Building an Azure Landing Zone touches every layer of the tenant — management groups, subscriptions, Entra ID, and policies. Before any deployment can begin, the right access needs to be in place.
Working effectively as an Azure Cloud Solution Architect requires a well-configured workstation. Whether you’re on macOS or Windows, you need a consistent set of tools for infrastructure provisioning, scripting, container management, and day-to-day cloud operations.
This post covers the tools I rely on daily and how to install them across macOS, Windows (PowerShell + Scoop), and Linux (WSL with Ubuntu).
Before you remediate a brownfield Azure environment, you need to know exactly what you’re working with. This post provides a systematic approach to discovering and documenting your current Azure state, producing output that’s both human-readable and structured for LLM-driven remediation.
Installing doctl # brew install doctl brew install bash-completion source $(brew --prefix)/etc/bash_completion source ~/.bashrc Upgrading doctl # brew upgrade doctl Authenticating with DigitalOcean # doctl auth init # You should get someting like this # 6f600d1e574f4f5c2a3ce558db898581d190d7cbc68f5a57692104bf50fd5d2f Droplets # List all Droplets # doctl compute droplet list Create a Droplet # doctl compute droplet create <name> --region <region-slug> --image <image-slug> --size <size-slug> doctl compute droplet create pythontesting --wait --region fra1 --image 56427524 --size s-1vcpu-2gb --ssh-keys 25855785 #DO_IMAGE_ID=`doctl compute image list --public | grep ubuntu-18-04-x64 | grep "18.04.3 (LTS) x64" | cut -f1 -d' '` DO_REGION=`doctl compute region list | grep "Toronto 1" | cut -f1 -d' '` DO_IMAGE_ID=`doctl compute image list --public | grep debian-10-x64 | cut -f1 -d' '` DO_VM_SIZE=g-2vcpu-8gb DO_VM_NAME=gitlab.obay.cloud doctl compute droplet create --wait $DO_VM_NAME --region $DO_REGION --image $DO_IMAGE_ID --size $DO_VM_SIZE --ssh-keys 25855785 doctl compute ssh $DO_VM_NAME Delete a Droplet # doctl compute droplet delete 173281908 Get Droplets Details # doctl compute droplet get 173281908 SSH to Droplet # doctl compute ssh pythontesting Regions # List all regions # doctl compute region list Images # List all public images # doctl compute image list --public | grep debian # 53893565 ubuntu-14-04-x64 # 53893572 ubuntu-18-04-x64 Sizes # List all sizes # doctl compute size list List K8s Clusters on DigitalOcean # doctl kubernetes cluster list
Active Directory Joined Azure File Share # This article lists the commands I use to join an Azure Storage Account to an on-prem Active Direcotr
From https://docs.microsoft.com/en-ca/azure/storage/files/storage-files-identity-ad-ds-enable?WT.mc_id=Portal-Microsoft_Azure_FileStorage & https://docs.microsoft.com/en-ca/azure/storage/files/storage-files-identity-ad-ds-configure-permissions
# Install Azure Active Directory module Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force Set-PSRepository -Name PSGallery -InstallationPolicy Trusted Install-Module AZ Install-Module AzureAD # Download AzFilesHybrid PowerShell module & extract it Invoke-WebRequest -Uri "https://github.com/Azure-Samples/azure-files-samples/releases/download/v0.2.4/AzFilesHybrid.zip" -OutFile "AzFilesHybrid.zip" Expand-Archive -LiteralPath AzFilesHybrid.zip -DestinationPath AzFilesHybrid cd AzFilesHybrid\AzFilesHybrid # Install AzFilesHybrid PowerShell Get-ExecutionPolicy Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser .\CopyToPSPath.ps1 Import-Module -Name AzFilesHybrid # Connect to Azure Connect-AzAccount # Join the storage account to AD # Use Get-AzSubscription to get all subscriptions $SubscriptionName = "Microsoft-Obay Subscription" $SubscriptionId = (Get-AzSubscription -SubscriptionName $SubscriptionName).Id # Use Get-AzResourceGroup to get all resource groups $ResourceGroupName = "Contoso-rg" # Use Get-AzStorageAccount -ResourceGroupName $ResourceGroupName to get all storage accounts $StorageAccountName = "contososa" $DomainAccountType = "ComputerAccount" # The following Line assumes there is a new OU created under the domain root called AzFiles. This is where the computer account will be created #$OuDistinguishedName = "OU=AzFiles,DC=meshmesh,DC=com" # We will use RC4 only because using AES256 will require the storage account name to be limited to 15 characters #$EncryptionType = "AES256,RC4" $EncryptionType = "RC4" Select-AzSubscription -SubscriptionId $SubscriptionId Join-AzStorageAccountForAuth ` -ResourceGroupName $ResourceGroupName ` -StorageAccountName $StorageAccountName ` -DomainAccountType $DomainAccountType ` -OrganizationalUnitDistinguishedName $OuDistinguishedName ` -EncryptionType $EncryptionType # Run the command below if you want to enable AES 256 authentication. If you plan to use RC4, you can skip this step. Update-AzStorageAccountAuthForAES256 -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName Debug-AzStorageAccountAuth -StorageAccountName $StorageAccountName -ResourceGroupName $ResourceGroupName -Verbose Set Default Share Permission # From https://docs.microsoft.com/en-ca/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-powershell
