azure-validate

by microsoft

Pre-deployment validation for Azure readiness. Run deep checks on configuration, infrastructure (Bicep or Terraform), RBAC role assignments, managed identity permissions, and prerequisites before deploying. WHEN: validate my app, check deployment readiness, run preflight checks, verify configuration, check if ready to deploy, validate azure.yaml, validate Bicep, test before deploying, troubleshoot deployment errors, validate Azure Functions, validate function app, validate serverless...

npx skills add https://github.com/microsoft/azure-skills --skill azure-validate
Download ZIPGitHub

name: azure-validate description: "Pre-deployment validation for Azure readiness. Run deep checks on configuration, infrastructure (Bicep or Terraform), RBAC role assignments, managed identity permissions, and prerequisites before deploying. WHEN: validate my app, check deployment readiness, run preflight checks, verify configuration, check if ready to deploy, validate azure.yaml, validate Bicep, test before deploying, troubleshoot deployment errors, validate Azure Functions, validate function app, validate serverless deployment, verify RBAC roles, check role assignments, review managed identity permissions, what-if analysis, validate Container Apps deployment." license: MIT metadata: author: Microsoft version: "1.1.2"

Azure Validate

AUTHORITATIVE GUIDANCE — Follow these instructions exactly unless they contradict security policies given to you.

⛔ STOP — PREREQUISITE CHECK REQUIRED

Before proceeding, verify this prerequisite is met:

azure-prepare was invoked and completed → .azure/deployment-plan.md exists with status Approved or later

If the plan is missing, STOP IMMEDIATELY and invoke azure-prepare first.

The complete workflow ensures success:

azure-prepareazure-validateazure-deploy

Triggers

  • Check if app is ready to deploy
  • Validate azure.yaml or Bicep
  • Run preflight checks
  • Troubleshoot deployment errors

Rules

  1. Run after azure-prepare, before azure-deploy
  2. All checks must pass—do not deploy with failures
  3. Destructive actions require ask_userglobal-rules

Steps

#ActionReference
1Load Plan — Read .azure/deployment-plan.md for recipe and configuration. If missing → run azure-prepare first.azure/deployment-plan.md
2Add Validation Steps — Copy recipe "Validation Steps" to .azure/deployment-plan.md as children of "All validation checks pass"recipes/README.md, .azure/deployment-plan.md
3Run Validation — Execute recipe-specific validation commandsrecipes/README.md
4Build Verification — Build the project and fix any errors before proceedingSee recipe
5Static Role Verification — Review Bicep/Terraform for correct RBAC role assignments in coderole-verification.md
6Record Proof — Populate Section 7: Validation Proof with commands run and results.azure/deployment-plan.md
7Resolve Errors — Fix failures before proceedingSee recipe's errors.md
8Update Status — Only after ALL checks pass, set status to Validated.azure/deployment-plan.md
9Deploy — Invoke azure-deploy skill

⛔ VALIDATION AUTHORITY

This skill is the officially verified way to set plan status to Validated. You MUST follow these steps to make sure every prerequisite is fulfilled before setting status to Validated:

  1. Run actual validation commands (azd provision --preview, bicep build, terraform validate, etc.)
  2. Populate Section 7: Validation Proof with the commands you ran and their results
  3. Only then set status to Validated

Do NOT set status to Validated without running checks and recording proof.

⚠️ MANDATORY NEXT STEP — DO NOT SKIP

After ALL validations pass, you MUST invoke azure-deploy to execute the deployment. Do NOT attempt to run azd up, azd deploy, or any deployment commands directly. Let azure-deploy handle execution.

If any validation failed, fix the issues and re-run azure-validate before proceeding.

More skills from microsoft

oss-growth
microsoft
OSS growth hacker persona
official
microsoft-foundry
microsoft
Deploy, evaluate, and manage Foundry agents end-to-end: Docker build, ACR push, hosted/prompt agent create, container start, batch eval, continuous eval, prompt optimizer workflows, agent.yaml, dataset curation from traces. USE FOR: deploy agent to Foundry, hosted agent, create agent, invoke agent, evaluate agent, run batch eval, continuous eval, continuous monitoring, continuous eval status, optimize prompt, improve prompt, prompt optimizer, optimize agent instructions, improve agent...
officialdevelopmentdevops
azure-ai
microsoft
Use for Azure AI: Search, Speech, OpenAI, Document Intelligence. Helps with search, vector/hybrid search, speech-to-text, text-to-speech, transcription, OCR. WHEN: AI Search, query search, vector search, hybrid search, semantic search, speech-to-text, text-to-speech, transcribe, OCR, convert text to speech.
officialdevelopmentapi
azure-deploy
microsoft
Execute Azure deployments for ALREADY-PREPARED applications that have existing .azure/deployment-plan.md and infrastructure files. DO NOT use this skill when the user asks to CREATE a new application — use azure-prepare instead. This skill runs azd up, azd deploy, terraform apply, and az deployment commands with built-in error recovery. Requires .azure/deployment-plan.md from azure-prepare and validated status from azure-validate. WHEN: "run azd up", "run azd deploy", "execute deployment",...
officialdevopsaws
azure-storage
microsoft
Azure Storage Services including Blob Storage, File Shares, Queue Storage, Table Storage, and Data Lake. Answers questions about storage access tiers (hot, cool, cold, archive), when to use each tier, and tier comparison. Provides object storage, SMB file shares, async messaging, NoSQL key-value, and big data analytics. Includes lifecycle management. USE FOR: blob storage, file shares, queue storage, table storage, data lake, upload files, download blobs, storage accounts, access tiers,...
officialdevelopmentdatabase
azure-diagnostics
microsoft
Debug Azure production issues on Azure using AppLens, Azure Monitor, resource health, and safe triage. WHEN: debug production issues, troubleshoot app service, app service high CPU, app service deployment failure, troubleshoot container apps, troubleshoot functions, troubleshoot AKS, kubectl cannot connect, kube-system/CoreDNS failures, pod pending, crashloop, node not ready, upgrade failures, analyze logs, KQL, insights, image pull failures, cold start issues, health probe failures,...
officialdevopsdevelopment
azure-prepare
microsoft
Prepare Azure apps for deployment (infra Bicep/Terraform, azure.yaml, Dockerfiles). Use for create/modernize or create+deploy; not cross-cloud migration (use azure-cloud-migrate). DO NOT USE FOR: copilot-sdk apps (use azure-hosted-copilot-sdk). WHEN: "create app", "build web app", "create API", "create serverless HTTP API", "create frontend", "create back end", "build a service", "modernize application", "update application", "add authentication", "add caching", "host on Azure", "create and...
officialdevelopmentdevops
entra-app-registration
microsoft
Guides Microsoft Entra ID app registration, OAuth 2.0 authentication, and MSAL integration. USE FOR: create app registration, register Azure AD app, configure OAuth, set up authentication, add API permissions, generate service principal, MSAL example, console app auth, Entra ID setup, Azure AD authentication. DO NOT USE FOR: Azure RBAC or role assignments (use azure-rbac), Key Vault secrets (use azure-keyvault-expiration-audit), general Azure resource security guidance.
officialdevelopmentapi