
az servicebus namespace create \
    --name myservicebus \
    --resource-group mygroup \
    --location eastus \
    --sku Standard

# Create queue
az servicebus queue create \
    --name myqueue \
    --namespace-name myservicebus \
    --resource-group mygroup

# Create topic and subscription
az servicebus topic create \
    --name mytopic \
    --namespace-name myservicebus \
    --resource-group mygroup

az servicebus topic subscription create \
    --name mysubscription \
    --topic-name mytopic \
    --namespace-name myservicebus \
    --resource-group mygroup

# Get connection string
az servicebus namespace authorization-rule keys list \
    --namespace-name myservicebus \
    --resource-group mygroup \
    --name RootManageSharedAccessKey

Identity and RBAC

bash
# Create managed identity
az identity create \
    --name myidentity \
    --resource-group mygroup

# Assign role
az role assignment create \
    --assignee <PRINCIPAL_ID> \
    --role "Storage Blob Data Contributor" \
    --scope /subscriptions/.../resourceGroups/mygroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount

# List role assignments
az role assignment list \
    --scope /subscriptions/.../resourceGroups/mygroup \
    --output table

# Create service principal
az ad sp create-for-rbac \
    --name myserviceprincipal \
    --role Contributor \
    --scopes /subscriptions/.../resourceGroups/mygroup

Container Registry

bash
# Create ACR
az acr create \
    --name myacr \
    --resource-group mygroup \
    --sku Standard \
    --admin-enabled true

# Login to ACR
az acr login --name myacr

# Build image
az acr build \
    --registry myacr \
    --image myapp:v1 \
    .

# List repositories
az acr repository list --name myacr --output table

# List tags
az acr repository show-tags --name myacr --repository myapp

Best Practices

  1. Resource Groups: Organize resources by lifecycle and management
  2. Tags: Use tags for cost allocation and organization
  3. RBAC: Follow least privilege principle
  4. Monitoring: Enable diagnostics and alerts
  5. Networking: Use private endpoints for sensitive resources

Common Workflows

Deploy Application Stack

  1. Create resource group
  2. Set up networking (VNet, subnets)
  3. Deploy database services
  4. Deploy application (App Service, Container Apps)
  5. Configure monitoring and alerts

Manage Resources

  1. List resources: az resource list
  2. View details: az resource show
  3. Update settings: az resource update
  4. Delete: az resource delete
  5. Monitor: az monitor

Didn't find tool you were looking for?

Be as detailed as possible for better results