azure-enterprise-infra-planner
microsoft/azure-skills
Architect and provision enterprise Azure infrastructure from workload descriptions with Bicep or Terraform.
What is azure-enterprise-infra-planner?
This skill helps cloud architects and platform engineers design enterprise-grade Azure infrastructure including networking, identity, security, and compliance. Use it when planning landing zones, hub-spoke networks, multi-region topologies, or subscription-scope deployments—it generates production-ready Bicep or Terraform code directly.
- Plan enterprise Azure infrastructure from workload descriptions
- Design networking: VNets, subnets, firewalls, private endpoints, VPN gateways
- Architect landing zones and hub-spoke network topologies
- Plan identity, RBAC, and compliance-driven infrastructure
- Generate Bicep or Terraform for subscription-scope and multi-resource-group deployments
- Design disaster recovery, failover, and cross-region high-availability topologies
How to install azure-enterprise-infra-planner
npx skills add https://github.com/microsoft/azure-skills --skill azure-enterprise-infra-plannerHow to use azure-enterprise-infra-planner
- 1.Describe your workload requirements and desired Azure topology
- 2.Follow the 7-phase workflow in workflow.md to gather requirements and constraints
- 3.Use MCP tools to retrieve Azure best practices and WAF guidance for your services
- 4.Generate infrastructure plan with networking, identity, and compliance specifications
- 5.Obtain approval for the plan before proceeding to code generation
- 6.Generate Bicep or Terraform code from the approved plan
- 7.Validate generated code with az bicep build or terraform validate, then deploy
Use cases
- Architect a multi-region Azure landing zone with hub-spoke networking and security policies
- Design a disaster recovery topology with failover and cross-region replication
- Plan enterprise VNet infrastructure with firewalls, private endpoints, and VPN gateways
- Set up identity and RBAC governance for a multi-subscription environment
- Generate Bicep templates for subscription-scope infrastructure deployments
- Cloud architects
- Platform engineers
- Infrastructure engineers planning multi-resource topologies
- Teams designing enterprise Azure landing zones
azure-enterprise-infra-planner FAQ
Use azure-enterprise-infra-planner for infrastructure-centric workflows: landing zones, networking design, multi-region topologies, and subscription-scope deployments. Use azure-prepare for app-centric workflows focused on application deployment and configuration.
The skill generates Bicep or Terraform code directly. It does not use Azure Developer CLI (azd).
Yes. The skill can design multi-region topologies, failover strategies, and cross-region high-availability architectures.
Fix the generated code based on validation errors from az bicep build or terraform validate, then re-validate. If unresolved, notify the user.
Yes. The skill validates pairing constraints and SKU compatibility. If violations are detected, fix them in the plan before proceeding to IaC generation.
Full instructions (SKILL.md)
Source of truth, from microsoft/azure-skills.
name: azure-enterprise-infra-planner description: "Architect and provision enterprise Azure infrastructure from workload descriptions. For cloud architects and platform engineers planning networking, identity, security, compliance, and multi-resource topologies with WAF alignment. Generates Bicep or Terraform directly (no azd). WHEN: 'plan Azure infrastructure', 'architect Azure landing zone', 'design hub-spoke network', 'plan multi-region DR topology', 'set up VNets firewalls and private endpoints', 'subscription-scope Bicep deployment', 'Azure Backup for VM workloads'. PREFER azure-prepare FOR app-centric workflows." license: MIT metadata: author: Microsoft version: "1.2.3"
Azure Enterprise Infra Planner
When to Use This Skill
Activate this skill when user wants to:
- Plan enterprise Azure infrastructure from a workload or architecture description
- Architect a landing zone, hub-spoke network, or multi-region topology
- Design networking infrastructure: VNets, subnets, firewalls, private endpoints, VPN gateways
- Plan identity, RBAC, and compliance-driven infrastructure
- Generate Bicep or Terraform for subscription-scope or multi-resource-group deployments
- Plan disaster recovery, failover, or cross-region high-availability topologies
Quick Reference
| Property | Details |
|---|---|
| MCP tools | insights_get, get_azure_bestpractices_get, wellarchitectedframework_serviceguide_get, microsoft_docs_fetch, microsoft_docs_search, bicepschema_get |
| CLI commands | az deployment group create, az bicep build, az resource list, terraform init, terraform plan, terraform validate, terraform apply |
| Output schema | schema.md |
| Key references | workflow.md, waf-checklist.md, resources/, constraints/ |
Workflow (Start Here)
Follow the step-by-step instructions in workflow.md to execute the 7 phases of infrastructure planning and provisioning.
MCP Tools
| Tool | Purpose |
|---|---|
insights_get | Retrieve insights about the user's existing Azure environment to guide planning decisions |
get_azure_bestpractices_get | Azure best practices for code generation, operations, and deployment |
wellarchitectedframework_serviceguide_get | WAF service guide for a specific Azure service |
microsoft_docs_search | Search Microsoft Learn for relevant documentation chunks |
microsoft_docs_fetch | Fetch full content of a Microsoft Learn page by URL |
bicepschema_get | Bicep schema definition for any Azure resource type (latest API version) |
Error Handling
| Error | Cause | Fix |
|---|---|---|
| MCP tool error or not available | Tool call timeout, connection error, or tool doesn't exist | Retry once; fall back to reference files and notify user if unresolved |
| Plan approval missing | meta.status is not approved | Stop and prompt user for approval before IaC generation or deployment |
| IaC validation failure | az bicep build or terraform validate returns errors | Fix the generated code and re-validate; notify user if unresolved |
| Pairing constraint violation | Incompatible SKU or resource combination | Fix in plan before proceeding to IaC generation |
| Infra plan or IaC files not found | Files written to wrong location or not created | Verify files exist at <project-root>/.azure/ and <project-root>/infra/; if missing, re-create the files by following workflow.md exactly |
Related skills
More from microsoft/azure-skills and the wider catalog.
finetuning
Fine-tune models on Azure AI Foundry with SFT, DPO, or RFT training methods.
azure-ai
Azure AI services skill for Search, Speech, OpenAI, and Document Intelligence in coding agents
azure-deploy
Execute Azure deployments for prepared applications with built-in error recovery and validation.
azure-diagnostics
Debug Azure production issues using AppLens, Azure Monitor, resource health, and systematic triage.
azure-prepare
Generate Azure deployment infrastructure (Bicep/Terraform, azure.yaml, Dockerfiles) for new or existing apps
azure-storage
Azure Storage skill: Blob, File Shares, Queue, Table, and Data Lake with access tier guidance and lifecycle management