microsoftdocs/azure-sentinel
skills/azure-sentinel/SKILL.md
Expert knowledge for Azure Sentinel development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring Sentinel data connectors, ASIM/UEBA, KQL analytics, Logic Apps playbooks, or multi-tenant MSSP setups, and other Azure Sentinel related development tasks. Not for Azure Defender For Cloud (use azure-defender-for-cloud), Azure Monitor (use azure-monitor), Azure Security (use azure-security), Azure Network Watcher (use azure-network-watcher).
$ install --global
skillsauthnpx skillsauth add microsoftdocs/agent-skills azure-sentinelInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 3, 2026, 3:09 AM21.0s1 file scanned
SKILL.md
- name:
- azure-sentinel
- description:
- Expert knowledge for Azure Sentinel development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring Sentinel data connectors, ASIM/UEBA, KQL analytics, Logic Apps playbooks, or multi-tenant MSSP setups, and other Azure Sentinel related development tasks. Not for Azure Defender For Cloud (use azure-defender-for-cloud), Azure Monitor (use azure-monitor), Azure Security (use azure-security), Azure Network Watcher (use azure-network-watcher).
- compatibility:
- Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation.
- generated_at:
- 2026-05-31
- generator:
- docs2skills/1.0.0
Azure Sentinel Skill
This skill provides expert guidance for Azure Sentinel. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.
How to Use This Skill
IMPORTANT for Agent: Use the Category Index below to locate relevant sections. For categories with line ranges (e.g.,
L35-L120), useread_filewith the specified lines. For categories with file links (e.g.,[security.md](security.md)), useread_fileon the linked reference file
IMPORTANT for Agent: If
metadata.generated_atis more than 3 months old, suggest the user pull the latest version from the repository. Ifmcp_microsoftdocstools are not available, suggest the user install it: Installation Guide
This skill requires network access to fetch documentation content:
- Preferred: Use
mcp_microsoftdocs:microsoft_docs_fetchwith query stringfrom=learn-agent-skill. Returns Markdown. - Fallback: Use
fetch_webpagewith query stringfrom=learn-agent-skill&accept=text/markdown. Returns Markdown.
Category Index
| Category | Lines | Description | |----------|-------|-------------| | Troubleshooting | L37-L50 | Diagnosing and fixing Sentinel data ingestion, connectors, analytics rules, KQL/jobs, notebooks, ASIM, and MCP tool issues, including SAP, AWS S3, Syslog/CEF, and Storage Blob. | | Best Practices | L51-L76 | Best practices for Sentinel SOCs: workspace/data design, detections & tuning, automation/playbooks, incident handling & metrics, UEBA/ASIM/ML use, SAP optimization, and solution lifecycle quality. | | Decision Making | L77-L118 | Planning Sentinel deployments and migrations (MMA/legacy SIEMs), choosing data tiers/connectors, and optimizing automation, retention, and costs across Azure and Defender portals | | Architecture & Design Patterns | L119-L131 | Designing Sentinel architectures: multi-workspace/tenant layouts, MSSP/Lighthouse patterns, BCDR, coexistence with other SIEMs, SAP setups, and integration patterns across portals. | | Limits & Quotas | L132-L144 | Service limits, quotas, pricing, availability, and known limitations for Sentinel core, data lake, MCP, long-term search, watchlists, and implications of disabling/removing the service. | | Security | L145-L159 | Configuring Sentinel security: auth for playbooks, RBAC/roles, access policies, CMK & data residency, network perimeters, MSSP IP protection, AWS attack disruption, and SAP security content. | | Configuration | L160-L292 | Configuring Microsoft Sentinel: data connectors, ASIM schemas, analytics/automation rules, data lake, UEBA, SAP, MCP tools, health monitoring, and workbook/solution setup. | | Integrations & Coding Patterns | L293-L340 | Patterns and APIs for integrating Microsoft Sentinel with Logic Apps, data connectors, threat intel feeds, MCP/Copilot tools, external platforms, and querying data lake/graph with KQL, GQL, REST, and SDKs. | | Deployment | L341-L361 | Deploying and managing Sentinel content and solutions: CI/CD, repo-based deployments, playbooks, rules as code, marketplace/content hub solutions, and SAP/Dynamics/Power Platform connectors. |
Troubleshooting
| Topic | URL | |-------|-----| | Troubleshoot AWS S3 log ingestion connector in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/aws-s3-troubleshoot | | Troubleshoot Microsoft Sentinel Azure Storage Blob connector issues | https://learn.microsoft.com/en-us/azure/sentinel/azure-storage-blob-connector-troubleshoot | | Troubleshoot Syslog and CEF AMA connectors in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/cef-syslog-ama-troubleshooting | | Troubleshoot KQL queries and jobs in Sentinel data lake | https://learn.microsoft.com/en-us/azure/sentinel/datalake/kql-troubleshoot | | Resolve common Jupyter notebook errors in Sentinel data lake | https://learn.microsoft.com/en-us/azure/sentinel/datalake/notebooks-troubleshooting | | Troubleshoot and optimize Microsoft Sentinel MCP tools | https://learn.microsoft.com/en-us/azure/sentinel/datalake/troubleshoot-sentinel-mcp | | Monitor and troubleshoot Sentinel scheduled analytics rule execution | https://learn.microsoft.com/en-us/azure/sentinel/monitor-optimize-analytics-rule-execution | | Troubleshoot Sentinel SAP data connector agent | https://learn.microsoft.com/en-us/azure/sentinel/sap/sap-deploy-troubleshoot | | Troubleshoot Microsoft Sentinel analytics rule issues | https://learn.microsoft.com/en-us/azure/sentinel/troubleshoot-analytics-rules | | Troubleshoot Microsoft Sentinel solution ingestion and packaging | https://learn.microsoft.com/en-us/azure/sentinel/troubleshoot-sentinel-solutions |
Best Practices
| Topic | URL | |-------|-----| | Audit and track Microsoft Sentinel incident task history | https://learn.microsoft.com/en-us/azure/sentinel/audit-track-tasks | | Design Microsoft Sentinel automation rules for SOAR | https://learn.microsoft.com/en-us/azure/sentinel/automate-incident-handling-with-automation-rules | | Apply recommended Microsoft Sentinel playbook templates and use cases | https://learn.microsoft.com/en-us/azure/sentinel/automation/playbook-recommendations | | Apply best practices for Microsoft Sentinel workspaces | https://learn.microsoft.com/en-us/azure/sentinel/best-practices | | Apply Sentinel-specific best practices for data collection | https://learn.microsoft.com/en-us/azure/sentinel/best-practices-data | | Bring custom machine learning models into Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/bring-your-own-ml | | Manage Sentinel detection lifecycle effectively | https://learn.microsoft.com/en-us/azure/sentinel/detection-lifecycle-management-recommendations | | Apply detection tuning recommendations to Sentinel rules | https://learn.microsoft.com/en-us/azure/sentinel/detection-tuning | | Use ASIM-based essential domain solutions in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/domain-based-essential-solutions | | Reduce Microsoft Sentinel false positives with rules and automation | https://learn.microsoft.com/en-us/azure/sentinel/false-positives | | Standardize Microsoft Sentinel incident handling with tasks | https://learn.microsoft.com/en-us/azure/sentinel/incident-tasks | | Handle data ingestion delay in scheduled rules | https://learn.microsoft.com/en-us/azure/sentinel/ingestion-delay | | Use UEBA data effectively in incident investigations | https://learn.microsoft.com/en-us/azure/sentinel/investigate-with-ueba | | Use Sentinel incident metrics to manage SOC performance | https://learn.microsoft.com/en-us/azure/sentinel/manage-soc-with-incident-metrics | | Apply operational best practices for Microsoft Sentinel SOCs | https://learn.microsoft.com/en-us/azure/sentinel/ops-guide | | Optimize SAP threat detections and content in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/sap/deployment-solution-configuration | | Use Security Copilot effectively with Microsoft Sentinel data | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-security-copilot | | Summarize Microsoft Sentinel incidents using Security Copilot | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-security-copilot-incident-summary | | Manage deprecated Microsoft Sentinel solutions lifecycle | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-solution-deprecation | | Apply quality guidelines to Microsoft Sentinel solutions | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-solution-quality-guidance | | Use customizable anomaly detection to find threats | https://learn.microsoft.com/en-us/azure/sentinel/soc-ml-anomalies | | Use Microsoft Sentinel watchlists for enriched correlation | https://learn.microsoft.com/en-us/azure/sentinel/watchlists |
Decision Making
| Topic | URL | |-------|-----| | Plan and execute Sentinel migration from MMA to AMA | https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate | | Decide and migrate Sentinel alert-trigger playbooks to automation rules | https://learn.microsoft.com/en-us/azure/sentinel/automation/migrate-playbooks-to-automation-rules | | Decide when to use the Microsoft Sentinel data lake tier | https://learn.microsoft.com/en-us/azure/sentinel/basic-logs-use-cases | | Plan and estimate Microsoft Sentinel billing costs | https://learn.microsoft.com/en-us/azure/sentinel/billing | | Manage and monitor Microsoft Sentinel costs and billing | https://learn.microsoft.com/en-us/azure/sentinel/billing-monitor-costs | | Use Sentinel prepurchase plans to optimize analytics costs | https://learn.microsoft.com/en-us/azure/sentinel/billing-pre-purchase-plan | | Reduce and optimize Microsoft Sentinel costs | https://learn.microsoft.com/en-us/azure/sentinel/billing-reduce-costs | | Choose and configure Sentinel connectors for Cisco firewalls | https://learn.microsoft.com/en-us/azure/sentinel/cisco-ftd-firewall | | Choose between Sentinel analytics rules and Defender custom detections | https://learn.microsoft.com/en-us/azure/sentinel/compare-analytics-rules-custom-detections | | Configure Sentinel interactive and long-term retention | https://learn.microsoft.com/en-us/azure/sentinel/configure-data-retention-archive | | Assess Sentinel connector support across clouds | https://learn.microsoft.com/en-us/azure/sentinel/data-type-cloud-support | | Choose between KQL jobs, summary rules, and search jobs in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/datalake/kql-jobs-summary-rules-search-jobs | | Choose which logs to ingest into Sentinel data lake | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-lake-log-ingestion-guidance | | Enroll workspaces in Sentinel simplified pricing tiers | https://learn.microsoft.com/en-us/azure/sentinel/enroll-simplified-pricing-tier | | Decide when to use search jobs and restore data in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/investigate-large-datasets | | Choose Microsoft Sentinel log retention tiers | https://learn.microsoft.com/en-us/azure/sentinel/log-plans | | Choose data tiers and retention settings in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/manage-data-overview | | Determine Defender XDR data type support across GCC clouds in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-cloud-support | | Use Microsoft Sentinel within Defender portal | https://learn.microsoft.com/en-us/azure/sentinel/microsoft-sentinel-defender-portal | | Plan migration from legacy SIEM to Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/migration | | Migrate ArcSight SOAR automation to Sentinel rules and playbooks | https://learn.microsoft.com/en-us/azure/sentinel/migration-arcsight-automation | | Map and migrate ArcSight detection rules to Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/migration-arcsight-detection-rules | | Export ArcSight historical data for Sentinel migration | https://learn.microsoft.com/en-us/azure/sentinel/migration-arcsight-historical-data | | Choose Azure target platform for Sentinel historical data | https://learn.microsoft.com/en-us/azure/sentinel/migration-ingestion-target-platform | | Select data ingestion tools for Sentinel historical logs | https://learn.microsoft.com/en-us/azure/sentinel/migration-ingestion-tool | | Migrate QRadar SOAR automation to Sentinel automation | https://learn.microsoft.com/en-us/azure/sentinel/migration-qradar-automation | | Map and migrate QRadar detection rules to Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/migration-qradar-detection-rules | | Export QRadar historical data for Sentinel migration | https://learn.microsoft.com/en-us/azure/sentinel/migration-qradar-historical-data | | Migrate Splunk SOAR automation to Sentinel rules and playbooks | https://learn.microsoft.com/en-us/azure/sentinel/migration-splunk-automation | | Map and migrate Splunk detection rules to Sentinel analytics | https://learn.microsoft.com/en-us/azure/sentinel/migration-splunk-detection-rules | | Export Splunk historical data for Sentinel migration | https://learn.microsoft.com/en-us/azure/sentinel/migration-splunk-historical-data | | Transition Sentinel operations from Azure portal to Defender portal | https://learn.microsoft.com/en-us/azure/sentinel/move-to-defender | | Prioritize Microsoft Sentinel data connectors strategically | https://learn.microsoft.com/en-us/azure/sentinel/prioritize-data-connectors | | Select domain-specific Sentinel solutions from content hub | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-solutions-catalog | | Use SIEM migration tool to map detections | https://learn.microsoft.com/en-us/azure/sentinel/siem-migration | | Apply Sentinel SOC optimization recommendations | https://learn.microsoft.com/en-us/azure/sentinel/soc-optimization/soc-optimization-access | | Use Sentinel SOC optimization reference recommendations | https://learn.microsoft.com/en-us/azure/sentinel/soc-optimization/soc-optimization-reference | | Plan Sentinel multi-workspace usage in Defender portal | https://learn.microsoft.com/en-us/azure/sentinel/workspaces-defender-portal |
Architecture & Design Patterns
| Topic | URL | |-------|-----| | Design BCDR architecture for Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/business-continuity-disaster-recovery | | Deploy Sentinel alongside an existing SIEM | https://learn.microsoft.com/en-us/azure/sentinel/deploy-side-by-side | | Design Sentinel across multiple workspaces and tenants | https://learn.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants | | Architect multi-tenant Sentinel for MSSPs with Azure Lighthouse | https://learn.microsoft.com/en-us/azure/sentinel/multiple-tenants-service-providers | | Design integration patterns for Microsoft Sentinel solutions | https://learn.microsoft.com/en-us/azure/sentinel/partner-integrations | | Plan multi-workspace and multi-tenant Sentinel layouts | https://learn.microsoft.com/en-us/azure/sentinel/prepare-multiple-workspaces | | Choose Microsoft Sentinel workspace designs by scenario | https://learn.microsoft.com/en-us/azure/sentinel/sample-workspace-designs | | Design multi-workspace architecture for Sentinel SAP | https://learn.microsoft.com/en-us/azure/sentinel/sap/cross-workspace | | Implement multi-workspace and multi-tenant Sentinel setup | https://learn.microsoft.com/en-us/azure/sentinel/use-multiple-workspaces |
Limits & Quotas
| Topic | URL | |-------|-----| | Review Microsoft Sentinel data lake service limits and parameters | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-lake-service-limits | | Understand Sentinel MCP server pricing, limits, and availability | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-billing | | Check Sentinel feature availability by Azure cloud | https://learn.microsoft.com/en-us/azure/sentinel/feature-availability | | Understand ASIM known issues and limitations in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/normalization-known-issues | | Understand implications and timing of removing Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/offboard-implications | | Run Microsoft Sentinel search jobs over long-term data | https://learn.microsoft.com/en-us/azure/sentinel/search-jobs | | Review Microsoft Sentinel service limits and quotas | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-service-limits | | Create Microsoft Sentinel watchlists with size limits | https://learn.microsoft.com/en-us/azure/sentinel/watchlists-create | | Edit Microsoft Sentinel watchlists with ingestion SLA | https://learn.microsoft.com/en-us/azure/sentinel/watchlists-manage |
Security
| Topic | URL | |-------|-----| | Configure authentication for Microsoft Sentinel playbooks | https://learn.microsoft.com/en-us/azure/sentinel/automation/authenticate-playbooks-to-sentinel | | Define access restriction policies for Sentinel Standard playbooks | https://learn.microsoft.com/en-us/azure/sentinel/automation/define-playbook-access-restrictions | | Enable Sentinel attack disruption actions on AWS identities | https://learn.microsoft.com/en-us/azure/sentinel/aws-disruption | | Configure customer-managed keys for Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/customer-managed-keys | | Enable network security perimeters for Sentinel Storage connectors | https://learn.microsoft.com/en-us/azure/sentinel/enable-storage-network-security | | Plan Sentinel data residency and compliance | https://learn.microsoft.com/en-us/azure/sentinel/geographical-availability-data-residency | | Protect MSSP intellectual property in Sentinel deployments | https://learn.microsoft.com/en-us/azure/sentinel/mssp-protect-intellectual-property | | Configure resource-context RBAC for Sentinel data access | https://learn.microsoft.com/en-us/azure/sentinel/resource-context-rbac | | Configure Microsoft Sentinel roles and permissions | https://learn.microsoft.com/en-us/azure/sentinel/roles | | Assign required SAP ABAP authorizations for Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/sap/required-abap-authorizations | | Use Microsoft Sentinel built-in security content for SAP | https://learn.microsoft.com/en-us/azure/sentinel/sap/sap-solution-security-content |
Configuration
| Topic | URL | |-------|-----| | Add advanced condition groups to Sentinel automation rules | https://learn.microsoft.com/en-us/azure/sentinel/add-advanced-conditions-to-automation-rules | | Understand anomaly types detected by Sentinel ML engine | https://learn.microsoft.com/en-us/azure/sentinel/anomalies-reference | | Create Data Collection Rules for Sentinel using API examples | https://learn.microsoft.com/en-us/azure/sentinel/api-dcr-reference | | Access and query Microsoft Sentinel audit data | https://learn.microsoft.com/en-us/azure/sentinel/audit-sentinel-data | | Use SentinelAudit tables for user activity auditing | https://learn.microsoft.com/en-us/azure/sentinel/audit-table-reference | | Configure Microsoft Sentinel automation rule properties and conditions | https://learn.microsoft.com/en-us/azure/sentinel/automation-rule-reference | | Map CEF keys to Microsoft Sentinel CommonSecurityLog fields | https://learn.microsoft.com/en-us/azure/sentinel/cef-name-mapping | | Understand Syslog and CEF AMA connectors for Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/cef-syslog-ama-overview | | Configure Security Events connector for anomalous RDP detection | https://learn.microsoft.com/en-us/azure/sentinel/configure-connector-login-detection | | Configure ingestion-time data transformation in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/configure-data-transformation | | Configure Fusion multistage attack detection rules | https://learn.microsoft.com/en-us/azure/sentinel/configure-fusion-rules | | Configure AWS service log connectors for Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-aws | | Prepare AWS environment to send logs to Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-aws-configure-environment | | Configure AWS EKS S3 connector to ingest audit logs | https://learn.microsoft.com/en-us/azure/sentinel/connect-aws-eks | | Configure AWS WAF S3 connector to ingest logs to Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-aws-s3-waf | | Configure Microsoft Entra ID connector for Sentinel logs | https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory | | Connect Azure Virtual Desktop diagnostics to Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-virtual-desktop | | Configure Sentinel connectors for Azure and Microsoft services | https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-windows-microsoft-services | | Configure AMA-based Syslog and CEF ingestion to Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-syslog-ama | | Configure Custom Logs via AMA to ingest text logs | https://learn.microsoft.com/en-us/azure/sentinel/connect-custom-logs-ama | | Configure Defender for Cloud alerts connector for Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-defender-for-cloud | | Stream and filter Windows DNS logs to Sentinel via AMA | https://learn.microsoft.com/en-us/azure/sentinel/connect-dns-ama | | Configure GCP Pub/Sub connectors to ingest logs to Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-google-cloud-platform | | Enable Defender Threat Intelligence data connectors in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-mdti-data-connector | | Stream Microsoft Defender XDR incidents and events to Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-microsoft-365-defender | | Configure Purview Information Protection connector for Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-microsoft-purview | | Configure API-based data connectors for Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-services-api-based | | Set up diagnostic settings-based connectors for Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-services-diagnostic-setting-based | | Configure Windows agent-based data connectors for Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-services-windows-based | | Create scheduled analytics rules from templates | https://learn.microsoft.com/en-us/azure/sentinel/create-analytics-rule-from-template | | Create custom scheduled analytics rules in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/create-analytics-rules | | Configure incident creation from alerts in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts | | Configure Microsoft Sentinel automation rules for incident response | https://learn.microsoft.com/en-us/azure/sentinel/create-manage-use-automation-rules | | Create and manage near-real-time detection rules | https://learn.microsoft.com/en-us/azure/sentinel/create-nrt-rules | | Create Microsoft Sentinel incident task lists via automation rules | https://learn.microsoft.com/en-us/azure/sentinel/create-tasks-automation-rule | | Customize Sentinel alert names, severity, and tactics | https://learn.microsoft.com/en-us/azure/sentinel/customize-alert-details | | Customize activities shown on Sentinel entity timelines | https://learn.microsoft.com/en-us/azure/sentinel/customize-entity-activities | | Configure Azure Storage Blob Codeless Connector Framework rules | https://learn.microsoft.com/en-us/azure/sentinel/data-connection-rules-reference-azure-storage | | Configure GCP Codeless Connector Framework data connection rules | https://learn.microsoft.com/en-us/azure/sentinel/data-connection-rules-reference-gcp | | Configure RestApiPoller data connector and rules JSON | https://learn.microsoft.com/en-us/azure/sentinel/data-connector-connection-rules-reference | | Define Codeless Connector Framework data connector UI JSON | https://learn.microsoft.com/en-us/azure/sentinel/data-connector-ui-definitions-reference | | Use asset data table mappings in Sentinel data lake | https://learn.microsoft.com/en-us/azure/sentinel/datalake/asset-data-tables | | Use audit logs for Sentinel data lake and graph | https://learn.microsoft.com/en-us/azure/sentinel/datalake/auditing-lake-activities | | Configure federated data connectors in Sentinel data lake | https://learn.microsoft.com/en-us/azure/sentinel/datalake/data-federation-setup | | Create and schedule KQL jobs in Sentinel data lake | https://learn.microsoft.com/en-us/azure/sentinel/datalake/kql-jobs | | Configure and schedule KQL jobs in Sentinel data lake | https://learn.microsoft.com/en-us/azure/sentinel/datalake/kql-jobs | | Manage and monitor KQL jobs in Sentinel data lake | https://learn.microsoft.com/en-us/azure/sentinel/datalake/kql-manage-jobs | | Run and manage KQL queries in Sentinel data lake UI | https://learn.microsoft.com/en-us/azure/sentinel/datalake/kql-queries | | Schedule and manage Sentinel notebook jobs for data processing | https://learn.microsoft.com/en-us/azure/sentinel/datalake/notebook-jobs | | Run and configure Jupyter notebooks on Sentinel data lake | https://learn.microsoft.com/en-us/azure/sentinel/datalake/notebooks | | Onboard Sentinel data lake from Defender portal | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-lake-onboard-defender | | Onboard to Microsoft Sentinel data lake and graph | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-lake-onboarding | | Enable Sentinel MCP connector in ChatGPT or Claude | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-chatgpt-claude-connector | | Create and configure custom Sentinel MCP tools from KQL | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-create-custom-tool | | Configure Microsoft Sentinel MCP server for AI queries | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-get-started | | Use Sentinel MCP tools in Microsoft Foundry projects | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-use-tool-azure-ai-foundry | | Configure Sentinel MCP tools in Microsoft Copilot Studio | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-use-tool-copilot-studio | | Configure Sentinel MCP tools in Microsoft Security Copilot | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-use-tool-security-copilot | | Configure Sentinel MCP tools in Visual Studio Code | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-use-tool-visual-studio-code | | Configure Sentinel workbooks to use data lake as source | https://learn.microsoft.com/en-us/azure/sentinel/datalake/workbooks-for-data-lake | | Use DNS AMA connector fields and normalization schema in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/dns-ama-fields | | Enable and configure UEBA in Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/enable-entity-behavior-analytics | | Enable Sentinel auditing and health monitoring and query data | https://learn.microsoft.com/en-us/azure/sentinel/enable-monitoring | | Reference Microsoft Sentinel entity types and identifiers | https://learn.microsoft.com/en-us/azure/sentinel/entities-reference | | Review Fusion-detected multistage attack scenarios in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/fusion-scenario-reference | | Configure and interpret Sentinel auditing and health monitoring | https://learn.microsoft.com/en-us/azure/sentinel/health-audit | | Use SentinelHealth table for SIEM health monitoring | https://learn.microsoft.com/en-us/azure/sentinel/health-table-reference | | Manage versions of scheduled analytics rule templates | https://learn.microsoft.com/en-us/azure/sentinel/manage-analytics-rule-templates | | Configure and manage installed Sentinel platform solutions | https://learn.microsoft.com/en-us/azure/sentinel/manage-platform-solutions | | Configure table retention and tier settings in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/manage-table-tiers-retention | | Map data fields to Sentinel entity types in rules | https://learn.microsoft.com/en-us/azure/sentinel/map-data-fields-to-entities | | Use Microsoft Purview Information Protection audit record types in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/microsoft-purview-record-types-activities | | Monitor Microsoft Sentinel analytics rule health and integrity | https://learn.microsoft.com/en-us/azure/sentinel/monitor-analytics-rule-integrity | | Monitor Sentinel automation rules and playbooks health | https://learn.microsoft.com/en-us/azure/sentinel/monitor-automation-health | | Monitor Sentinel data connector health with SentinelHealth and workbooks | https://learn.microsoft.com/en-us/azure/sentinel/monitor-data-connector-health | | Monitor Sentinel–SAP connector health and performance | https://learn.microsoft.com/en-us/azure/sentinel/monitor-sap-system-health | | Use multi-workspace incident views in Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/multiple-workspace-view | | Configure near-real-time analytics rules for fast detection | https://learn.microsoft.com/en-us/azure/sentinel/near-real-time-rules | | Manage workspace-deployed ASIM parsers in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/normalization-about-workspace-parsers | | Use ASIM common schema fields in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/normalization-common-fields | | Implement ASIM Application Entity schema in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/normalization-entity-application | | Implement ASIM Device Entity schema in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/normalization-entity-device | | Implement ASIM User Entity schema in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/normalization-entity-user | | Map AI agent telemetry to Sentinel ASIM Agent schema | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-agent | | Use ASIM Alert Events normalization schema | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-alert | | Implement ASIM Asset Entity schema in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-asset | | Use ASIM Audit Events normalization schema | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-audit | | Use ASIM Authentication normalization schema | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-authentication | | Apply ASIM DHCP normalization schema in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-dhcp | | Use ASIM DNS normalization schema in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-dns | | Use ASIM File Event normalization schema | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-file-event | | Use Microsoft Sentinel ASIM network session schema fields | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-network | | Use Microsoft Sentinel ASIM process event schema fields | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-process-event | | Use Microsoft Sentinel ASIM registry event schema fields | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-registry-event | | Use Microsoft Sentinel user management normalization schema | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-user-management | | Use legacy Microsoft Sentinel network normalization schema v0.1 | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-v1 | | Use Microsoft Sentinel ASIM web session schema fields | https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-web | | Configure MSTICPy and notebooks for Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/notebook-get-started | | Advanced MSTICPy and notebook configuration for Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/notebooks-msticpy-advanced | | Configure SAP HANA audit log collection in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/sap/collect-sap-hana-audit-logs | | Prepare SAP systems for Sentinel SAP connector | https://learn.microsoft.com/en-us/azure/sentinel/sap/preparing-sap | | Verify prerequisites for Sentinel SAP monitoring | https://learn.microsoft.com/en-us/azure/sentinel/sap/prerequisites-for-deploying-sap-continuous-threat-monitoring | | Reference kickstart script parameters for SAP connector | https://learn.microsoft.com/en-us/azure/sentinel/sap/reference-kickstart | | Configure legacy systemconfig.ini for Sentinel SAP agent | https://learn.microsoft.com/en-us/azure/sentinel/sap/reference-systemconfig | | Configure systemconfig.json for Sentinel SAP connector | https://learn.microsoft.com/en-us/azure/sentinel/sap/reference-systemconfig-json | | Configure SAP connector agent update script options | https://learn.microsoft.com/en-us/azure/sentinel/sap/reference-update | | Use expert configuration for Sentinel SAP connector agent | https://learn.microsoft.com/en-us/azure/sentinel/sap/sap-solution-deploy-alternate | | Reference SAP logs and tables ingested by Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/sap/sap-solution-log-reference | | Tune monitored SAP security parameters for Sentinel rules | https://learn.microsoft.com/en-us/azure/sentinel/sap/sap-suspicious-configuration-security-parameters | | Configure scheduled analytics rules in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/scheduled-rules-overview | | Use Microsoft Sentinel security alert schema fields | https://learn.microsoft.com/en-us/azure/sentinel/security-alert-schema | | Map alert schemas between Sentinel standalone and XDR connectors | https://learn.microsoft.com/en-us/azure/sentinel/security-alert-schema-differences | | Understand Sentinel out-of-the-box content centralization | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-content-centralize | | Remove and restore Sentinel content hub solutions | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-solutions-delete | | Create and configure summary rules in Sentinel solutions | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-summary-rules-creation | | Build and publish Sentinel workbooks in solutions | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-workbook-creation | | Configure Azure Storage Blob connector for Sentinel logs | https://learn.microsoft.com/en-us/azure/sentinel/setup-azure-storage-connector | | Review prerequisites for Microsoft Sentinel solutions | https://learn.microsoft.com/en-us/azure/sentinel/solution-setup-essentials | | Configure and use Sentinel summary rules for data aggregation | https://learn.microsoft.com/en-us/azure/sentinel/summary-rules | | Surface custom event details in Sentinel alerts | https://learn.microsoft.com/en-us/azure/sentinel/surface-custom-details-in-alerts | | Configure threat intelligence feed integrations in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/threat-intelligence-integration | | Configure filter and split transformations for Sentinel data | https://learn.microsoft.com/en-us/azure/sentinel/transformation-filter-split | | Reference for Sentinel UEBA inputs and enrichments | https://learn.microsoft.com/en-us/azure/sentinel/ueba-reference | | Configure Custom Logs via AMA for specific applications | https://learn.microsoft.com/en-us/azure/sentinel/unified-connector-custom-device | | Configure unified connectors to integrate Sentinel data | https://learn.microsoft.com/en-us/azure/sentinel/unified-connector-integration | | Use schemas for Microsoft Sentinel watchlist templates | https://learn.microsoft.com/en-us/azure/sentinel/watchlist-schemas | | Select Windows security event sets for Sentinel ingestion | https://learn.microsoft.com/en-us/azure/sentinel/windows-security-event-id-reference | | Configure and tune anomaly detection analytics rules | https://learn.microsoft.com/en-us/azure/sentinel/work-with-anomaly-rules | | Configure and use Sentinel workspace manager | https://learn.microsoft.com/en-us/azure/sentinel/workspace-manager |
Integrations & Coding Patterns
| Topic | URL | |-------|-----| | Create and execute Sentinel incident tasks using playbooks | https://learn.microsoft.com/en-us/azure/sentinel/automation/create-tasks-playbook | | Use automation integrations in Microsoft Sentinel playbooks | https://learn.microsoft.com/en-us/azure/sentinel/automation/integrations | | Leverage Azure Logic Apps workflows for Sentinel playbooks | https://learn.microsoft.com/en-us/azure/sentinel/automation/logic-apps-playbooks | | Use Microsoft Sentinel playbook triggers and actions via Logic Apps | https://learn.microsoft.com/en-us/azure/sentinel/automation/playbook-triggers-actions | | Integrate Microsoft Sentinel incidents with Microsoft Teams | https://learn.microsoft.com/en-us/azure/sentinel/collaborate-in-microsoft-teams | | Build Azure Functions-based connectors for Sentinel data | https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-functions-template | | Integrate Logstash with Sentinel using DCR-based API | https://learn.microsoft.com/en-us/azure/sentinel/connect-logstash-data-connection-rules | | Integrate STIX/TAXII threat feeds with Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-threat-intelligence-taxii | | Connect external threat intelligence platforms to Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-threat-intelligence-tip | | Integrate external TIP feeds using Sentinel upload API | https://learn.microsoft.com/en-us/azure/sentinel/connect-threat-intelligence-upload-api | | Create codeless data connectors with Sentinel CCF | https://learn.microsoft.com/en-us/azure/sentinel/create-codeless-connector | | Build Sentinel custom connectors with AI agent | https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector-builder-agent | | Implement push-based codeless connectors for Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/create-push-codeless-connector | | Query Sentinel graphs using GQL syntax and operators | https://learn.microsoft.com/en-us/azure/sentinel/datalake/gql-reference-for-sentinel-custom-graph | | Call Sentinel custom graph REST APIs from clients | https://learn.microsoft.com/en-us/azure/sentinel/datalake/graph-rest-api | | Query and visualize custom security graphs in Sentinel graph | https://learn.microsoft.com/en-us/azure/sentinel/datalake/graph-visualization | | Call Sentinel data lake KQL query REST APIs programmatically | https://learn.microsoft.com/en-us/azure/sentinel/datalake/kql-queries-api | | Use sample KQL queries for Sentinel data lake investigations | https://learn.microsoft.com/en-us/azure/sentinel/datalake/kql-sample-queries | | Run sample PySpark notebook code against Sentinel data lake | https://learn.microsoft.com/en-us/azure/sentinel/datalake/notebook-examples | | Use sentinel_graph API to build Sentinel security graphs | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-graph-provider-reference | | Use Sentinel MCP agent creation tools for Copilot agents | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-agent-creation-tool | | Use Sentinel MCP data exploration tools for lake queries | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-data-exploration-tool | | Integrate Sentinel MCP tools into Azure Logic Apps workflows | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-logic-apps | | Use Sentinel MCP triage tools for incident hunting | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-mcp-triage-tool | | Use MicrosoftSentinelProvider class to access data lake | https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-provider-class-reference | | Query and use federated data sources in Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/datalake/using-data-federation | | Enrich Sentinel entities with geolocation data using REST API | https://learn.microsoft.com/en-us/azure/sentinel/geolocation-data-api | | Manage Sentinel hunting queries via Log Analytics REST API | https://learn.microsoft.com/en-us/azure/sentinel/hunting-with-rest-api | | Bulk import threat indicators from files into Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/indicators-bulk-file-import | | Ingest Defender for Cloud incidents via Defender XDR | https://learn.microsoft.com/en-us/azure/sentinel/ingest-defender-for-cloud-incidents | | Integrate Microsoft Defender XDR with Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration | | Use ASIM KQL parsers for normalized Sentinel queries | https://learn.microsoft.com/en-us/azure/sentinel/normalization-about-parsers | | Develop and deploy custom ASIM parsers | https://learn.microsoft.com/en-us/azure/sentinel/normalization-develop-parsers | | Apply ASIM helper functions in KQL queries | https://learn.microsoft.com/en-us/azure/sentinel/normalization-functions | | Build Power BI reports from Sentinel log data | https://learn.microsoft.com/en-us/azure/sentinel/powerbi | | Integrate Microsoft Purview insights and rules with Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/purview-solution | | Trigger Sentinel playbooks from entities during investigations | https://learn.microsoft.com/en-us/azure/sentinel/respond-threats-during-investigation | | Use Sentinel SAP solution KQL functions for analysis | https://learn.microsoft.com/en-us/azure/sentinel/sap/sap-solution-function-reference | | Monitor Zero Trust TIC 3.0 with Sentinel solution | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-solution | | Call Sentinel SOC optimization recommendations API | https://learn.microsoft.com/en-us/azure/sentinel/soc-optimization/soc-optimization-api | | Import threat intelligence STIX objects into Sentinel via upload API | https://learn.microsoft.com/en-us/azure/sentinel/stix-objects-api | | Extract non-native incident entities with Sentinel playbooks | https://learn.microsoft.com/en-us/azure/sentinel/tutorial-extract-incident-entities | | Use legacy Sentinel upload indicators API for STIX IOCs | https://learn.microsoft.com/en-us/azure/sentinel/upload-indicators-api | | Query STIX indicator and object tables in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/work-with-stix-objects-indicators |
Deployment
| Topic | URL | |-------|-----| | Create and customize Sentinel playbooks from templates | https://learn.microsoft.com/en-us/azure/sentinel/automation/use-playbook-templates | | Deploy Sentinel Business Apps solution for Power Platform | https://learn.microsoft.com/en-us/azure/sentinel/business-applications/deploy-power-platform-solution | | Set up CI/CD for Sentinel custom content | https://learn.microsoft.com/en-us/azure/sentinel/ci-cd | | Manage Sentinel custom content with repository connections | https://learn.microsoft.com/en-us/azure/sentinel/ci-cd-custom-content | | Customize repository-based deployments in Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/ci-cd-custom-deploy | | Onboard Azure Stack Hub VMs to Microsoft Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-stack | | Connect Dynamics 365 Finance and Operations to Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/dynamics-365/deploy-dynamics-365-finance-operations-solution | | Import and export Sentinel analytics rules via ARM | https://learn.microsoft.com/en-us/azure/sentinel/import-export-analytics-rules | | Import and export Microsoft Sentinel automation rules as code | https://learn.microsoft.com/en-us/azure/sentinel/import-export-automation-rules | | Package and publish Sentinel platform solutions | https://learn.microsoft.com/en-us/azure/sentinel/package-platform-solution | | Publish Microsoft Sentinel SIEM solutions to marketplace | https://learn.microsoft.com/en-us/azure/sentinel/publish-sentinel-solutions | | Deploy SAP data connector agent via command line | https://learn.microsoft.com/en-us/azure/sentinel/sap/deploy-command-line | | Deploy containerized SAP data connector to Sentinel | https://learn.microsoft.com/en-us/azure/sentinel/sap/deploy-data-connector-agent-container | | Deploy Microsoft Sentinel solution for SAP BTP | https://learn.microsoft.com/en-us/azure/sentinel/sap/deploy-sap-btp-solution | | Deploy Sentinel solution for SAP applications | https://learn.microsoft.com/en-us/azure/sentinel/sap/deployment-overview | | Update Microsoft Sentinel SAP data connector agent | https://learn.microsoft.com/en-us/azure/sentinel/sap/update-sap-data-connector | | Deploy Sentinel solutions from Content hub | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-solutions-deploy | | Track Microsoft Sentinel solution status post-publish | https://learn.microsoft.com/en-us/azure/sentinel/sentinel-solutions-post-publish-tracking |
Related Skills
microsoftdocs/microsoft-foundry
tools
VerifiedTrustedCommunity
Expert knowledge for Microsoft Foundry (aka Azure AI Foundry) development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when building Foundry agents with Azure OpenAI, model router patterns, MCP tools, private networking, or eval workflows, and other Microsoft Foundry related development tasks. Not for Microsoft Foundry Classic (use microsoft-foundry-classic), Microsoft Foundry Local (use microsoft-foundry-local), Microsoft Foundry Tools (use microsoft-foundry-tools).
568SKILL.mdUpdated Apr 17, 2026
microsoftdocs/microsoft-foundry-local
tools
VerifiedTrustedCommunity
Expert knowledge for Microsoft Foundry Local (aka Azure AI Foundry Local) development including troubleshooting, decision making, configuration, and integrations & coding patterns. Use when calling Foundry Local REST/chat APIs, tools, transcription, LangChain apps, Olive HF compilation, or CLI, and other Microsoft Foundry Local related development tasks. Not for Microsoft Foundry (use microsoft-foundry), Microsoft Foundry Classic (use microsoft-foundry-classic), Microsoft Foundry Tools (use microsoft-foundry-tools), Azure Local (use azure-local).
568SKILL.mdUpdated Apr 17, 2026
microsoftdocs/microsoft-foundry-classic
tools
VerifiedTrustedCommunity
Expert knowledge for Microsoft Foundry Classic (aka Azure AI Foundry classic) development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when building Foundry agents, configuring model routing, securing VNets/Private Link, integrating tools/SDKs, or deploying hubs, and other Microsoft Foundry Classic related development tasks. Not for Microsoft Foundry (use microsoft-foundry), Microsoft Foundry Local (use microsoft-foundry-local), Microsoft Foundry Tools (use microsoft-foundry-tools).
568SKILL.mdUpdated Apr 17, 2026
microsoftdocs/azure-well-architected
development
VerifiedTrustedCommunity
Expert guidance for designing, assessing, and optimizing Azure workloads using Azure Well Architected. Covers design review checklists, recommendations, design principles, tradeoffs, service guides, workload patterns, and assessment questions. Use when designing AI, HPC, SaaS, AVD, or mission-critical workloads with WAF-aligned Azure patterns and guidance, and other Azure Well Architected related development tasks.
568SKILL.mdUpdated Apr 17, 2026