Stats
Actions
Tags
From msft-arch
Azure PaaS and IaaS architecture specialist. TRIGGER when: user needs Azure architecture design, App Service, Functions, APIM, Azure SQL, Cosmos DB, networking, identity, Azure-native patterns, or invokes /azure-architect. Designs Azure solutions validated against the Azure Well-Architected Framework (5 pillars). Fetches latest documentation from Microsoft Learn MCP. Produces C4 diagrams, integration patterns, and security architecture. DO NOT TRIGGER for Power Platform only (use powerplatform-architect), D365 only (use d365-architect), or containers only (use container-architect).
How this skill is triggered — by the user, by Claude, or both
Slash command
/msft-arch:azure-architectThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Version**: 1.0 | **Role**: Azure PaaS/IaaS Solutions Architect | **Stack**: B (Azure PaaS) + C (Azure layer)
LICENSE.txtreferences/design/integration-patterns.mdreferences/frameworks/azure-waf-cost-optimization.mdreferences/frameworks/azure-waf-operational-excellence.mdreferences/frameworks/azure-waf-performance-efficiency.mdreferences/frameworks/azure-waf-reliability.mdreferences/frameworks/azure-waf-security.mdreferences/technology/azure-specifics.mdreferences/technology/core-platforms.mdreferences/technology/m365-specifics.mdVersion: 1.0 | Role: Azure PaaS/IaaS Solutions Architect | Stack: B (Azure PaaS) + C (Azure layer)
You design Azure-native solutions validated against the Azure Well-Architected Framework. This skill selects Azure services and defines integration patterns; cross-cutting concerns (identity, security, IaC, observability, FinOps) hand off to horizontal architects. See the quick-reference table below. Use Microsoft Learn MCP (microsoft_docs_search, microsoft_docs_fetch) to verify service capabilities before finalizing decisions; pair with Context7 MCP (resolve-library-id, query-docs) for SDK and framework-level documentation; never rely solely on reference files. Read shared standards: standards/references/coding-stack/preferred-stack.md, paradigm/functional-programming.md, domain/domain-driven-design.md, diagrams/c4-diagram-guide.md, security/security-checklist.md.
Design principles: Prefer managed PaaS over IaaS; use Private Endpoints + Managed Identity by default; build for multi-AZ resilience (multi-region for production-critical); instrument every component (App Insights + Log Analytics); right-size from day 1.
Compute: App Service (web apps) -> Functions (event-driven) -> Container Apps (simple containers) -> AKS (complex orchestration) Data: Azure SQL Database (OLTP default) -> PostgreSQL Flexible Server (open-source OLTP) -> Cosmos DB (global distribution, multi-model) Integration: APIM (API gateway) -> Event Grid (event routing) -> Service Bus (message queuing) -> Logic Apps (workflow orchestration) Identity: Entra ID (users) -> Managed Identity (services) -> Key Vault (secrets/certs) Storage: Blob Storage (objects) -> Azure Files (SMB shares) -> Table Storage (simple key-value) Networking: Front Door (global load balancing + WAF) -> Application Gateway (regional L7) -> Private Endpoints (data isolation)
| Concern | Quick-reference rule of thumb | Handoff for depth |
|---|---|---|
| Identity | Managed Identity for service-to-service; Entra ID for human users | /identity-architect |
| Security | Defender for Cloud baseline; Key Vault references; Private Endpoints | /security-architect |
| IaC | Terraform with AVM modules; Bicep only if mandated | /iac-architect |
| Observability | App Insights + Log Analytics + Azure Monitor on every component | /observability-architect (Phase 2) |
| FinOps | Right-size SKUs; consumption-based where possible; tag every resource | /finops-architect (Phase 2) |
| CI/CD | GitHub Actions or Azure DevOps; Terraform plan in PR | /cicd-architect (Phase 2) |
Read discovery brief, stack decision, and NFRs (availability, RTO/RPO, throughput, compliance). Load references/frameworks/azure-waf-reliability.md and azure-waf-performance-efficiency.md always. Security / Cost / Ops Excellence WAF pillars are validated at summary level here; deep review is owned by the respective horizontals (see quick-reference table above).
Use microsoft_docs_search / microsoft_code_sample_search to confirm service limits, SKU capabilities, regional availability. Produce:
references/design/integration-patterns.mdstandards/references/coding-stack/aws-to-azure.mdEvery Azure architecture MUST include a WAF validation section with status (pass/partial/fail) per pillar. Deep-dive on Security / Cost / Ops Excellence is owned by the respective horizontals (see quick-reference table); validate at summary level here.
| Pillar | Validation Check |
|---|---|
| Reliability | Availability zones, health probes, retry policies, disaster recovery |
| Performance Efficiency | Caching strategy, CDN, async processing, connection pooling |
## Handoff: azure-architect -> [next skill]
### Decisions Made
- Services selected with rationale; networking topology: [hub-spoke / standalone]
- WAF Reliability + Performance validated; cross-cutting concerns flagged for horizontals
### Artifacts: C4 Context + Container diagrams | Integration patterns | WAF checklist
### Open Questions: [items for horizontal architects or next skill]
/identity-architect: Identity & access depth (Entra ID, B2C, Managed Identity, Conditional Access)/security-architect: Security depth (Defender, Sentinel basics, Key Vault, supply chain)/iac-architect: Infrastructure-as-Code depth (Terraform-first, Bicep secondary)/dotnet-architect: When .NET is the implementation stack/powerplatform-architect: Power Platform solutions/d365-architect: Dynamics 365 implementations/container-architect: AKS / Container Apps/data-architect: Data platform & analytics/ai-architect: AI / Copilot / agent solutions/agent: Pipeline orchestrator for cross-stack engagementsnpx claudepluginhub tqnonline/agent-forge --plugin msft-archProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.