SkarpSkarp

Chapter 15 of 20

Azure Management Tools: Portal, Azure CLI, PowerShell, and Cloud Shell

Compare the main ways to interact with Azure and see where each tool shines, from quick portal clicks to repeatable command-line automation.

27 min readen

The Big Picture: Ways to Manage Azure

Four Main Azure Management Tools

Azure resources are managed through Azure Resource Manager. You interact with it using four main tools: Azure portal, Azure CLI, Azure PowerShell, and Azure Cloud Shell.

Same Backend, Different Interfaces

All tools talk to the same Azure APIs and respect role-based access control (RBAC) and Azure Policy. None of them can bypass your permissions or policies.

Remote Control Analogy

Portal is a graphical menu, CLI is a simple button remote, PowerShell is a programmable remote, and Cloud Shell is a remote built into the TV screen (browser), already signed in.

Exam Angle

AZ-900 scenarios describe needs like automation, scripting, or visualization. Your job is to choose the tool that best matches those requirements.

Azure Portal: Web-Based Graphical Interface

What Is the Azure Portal?

The Azure portal is a web-based graphical interface you open in a browser to create, view, and manage Azure resources using forms, buttons, and dashboards.

Why Use the Portal?

It is visual and intuitive, requires no installation, and offers dashboards, charts, and blade-based navigation, making it ideal for learning and quick, one-off tasks.

Governance in the Portal

You can visually inspect RBAC role assignments, Azure Policy compliance, and resource locks right on resource blades, tying UI actions to governance concepts.

Portal Limitations

Portal clicks are slower and less repeatable than scripts. It is not the best choice for large-scale automation or tasks you must repeat often.

Hands-On Walkthrough: Creating a Resource Group in the Portal

Scenario Setup

You want a separate resource group named `rg-portal-demo` in `East US` for testing a new web app. You will do this using the Azure portal.

Creating the Group

In the portal, open Resource groups, click Create, choose your subscription, enter `rg-portal-demo`, select `East US`, then click Review + create and Create.

What You See After

Once created, the resource group blade lets you add resources, check Access control (IAM), apply Azure Policy assignments, and set resource locks.

Exam Link

Portal is the right answer when the scenario emphasizes beginners, a graphical interface, quick manual setup, or visually exploring resource settings.

Azure CLI: Cross-Platform Command-Line Tool

What Is Azure CLI?

Azure CLI is a cross-platform command-line tool with commands like `az group create`, designed to work the same way on Windows, macOS, and Linux.

Why Use Azure CLI?

It is ideal for repeatable tasks, scripting, and DevOps pipelines, especially for users comfortable with Bash or other shell environments.

Strengths and Limits

Strengths: simple syntax, cross-platform, script-friendly. Limits: less integrated with PowerShell’s object pipeline than Azure PowerShell.

Exam Clues for CLI

Look for mentions of Linux, macOS, Bash, or cross-platform command-line automation. Those strongly hint at Azure CLI as the right tool.

Azure CLI in Action: Resource Group and Storage Account

Here is a simple Azure CLI example that mirrors what you did in the portal, plus one extra resource. You do not need to run this now; focus on recognizing the pattern.

```bash

Log in interactively (outside Cloud Shell)

az login

1. Create a resource group

az group create \

--name rg-cli-demo \

--location eastus

2. Create a storage account in that resource group

az storage account create \

--name myclistorage$RANDOM \

--resource-group rg-cli-demo \

--location eastus \

--sku Standard_LRS

3. List storage accounts in the resource group

az storage account list \

--resource-group rg-cli-demo \

--output table

```

Key exam-relevant observations:

  • `az group create` and `az storage account create` follow the `az <resource> <action>` pattern.
  • Parameters use `--name`, `--location`, and `--resource-group`, which appear frequently in questions and examples.
  • `--output table` is a common way to get human-readable output, but the exam focuses more on understanding what the commands do than on formatting.

Azure PowerShell: PowerShell Modules for Azure Management

What Is Azure PowerShell?

Azure PowerShell is a set of `Az` PowerShell modules that manage Azure using cmdlets like `Get-AzResourceGroup` and `New-AzVM`.

Object-Oriented Management

Azure PowerShell returns rich objects, which you can filter, sort, and pipe between cmdlets, enabling powerful automation and reporting.

Who Likes It?

It is popular with Windows admins and anyone already using PowerShell for on-premises tasks who wants to extend that skill set to Azure.

Exam Clues for PowerShell

Look for mentions of PowerShell scripts, Windows administrators, or Az modules. Those are strong hints to choose Azure PowerShell.

Azure PowerShell in Action: Resource Group and Storage Account

Compare this Azure PowerShell example with the Azure CLI example. Both do almost the same thing, but the syntax reflects PowerShell conventions.

```powershell

Log in interactively (outside Cloud Shell)

Connect-AzAccount

1. Create a resource group

New-AzResourceGroup -Name "rg-ps-demo" -Location "EastUS"

2. Create a storage account in that resource group

$storageName = "psstor" + (Get-Random)

New-AzStorageAccount \

-Name $storageName \

-ResourceGroupName "rg-ps-demo" \

-Location "EastUS" \

-SkuName "Standard_LRS" \

-Kind "StorageV2"

3. List storage accounts in the resource group

Get-AzStorageAccount -ResourceGroupName "rg-ps-demo" |

Select-Object StorageAccountName, Location, SkuName

```

Notice:

  • `Connect-AzAccount` is the typical sign-in cmdlet.
  • Cmdlets use the `Verb-AzNoun` pattern, such as `New-AzResourceGroup` and `New-AzStorageAccount`.
  • Output is object-based, so you can pipe into `Select-Object`, `Where-Object`, or other cmdlets for further processing.

On AZ-900, you will not be asked to memorize exact cmdlet names, but you should recognize that this style of command is Azure PowerShell, not Azure CLI.

Azure Cloud Shell: Browser-Based Authenticated Shell

What Is Azure Cloud Shell?

Azure Cloud Shell is a browser-based shell that provides authenticated Bash (Azure CLI) or PowerShell access without installing tools locally.

Key Features

It is pre-authenticated, has Azure CLI and Azure PowerShell pre-installed, and mounts persistent storage for your scripts and files.

When to Use Cloud Shell

Use it when you cannot install tools locally or want a quick, consistent environment for Azure CLI or Azure PowerShell commands.

Exam Clues for Cloud Shell

Phrases like "from a browser", "no local installation", or "pre-authenticated shell in the portal" point directly to Azure Cloud Shell.

Thought Exercise: Match Scenario to Tool

Apply what you have learned by mentally matching each scenario to the most appropriate tool. Think it through before checking the suggested answers.

  1. Scenario A: A new intern needs to visually explore all resources in a subscription, see costs, and check which policies apply to a specific resource group.
  • Which tool? Why?
  1. Scenario B: A DevOps engineer on Linux wants to automate creation of 10 identical test environments and integrate this into a CI/CD pipeline.
  • Which tool? Why?
  1. Scenario C: A Windows admin already managing on-premises servers with PowerShell needs to generate a report of all Azure VMs with their sizes and locations.
  • Which tool? Why?
  1. Scenario D: A consultant is on a locked-down client laptop where they cannot install software but must quickly run a few Azure commands.
  • Which tool? Why?

Suggested answers (compare with your reasoning):

  1. Scenario A: Azure portal (visual exploration, dashboards, policies, and costs).
  2. Scenario B: Azure CLI (cross-platform, Bash-friendly automation and pipelines).
  3. Scenario C: Azure PowerShell (PowerShell skills, object-based reporting).
  4. Scenario D: Azure Cloud Shell (browser-based, pre-authenticated, no install required).

On AZ-900, questions often hide these clues in longer stories. Practice spotting the keywords that hint at each tool.

Quick Check 1: Portal vs CLI vs PowerShell vs Cloud Shell

Test your ability to choose the right Azure management tool based on a short scenario.

You are on a borrowed laptop and need to quickly run a few Azure CLI and Azure PowerShell commands without installing anything. Which option is BEST?

  1. Use the Azure portal and click through the blades
  2. Use Azure Cloud Shell from the browser
  3. Download and install Azure CLI and Azure PowerShell locally
  4. Use Azure PowerShell ISE installed on the laptop
Show Answer

Answer: B) Use Azure Cloud Shell from the browser

Azure Cloud Shell runs in the browser, provides both Azure CLI and Azure PowerShell, and does not require local installation. The portal alone does not give you a command-line shell; installing tools locally is not possible on a locked-down or borrowed machine.

Quick Check 2: Azure CLI vs Azure PowerShell

Distinguish between Azure CLI and Azure PowerShell based on how they are described.

A team wants cross-platform command-line automation using simple commands like `az group create` that will run the same on Windows, macOS, and Linux. Which tool should they choose?

  1. Azure portal
  2. Azure Cloud Shell
  3. Azure CLI
  4. Azure PowerShell
Show Answer

Answer: C) Azure CLI

The `az` command pattern and the need for cross-platform command-line automation point to Azure CLI. Cloud Shell can host Azure CLI, but the tool itself they are choosing is Azure CLI.

Flashcards: Key Azure Management Tools

Use these flashcards to reinforce the core concepts and typical use cases for each Azure management tool.

Azure portal
A web-based graphical interface for managing Azure resources. Best for visual exploration, dashboards, one-off tasks, and learning how services are structured.
Azure CLI
A cross-platform command-line tool with commands like `az group create`. Ideal for scripting, automation, and DevOps pipelines on Windows, macOS, and Linux.
Azure PowerShell
A set of PowerShell Az modules that manage Azure with object-based cmdlets like `New-AzResourceGroup`. Well-suited to Windows admins and advanced automation.
Azure Cloud Shell
A browser-based shell environment that provides authenticated access to Azure CLI and Azure PowerShell, with tools pre-installed and persistent storage.
Best tool for: Visualizing policies, RBAC, and resource health
Azure portal – it provides blades for Access control (IAM), Azure Policy compliance, locks, and monitoring charts.
Best tool for: Bash-based automation from Linux
Azure CLI – designed for cross-platform scripting with simple, text-based commands.
Best tool for: PowerShell-heavy Windows admin scripts
Azure PowerShell – integrates with existing PowerShell workflows and returns rich objects for reporting.
Best tool for: Running commands from a browser without installing anything
Azure Cloud Shell – opens in the portal, is pre-authenticated, and includes both Azure CLI and Azure PowerShell.

Summary and Exam-Focused Comparison

Portal Recap

Azure portal: browser-based GUI for visual management, dashboards, and exploring RBAC, Azure Policy, and locks on resources.

CLI and PowerShell Recap

Azure CLI: `az` commands, cross-platform scripting. Azure PowerShell: Az modules, object-based cmdlets for PowerShell automation.

Cloud Shell Recap

Azure Cloud Shell: browser-based, pre-authenticated environment with Azure CLI and Azure PowerShell pre-installed, no local setup needed.

Next in Your Skarp Path

Your next mock exam will blend these tools into governance scenarios. Spaced review and the gap guide will reinforce whichever tools you mix up.

Key Terms

Azure CLI
A cross-platform command-line tool for managing Azure resources using `az` commands, commonly used in scripts and DevOps pipelines.
Azure Policy
Azure Policy is a service in Azure that you use to create, assign, and manage policies that enforce rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
Azure portal
A web-based graphical interface for managing Azure resources, providing dashboards, blades, and visual access to services, RBAC, Azure Policy, and monitoring.
Azure PowerShell
A set of PowerShell Az modules that provide cmdlets to manage Azure resources through the PowerShell scripting language.
Azure Cloud Shell
A browser-based shell environment hosted in Azure that provides authenticated access to Azure CLI and Azure PowerShell with tools pre-installed.
Microsoft Entra ID
Microsoft Entra ID is Microsoft’s cloud-based identity and access management service that helps employees sign in and access resources such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
role-based access control
Role-based access control (RBAC) is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources based on roles assigned to users, groups, and service principals.

Finished reading?

Test your understanding with a custom practice exam on this chapter.

Test yourself