Building an Azure Landing Zone touches every layer of the tenant — management groups, subscriptions, Entra ID, and policies. Before any deployment can begin, the right access needs to be in place.
Working effectively as an Azure Cloud Solution Architect requires a well-configured workstation. Whether you’re on macOS or Windows, you need a consistent set of tools for infrastructure provisioning, scripting, container management, and day-to-day cloud operations.
This post covers the tools I rely on daily and how to install them across macOS, Windows (PowerShell + Scoop), and Linux (WSL with Ubuntu).
Before you remediate a brownfield Azure environment, you need to know exactly what you’re working with. This post provides a systematic approach to discovering and documenting your current Azure state, producing output that’s both human-readable and structured for LLM-driven remediation.
Active Directory Joined Azure File Share # This article lists the commands I use to join an Azure Storage Account to an on-prem Active Direcotr
From https://docs.microsoft.com/en-ca/azure/storage/files/storage-files-identity-ad-ds-enable?WT.mc_id=Portal-Microsoft_Azure_FileStorage & https://docs.microsoft.com/en-ca/azure/storage/files/storage-files-identity-ad-ds-configure-permissions
# Install Azure Active Directory module Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force Set-PSRepository -Name PSGallery -InstallationPolicy Trusted Install-Module AZ Install-Module AzureAD # Download AzFilesHybrid PowerShell module & extract it Invoke-WebRequest -Uri "https://github.com/Azure-Samples/azure-files-samples/releases/download/v0.2.4/AzFilesHybrid.zip" -OutFile "AzFilesHybrid.zip" Expand-Archive -LiteralPath AzFilesHybrid.zip -DestinationPath AzFilesHybrid cd AzFilesHybrid\AzFilesHybrid # Install AzFilesHybrid PowerShell Get-ExecutionPolicy Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser .\CopyToPSPath.ps1 Import-Module -Name AzFilesHybrid # Connect to Azure Connect-AzAccount # Join the storage account to AD # Use Get-AzSubscription to get all subscriptions $SubscriptionName = "Microsoft-Obay Subscription" $SubscriptionId = (Get-AzSubscription -SubscriptionName $SubscriptionName).Id # Use Get-AzResourceGroup to get all resource groups $ResourceGroupName = "Contoso-rg" # Use Get-AzStorageAccount -ResourceGroupName $ResourceGroupName to get all storage accounts $StorageAccountName = "contososa" $DomainAccountType = "ComputerAccount" # The following Line assumes there is a new OU created under the domain root called AzFiles. This is where the computer account will be created #$OuDistinguishedName = "OU=AzFiles,DC=meshmesh,DC=com" # We will use RC4 only because using AES256 will require the storage account name to be limited to 15 characters #$EncryptionType = "AES256,RC4" $EncryptionType = "RC4" Select-AzSubscription -SubscriptionId $SubscriptionId Join-AzStorageAccountForAuth ` -ResourceGroupName $ResourceGroupName ` -StorageAccountName $StorageAccountName ` -DomainAccountType $DomainAccountType ` -OrganizationalUnitDistinguishedName $OuDistinguishedName ` -EncryptionType $EncryptionType # Run the command below if you want to enable AES 256 authentication. If you plan to use RC4, you can skip this step. Update-AzStorageAccountAuthForAES256 -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName Debug-AzStorageAccountAuth -StorageAccountName $StorageAccountName -ResourceGroupName $ResourceGroupName -Verbose Set Default Share Permission # From https://docs.microsoft.com/en-ca/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-powershell
