agentskills.codes
AZ

azure-defaults

Azure infrastructure defaults: regions, tags, naming (CAF), AVM-first policy, security baseline, unique suffix patterns. USE FOR: any agent generating or planning Azure resources. DO NOT USE FOR: artifact template structures (use azure-artifacts), pricing lookups (read references/pricing-guidance.md

Install

mkdir -p .claude/skills/azure-defaults && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/14902" && unzip -o skill.zip -d .claude/skills/azure-defaults && rm skill.zip

Installs to .claude/skills/azure-defaults

Activation

This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.

Azure infrastructure defaults: regions, tags, naming (CAF), AVM-first policy, security baseline, unique suffix patterns. USE FOR: any agent generating or planning Azure resources. DO NOT USE FOR: artifact template structures (use azure-artifacts), pricing lookups (read references/pricing-guidance.md on demand).
312 chars✓ has a “when” triggerlonger than Claude Code's old 250-char listing cap (fine on current versions)

About this skill

Azure Defaults Skill

Single source of truth for Azure infrastructure configuration. Deep-dive content lives in references/ — load on demand.


Quick Reference (Load First)

Default Regions

ServiceDefault RegionReason
All resourcesswedencentralEU GDPR-compliant
Static Web AppswesteuropeNot available in swedencentral
FailovergermanywestcentralEU paired alternative

Required Tags (Azure Policy Enforced)

These 4 tags are the MINIMUM baseline. Always defer to 04-governance-constraints.md for the actual required tag list.

TagRequiredExample Values
EnvironmentYesdev, staging, prod
ManagedByYesBicep or Terraform
ProjectYesProject identifier
OwnerYesTeam or individual name

Tag Casing Rule: Use PascalCase exactly as shown above (Environment, ManagedBy, Project, Owner). Never emit both owner and Owner or environment and Environment in the same template — Azure Policy treats case-variant tag keys as ambiguous evaluation paths (AmbiguousPolicyEvaluationPaths error).

Unique Suffix Pattern

Generate ONCE, pass to ALL modules:

var uniqueSuffix = uniqueString(resourceGroup().id)

Security Baseline (5-Line Summary)

SettingValueApplies To
HTTPS-onlytrueStorage, all
TLS minimum'TLS1_2'All services
Public blob accessfalseStorage
Public network (prod)'Disabled'Data services
AuthenticationManaged IdentityPrefer over keys

For AVM pitfalls and deprecation patterns, read references/security-baseline-full.md.

Deprecated Services (Do NOT Recommend for Greenfield)

Deprecated ServiceReplacementSinceNotes
Azure AD B2CMicrosoft Entra External IDMay 2025Not available for new tenants
Redis Enterprise E50Azure Managed Redis (Enterprise)March 2027Plan migration before EOL
CDN WAF (classic)Front Door Standard/Premium WAF2025CDN WAF creation blocked
App Gateway v1App Gateway v2April 2026Classic SKU retiring
CDN Standard MicrosoftFront Door Standard2027Migration required

Rule: Never recommend deprecated services for greenfield projects. Before recommending any service with a multi-year RI commitment, verify the service retirement timeline extends beyond the commitment period. Check Microsoft Learn deprecation announcements.


CAF Naming Conventions

ResourceAbbrPatternMax
Resource Grouprgrg-{project}-{env}90
Virtual Networkvnetvnet-{project}-{env}64
Subnetsnetsnet-{purpose}-{env}80
NSGnsgnsg-{purpose}-{env}80
Key Vaultkvkv-{short}-{env}-{suffix}24
Storage Accountstst{short}{env}{suffix}24
App Service Planaspasp-{project}-{env}40
App Serviceappapp-{project}-{env}60
SQL Serversqlsql-{project}-{env}63
SQL Databasesqldbsqldb-{project}-{env}128
Static Web Appstappstapp-{project}-{env}40
Log Analyticsloglog-{project}-{env}63
App Insightsappiappi-{project}-{env}255

For extended abbreviations and length-constraint examples, read references/naming-full-examples.md.


Azure Verified Modules (AVM)

  1. ALWAYS check AVM availability first
  2. Use AVM defaults for SKUs when available
  3. NEVER write raw Bicep/TF for a resource that has an AVM module

For the full Bicep + Terraform AVM module registry, read references/avm-modules.md.


Template-First Output Rules

RuleRequirement
Exact textUse template H2 text verbatim
Exact orderRequired H2s in template-defined order
Anchor ruleExtra sections only AFTER last required H2
No omissionsAll template H2s must appear in output
Attribution> Generated by {agent} agent | {YYYY-MM-DD}

Validation Checklist

  • Output saved to agent-output/{project}/
  • All required H2 headings present and correctly ordered
  • All 4 required tags included in resource definitions
  • Unique suffix used for globally unique names
  • Security baseline settings applied
  • Region defaults correct

Reference Index

Load these on demand — do NOT read all at once:

ReferenceWhen to Load
references/naming-full-examples.mdGenerating names for length-constrained resources
references/avm-modules.mdLooking up AVM module paths or versions
references/security-baseline-full.mdDebugging AVM parameter issues or checking deprecations
references/pricing-guidance.mdRunning cost estimates with Azure Pricing MCP
references/service-matrices.mdMapping user requirements to Azure service tiers
references/waf-criteria.mdScoring WAF pillar assessments
references/governance-discovery.mdDiscovering Azure Policy constraints
references/policy-effect-decision-tree.mdTranslating policy effects into plan/code actions
references/adversarial-review-protocol.mdRunning challenger-review-subagent passes
references/azure-cli-auth-validation.mdValidating Azure CLI auth before deployments
references/terraform-conventions.mdGenerating Terraform (HCL) code
references/research-workflow.mdFollowing the standard 4-step research pattern

Search skills

Search the agent skills registry