{"id":"47eed9c2-d905-46af-9f75-bc17576f4bda","shortId":"pj5znw","kind":"skill","title":"azure-firewall-manager","tagline":"Expert knowledge for Azure Firewall Manager development including best practices, decision making, security, and configuration. Use when managing DDoS plans, WAF policies, DNS proxy/FQDN rules, IP Groups, or secured virtual hub vs VNet, and other Azure Firewall Manager related de","description":"# Azure Firewall Manager Skill\n\nThis skill provides expert guidance for Azure Firewall Manager. Covers best practices, decision making, security, and configuration. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Best Practices | L32-L36 | Details on how Azure Firewall evaluates and processes rules, rule collection groups, and policies, including priority, matching logic, and traffic filtering behavior |\n| Decision Making | L37-L41 | Guidance on choosing between a secured virtual hub and a hub virtual network in Azure Firewall Manager, including architecture, security, routing, and management trade-offs. |\n| Security | L42-L48 | Configuring Azure Firewall Manager for security: DDoS Protection plans, centralized WAF policy management, and threat intelligence-based traffic filtering. |\n| Configuration | L49-L57 | Configuring Azure Firewall policies: DNS/DNS proxy, FQDN filtering, IP Groups, rule migration, rule hierarchy/inheritance, and securing private endpoint traffic in Virtual WAN. |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Understand Azure Firewall rule processing order and logic | https://learn.microsoft.com/en-us/azure/firewall-manager/rule-processing |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Choose between secured virtual hub and hub virtual network | https://learn.microsoft.com/en-us/azure/firewall-manager/vhubs-and-vnets |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Configure Azure DDoS Protection plans via Firewall Manager | https://learn.microsoft.com/en-us/azure/firewall-manager/configure-ddos |\n| Centrally manage WAF policies with Azure Firewall Manager | https://learn.microsoft.com/en-us/azure/firewall-manager/manage-web-application-firewall-policies |\n| Configure threat intelligence-based filtering in Azure Firewall policy | https://learn.microsoft.com/en-us/azure/firewall-manager/threat-intelligence-settings |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Configure DNS servers and DNS proxy in Azure Firewall policy | https://learn.microsoft.com/en-us/azure/firewall-manager/dns-settings |\n| Use FQDN filtering in Azure Firewall network rules | https://learn.microsoft.com/en-us/azure/firewall-manager/fqdn-filtering-network-rules |\n| Configure and reuse IP Groups in Azure Firewall policy | https://learn.microsoft.com/en-us/azure/firewall-manager/ip-groups |\n| Migrate Azure Firewall rules to Firewall policy with PowerShell | https://learn.microsoft.com/en-us/azure/firewall-manager/migrate-to-policy |\n| Secure private endpoint traffic in Azure Virtual WAN with Firewall rules | https://learn.microsoft.com/en-us/azure/firewall-manager/private-link-inspection-secure-virtual-hub |\n| Define rule hierarchy and inheritance with Azure Firewall policy | https://learn.microsoft.com/en-us/azure/firewall-manager/rule-hierarchy |","tags":["azure","firewall","manager","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions"],"capabilities":["skill","source-microsoftdocs","skill-azure-firewall-manager","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-firewall-manager","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.698","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 497 github stars · SKILL.md body (3,889 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T06:53:32.540Z","embedding":null,"createdAt":"2026-04-18T21:59:04.593Z","updatedAt":"2026-04-22T06:53:32.540Z","lastSeenAt":"2026-04-22T06:53:32.540Z","tsv":"'/en-us/azure/firewall-manager/configure-ddos':365 '/en-us/azure/firewall-manager/dns-settings':405 '/en-us/azure/firewall-manager/fqdn-filtering-network-rules':416 '/en-us/azure/firewall-manager/ip-groups':428 '/en-us/azure/firewall-manager/manage-web-application-firewall-policies':376 '/en-us/azure/firewall-manager/migrate-to-policy':440 '/en-us/azure/firewall-manager/private-link-inspection-secure-virtual-hub':454 '/en-us/azure/firewall-manager/rule-hierarchy':466 '/en-us/azure/firewall-manager/rule-processing':335 '/en-us/azure/firewall-manager/threat-intelligence-settings':389 '/en-us/azure/firewall-manager/vhubs-and-vnets':351 '/microsoftdocs/mcp/blob/main/readme.md)':165 '3':136 'accept':204 'access':170 'agent':85,129,188,202 'architectur':263 'avail':155 'azur':2,8,40,45,55,221,259,276,300,326,356,371,384,400,410,423,430,446,461 'azure-firewall-manag':1 'base':292,381 'behavior':239 'best':13,59,213,321 'capabl':77 'categori':88,96,112,208,210 'central':284,366 'choos':247,340 'collect':228 'combin':67 'configur':19,65,275,295,299,355,377,390,393,417 'content':72,174 'cover':58 'ddos':23,281,357 'de':44 'decis':15,61,240,336 'defin':455 'descript':212 'detail':218 'develop':11 'dns':27,394,397 'dns/dns':303 'doc':180 'document':75,173 'e.g':100,116 'endpoint':316,443 'evalu':223 'expert':5,52 'fallback':192 'fetch':76,172,181,194 'file':106,114,121,126 'filter':238,294,306,382,408 'firewal':3,9,41,46,56,222,260,277,301,327,361,372,385,401,411,424,431,434,450,462 'fqdn':305,407 'github.com':164 'github.com/microsoftdocs/mcp/blob/main/readme.md)':163 'group':31,229,308,421 'guid':162 'guidanc':53,245 'hierarchi':457 'hierarchy/inheritance':312 'hub':35,252,255,344,346 'import':83,127 'includ':12,232,262 'index':89,209 'inherit':459 'instal':159,161 'intellig':291,380 'intelligence-bas':290,379 'ip':30,307,420 'knowledg':6 'l120':103 'l32':216 'l32-l36':215 'l35':102 'l35-l120':101 'l36':217 'l37':243 'l37-l41':242 'l41':244 'l42':273 'l42-l48':272 'l48':274 'l49':297 'l49-l57':296 'l57':298 'latest':144 'learn':187,201 'learn-agent-skil':186,200 'learn.microsoft.com':334,350,364,375,388,404,415,427,439,453,465 'learn.microsoft.com/en-us/azure/firewall-manager/configure-ddos':363 'learn.microsoft.com/en-us/azure/firewall-manager/dns-settings':403 'learn.microsoft.com/en-us/azure/firewall-manager/fqdn-filtering-network-rules':414 'learn.microsoft.com/en-us/azure/firewall-manager/ip-groups':426 'learn.microsoft.com/en-us/azure/firewall-manager/manage-web-application-firewall-policies':374 'learn.microsoft.com/en-us/azure/firewall-manager/migrate-to-policy':438 'learn.microsoft.com/en-us/azure/firewall-manager/private-link-inspection-secure-virtual-hub':452 'learn.microsoft.com/en-us/azure/firewall-manager/rule-hierarchy':464 'learn.microsoft.com/en-us/azure/firewall-manager/rule-processing':333 'learn.microsoft.com/en-us/azure/firewall-manager/threat-intelligence-settings':387 'learn.microsoft.com/en-us/azure/firewall-manager/vhubs-and-vnets':349 'line':98,110,211 'link':115,124 'local':68 'locat':92 'logic':235,332 'make':16,62,241,337 'manag':4,10,22,42,47,57,261,267,278,287,362,367,373 'markdown':191,207 'match':234 'mcp':150,177 'metadata.generated':131 'microsoft':179 'microsoftdoc':151,178 'migrat':310,429 'month':137 'network':169,257,348,412 'off':270 'old':138 'order':330 'plan':24,283,359 'polici':26,231,286,302,369,386,402,425,435,463 'powershel':437 'practic':14,60,214,322 'prefer':175 'prioriti':233 'privat':315,442 'process':225,329 'protect':282,358 'provid':51 'proxi':304,398 'proxy/fqdn':28 'pull':142 'queri':183,197 'quick':70 'quick-refer':69 'rang':99 'read':105,120 'refer':71,125 'relat':43 'relev':93 'remot':74 'repositori':148 'requir':168 'return':190,206 'reus':419 'rout':265 'rule':29,226,227,309,311,328,413,432,451,456 'section':94 'secur':17,33,63,250,264,271,280,314,342,352,441 'security.md':117,118 'server':395 'skill':48,50,82,167,189,203 'skill-azure-firewall-manager' 'source-microsoftdocs' 'specifi':109 'string':184,198 'suggest':139,156 'text/markdown':205 'threat':289,378 'tool':152 'topic':323,338,353,391 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'trade':269 'trade-off':268 'traffic':237,293,317,444 'understand':325 'url':324,339,354,392 'use':20,80,86,104,119,176,193,406 'user':141,158 'version':145 'via':360 'virtual':34,251,256,319,343,347,447 'vnet':37 'vs':36 'waf':25,285,368 'wan':320,448 'webpag':195","prices":[{"id":"ec67d5c2-15fd-4b84-8c15-6b5b4a406ec2","listingId":"47eed9c2-d905-46af-9f75-bc17576f4bda","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:59:04.593Z"}],"sources":[{"listingId":"47eed9c2-d905-46af-9f75-bc17576f4bda","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-firewall-manager","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-firewall-manager","isPrimary":false,"firstSeenAt":"2026-04-18T21:59:04.593Z","lastSeenAt":"2026-04-22T06:53:32.540Z"}],"details":{"listingId":"47eed9c2-d905-46af-9f75-bc17576f4bda","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-firewall-manager","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":497,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-04-22T01:37:27Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"c69410eb910ceaa371f14e6159885376816f3c79","skill_md_path":"skills/azure-firewall-manager/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-firewall-manager"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-firewall-manager","description":"Expert knowledge for Azure Firewall Manager development including best practices, decision making, security, and configuration. Use when managing DDoS plans, WAF policies, DNS proxy/FQDN rules, IP Groups, or secured virtual hub vs VNet, and other Azure Firewall Manager related development tasks. Not for Azure Firewall (use azure-firewall), Azure Virtual Network Manager (use azure-virtual-network-manager), Azure Network Function Manager (use azure-network-function-manager), Azure Networking (use azure-networking).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-firewall-manager"},"updatedAt":"2026-04-22T06:53:32.540Z"}}