June 19, 2026

12 min to read

After passing AZ-104 or AZ-305, the next practical step is learning Azure Infrastructure as Code. This guide explains the modern Azure IaC toolkit for Azure engineers: GitHub, Visual Studio Code, PowerShell 7, ARM templates, Bicep, GitHub Actions, and Azure DevOps.

AZ-104Azure Infrastructure as CodeChecked: 19 June 2026Microsoft Learn based

After AZ-104: Azure IaC Study Guide

A practical post-certification guide for Azure administrators and engineers. It shows what to learn after AZ-104 or AZ-305, and maps the next skills to official Microsoft Learn resources.

Focus areas: GitHub, Visual Studio Code, PowerShell 7, ARM templates, Bicep, GitHub Actions, Azure Pipelines, and Azure DevOps.

Why IaC after AZ-104 and AZ-305?

AZ-104 proves you can implement, manage, and monitor Azure resources. AZ-305 proves you can design Azure infrastructure solutions. IaC is where those skills become operational: you describe the target state, store it in Git, review changes through pull requests, and deploy through repeatable pipelines.

Microsoft describes Infrastructure as Code as using DevOps methodology and versioning with a descriptive model to define and deploy infrastructure. In real Azure engineering work, this means fewer manual mistakes, faster environment creation, easier rollback, and stronger governance.

Official certification and concept references: AZ-104 study guide · AZ-305 exam page · What is Infrastructure as Code?

1. Source controlGit, GitHub, Azure Repos, pull requests

2. Authoring toolsVS Code, Bicep extension, PowerShell, Azure CLI

3. Deployment languageBicep first, ARM JSON when required

4. AutomationGitHub Actions or Azure Pipelines

5. GovernanceRBAC, policies, management groups, naming standards

6. OperationsMonitoring, backup, validation, what-if, rollback

Updated roadmap

The modern Azure IaC toolchain

Area	What to learn now	Why it matters after AZ-104 / AZ-305	Official documentation
GitHub and Git	Repositories, branches, pull requests, issues, protected branches, GitHub Actions, secrets, environments.	IaC is code. You need version history, peer review, and safe promotion from dev to test to production.	GitHub Skills · Introduction to GitHub Actions
Visual Studio Code	Workspace navigation, source control view, terminal, extensions, Bicep language support, IntelliSense, validation, and Git integration.	VS Code becomes the daily working environment for Azure IaC, PowerShell scripts, YAML pipelines, JSON files, and documentation.	Set up VS Code · Create Bicep files with VS Code
PowerShell 7 and Azure PowerShell	PowerShell 7+, Az module, authentication, subscriptions, resource queries, deployment commands, automation scripts.	Azure administrators need repeatable command-line operations for deployment, troubleshooting, reporting, and guardrail automation.	What is Azure PowerShell? · Get started with Azure PowerShell
ARM templates	Understand JSON templates, parameters, variables, resources, outputs, deployment scopes, and template reference.	ARM is still the deployment engine underneath Bicep. You must be able to read exported templates and legacy enterprise code.	ARM template overview · ARM templates learning path
Bicep	Resource declarations, parameters, variables, outputs, modules, existing resources, loops, conditions, decorators, registries, deployment stacks.	Bicep is the practical default for Azure-native IaC because it gives cleaner syntax while still deploying through Azure Resource Manager.	Bicep documentation · Implement Bicep
Azure DevOps	Azure Repos, Azure Pipelines, YAML pipelines, service connections, variable groups, environments, approvals, pipeline templates.	Many enterprises still standardise on Azure DevOps for infrastructure delivery, controlled releases, and enterprise-grade deployment governance.	Azure Repos documentation · Azure Pipelines documentation

GitHub knowledge

GitHub is more than a place to store code. For IaC, it is the control point for collaboration, history, review, automation, and security. Start with Git basics, then move into pull requests and GitHub Actions.

What changed from the older version of this post: GitHub Actions is no longer just an optional extra. It is a mainstream way to run CI/CD for Azure IaC, especially when teams use GitHub as their source control platform.

Create repositories for reusable IaC modules and environment-specific deployment code.
Use branches and pull requests so every infrastructure change is reviewed.
Use GitHub Actions workflows for validation, what-if, linting, and deployment.
Store secrets and deployment credentials securely; avoid hardcoding tokens or subscription details.
Use issues or project boards to track technical debt, module improvements, and platform changes.

Official learning: GitHub Skills · Introduction to GitHub Actions · Continuous integration with GitHub Actions

Visual Studio Code

VS Code is still the best lightweight editor for Azure infrastructure work. It handles Bicep, PowerShell, JSON, YAML, Markdown, Git, and integrated terminal workflows in one place. Microsoft’s current VS Code documentation also highlights AI-assisted and agentic coding features, but the IaC fundamentals remain the same: fast editing, IntelliSense, validation, and source control.

Install the Bicep extension for syntax highlighting, validation, completions, and resource type support.
Use the Source Control view to stage, commit, review, and compare IaC changes.
Use the integrated terminal for az, pwsh, git, and deployment commands.
Use workspaces to separate modules, platform code, and application infrastructure code.
Use Markdown files next to your IaC modules to document parameters, dependencies, and examples.

Official documentation: Set up VS Code · VS Code user interface · Install Bicep tools · Deploy Bicep files with VS Code

PowerShell 7 and Azure PowerShell

PowerShell remains a core Azure administrator skill. The modern baseline is PowerShell 7 or later with the Az PowerShell module. Microsoft states that PowerShell 7.2 or higher is the recommended version for the Az module on all platforms, and the Az module works across Windows, Linux, and macOS.

For IaC, PowerShell is not a replacement for Bicep. It is the operational glue around IaC: preparing subscriptions, querying resources, calling deployments, testing results, generating reports, and automating administrative tasks.

# Common Azure PowerShell workflow
Connect-AzAccount
Set-AzContext -Subscription "Your subscription name"
New-AzResourceGroup -Name rg-iac-demo-aue -Location australiaeast
New-AzResourceGroupDeployment -ResourceGroupName rg-iac-demo-aue -TemplateFile main.bicep -TemplateParameterFile main.parameters.json

Official documentation: PowerShell documentation · Install Azure PowerShell · Introducing the Az PowerShell module · Automate Administration with PowerShell

ARM templates

ARM templates are JSON files that define Azure resources declaratively. You will still see ARM templates in older projects, vendor examples, exported deployments, and generated output from other tools. Even when you choose Bicep, Azure Resource Manager remains the underlying deployment control plane.

Practical advice: do not start new Azure-native IaC work in raw ARM JSON unless your organisation has a reason to do so. Learn enough ARM to read it, troubleshoot it, and understand what Bicep compiles into.

Understand schema, parameters, variables, resources, functions, dependencies, and outputs.
Know deployment scopes: resource group, subscription, management group, and tenant.
Learn how to validate deployments and use what-if before applying changes.
Use the Azure resource reference when checking exact resource type names, API versions, and properties.

Official documentation: ARM template overview · ARM template syntax · Bicep, ARM template, and Terraform AzAPI reference · Deploy and manage resources using ARM templates

Bicep

Bicep is Microsoft’s domain-specific language for deploying Azure resources declaratively. It uses simpler syntax than ARM JSON while still deploying through Azure Resource Manager. For most Azure-native infrastructure engineers, Bicep should be the first IaC language to master after AZ-104.

Learn Bicep in stages: first resources and parameters, then modules, then reusable module registries, then deployment automation, then enterprise patterns such as policies, role assignments, naming conventions, and deployment stacks.

param location string = resourceGroup().location
param storageAccountName string

resource stg 'Microsoft.Storage/storageAccounts@2025-01-01' = {
  name: storageAccountName
  location: location
  sku: { name: 'Standard_LRS' }
  kind: 'StorageV2'
}

Use modules to split large deployments into reusable building blocks.
Use parameter files for environment-specific values.
Use existing resources when your deployment depends on resources created elsewhere.
Use loops and conditions carefully; keep readability more important than cleverness.
Use what-if and validation before production deployments.
Explore deployment stacks for stronger lifecycle management of deployed resources.

Official documentation: What is Bicep? · Bicep file structure and syntax · Bicep modules · Deployment stacks with Bicep · Implement Bicep

Azure DevOps and Azure Pipelines

Azure DevOps remains heavily used in enterprise Azure environments. For infrastructure teams, the most important services are Azure Repos for Git source control and Azure Pipelines for automated validation and deployment.

Focus on YAML pipelines rather than classic release pipelines. Microsoft’s YAML schema documentation defines pipelines as stages, jobs, and steps, and this structure maps naturally to IaC flows such as validate, what-if, deploy to test, approve, and deploy to production.

trigger:
- main

stages:
- stage: Validate
  jobs:
  - job: WhatIf
    steps:
    - task: AzureCLI@2
      inputs:
        azureSubscription: 'platform-service-connection'
        scriptType: 'pscore'
        scriptLocation: 'inlineScript'
        inlineScript: 'az deployment group what-if --resource-group rg-demo --template-file main.bicep'

Use service connections for secure Azure authentication from pipelines.
Use stages for environment promotion and approvals.
Use templates to standardise pipeline behaviour across teams.
Use variable groups or pipeline variables for non-secret configuration.
Use secure secret storage for credentials and sensitive values.
Run validation and what-if before deployment.

Official documentation: Azure Repos Git documentation · Azure Pipelines documentation · Azure Pipelines YAML schema · Integrate Bicep with Azure Pipelines · YAML pipeline templates

Suggested study sequence

Week 1: Git and GitHub fundamentals. Create a repo, branch, commit, pull request, and simple GitHub Action.
Week 2: VS Code and PowerShell 7. Practise using the terminal, source control, Az module, and Azure CLI side by side.
Week 3: ARM template basics. Read JSON templates, understand parameters, and inspect the Azure resource reference.
Week 4: Bicep fundamentals. Deploy a resource group, storage account, VNet, VM, and role assignment using modules.
Week 5: Pipelines. Build a validation and what-if workflow in GitHub Actions or Azure Pipelines.
Week 6: Enterprise patterns. Add naming, tags, policy assignments, RBAC, diagnostics, and environment promotion.

Conclusion

After AZ-104 or AZ-305, the strongest next move is not another random tool. It is learning how to deliver Azure infrastructure safely through code. Start with Git and VS Code, automate with PowerShell and Azure CLI, understand ARM templates, write new deployments in Bicep, and use GitHub Actions or Azure Pipelines to make delivery repeatable.

The real value of IaC is not only speed. It is consistency, reviewability, auditability, and confidence. That is what turns Azure administration into Azure engineering.

About me

Maxim Sokolov, author of the SokolovTech Azure and DevOps blog

I’m Maxim Sokolov, the person behind SokolovTech. This blog is where I share practical Azure, DevOps, infrastructure automation, security, monitoring and AI platform notes from real builds, fixes and experiments.

After AZ-104 and AZ-305: Infrastructure as Code Study Guide for Azure Engineers