azure▌

Unified access to Azure blob storage, file shares, queues, tables, and data lakes with lifecycle management and redundancy options. \n \n Five storage service types: Blob Storage for objects and backups, File Shares for SMB access, Queue Storage for async messaging, Table Storage for NoSQL key-value, and Data Lake for big data analytics \n MCP server tools for listing accounts, containers, and blobs, plus downloading and uploading blob content; CLI fallback available via az storage commands \n C

Identify cost savings across Azure subscriptions through resource analysis, utilization metrics, and actionable optimization recommendations. \n \n Discovers orphaned resources (unattached disks, unused NICs, idle gateways) and over-provisioned services using Azure Quick Review \n Queries actual costs from Azure Cost Management API and utilization data from Azure Monitor to support rightsizing recommendations \n Generates prioritized optimization reports with estimated savings, implementation co

Assess and migrate cloud workloads from AWS, GCP, and other providers to Azure services. \n \n Supports Lambda-to-Azure Functions migration with dedicated scenario reference and best practices \n Generates assessment reports mapping source services to Azure equivalents before any code conversion \n Converts source code to target Azure runtime models, with output isolated in a separate <source-folder>-azure/ directory \n Requires sequential phase execution: assessment first, then migration,

End-to-end deployment, evaluation, and lifecycle management for Microsoft Foundry agents. \n \n Covers the complete agent development lifecycle: create, deploy (Docker build, ACR push), invoke, evaluate, optimize prompts, and troubleshoot \n Organized into specialized sub-skills for deploy, invoke, observe (evaluation and prompt optimization), trace, troubleshoot, and dataset curation from production traces \n Supports both prompt-based agents (LLM-backed) and hosted agents (container-based cust

Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies, overly permissive role assignments, stale accounts, conditional access gaps, and guest user risks using AzureAD PowerShell, Microsoft Graph API, and ScoutSuite.

Execute cloud-native incident containment across AWS, Azure, and GCP by isolating compromised resources, revoking credentials, preserving forensic evidence, and applying security group restrictions to prevent lateral movement.

Detecting misconfigured Azure Storage accounts including publicly accessible blob containers, missing encryption settings, overly permissive SAS tokens, disabled logging, and network access violations using Azure CLI, PowerShell, and Microsoft Defender for Storage.

Queries Azure Monitor activity logs and sign-in logs via azure-monitor-query to detect suspicious administrative operations, impossible travel, privilege escalation, and resource modifications. Builds KQL queries for threat hunting in Azure environments. Use when investigating suspicious Azure tenant activity or building cloud SIEM detections.

Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin consent bypass, and unauthorized enumeration in Microsoft Entra ID environments.

Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across VMs, containers, databases, and storage, configure security recommendations, and set up adaptive security controls with automated remediation.