The Azure Model Context Protocol (MCP) Server exposes many tools you can use from an existing client to interact with Azure services through natural language prompts. For example, you can use the Azure MCP Server to interact with Azure resources conversationally from GitHub Copilot agent mode in Visual Studio Code or other AI agents with commands like these:
- "Show me all my resource groups"
- "List blobs in my storage container named 'documents'"
- "What's the value of the 'ConnectionString' key in my app configuration?"
- "Query my log analytics workspace for errors in the last hour"
- "Show me all my Cosmos DB databases"
Developer credentials and security
The MCP server uses your Azure user credentials or managed identity to ensure authorized access. Access is secured through Azure Role-Based Access Control (RBAC), providing fine-grained permissions for approved users. The local MCP server is intended strictly for developer use within your organization. Don't use these tools for external applications or scenarios outside the approved development environment.
Azure MCP Server start parameters
The azmcp server supports the following options for server start parameters:
| Option |
Required or optional |
Description |
| Debug |
Optional |
Enable debug mode with verbose logging to stderr. |
| Enable insecure transports |
Optional |
Enable insecure transport. |
| Insecure disable user confirmation |
Optional |
Disable user confirmation (elicitation) before allowing high risk commands to run, such as returning secrets (passwords) from KeyVault. |
| Namespace |
Optional |
The Azure service namespaces to expose on the MCP server (for example, storage, keyvault, cosmos). |
| Read only |
Optional |
Whether the MCP server should be read-only. If true, no write operations are allowed. |
| Transport |
Optional |
Transport mechanism to use for Azure MCP Server. |
The Azure MCP Server tools define parameters for the data they need to complete tasks. For example, these parameters might include the subscription ID, an account name, or a resource group.
You might include the data for these parameters in the prompt you use to call a tool, or the previous conversation context might establish the data. If the conversation context provides the data, the Azure MCP Server can use that information without requiring you to repeat it in every prompt. This context creates a more natural conversational experience while still ensuring all necessary data is available for the tools.
The tools reference articles document the parameters specific to each tool. All of the tools also share the following global parameters.
| Parameter |
Description |
| Subscription |
Azure subscription ID or name for target resources. This parameter identifies the Azure subscription that contains the resources you want to manage. You can use either the subscription GUID or the display name. Required for most operations. |
| Resource group |
The name of the Azure resource group. This is a logical container for Azure resources that helps organize and manage related resources together. Required for most resource-specific operations. |
| Tenant Id |
Azure tenant ID for authentication. This parameter specifies the Microsoft Entra ID tenant to authenticate against. Can be either the GUID identifier or the display name of your Entra ID tenant. Optional - uses default tenant if not specified. |
| Authentication method |
Authentication method to use for Azure operations. Options include credential (Azure CLI/managed identity), key (access key), or connectionString. Default is credential, which uses Azure CLI authentication or managed identity. |
| Maximum retries |
Maximum number of retry attempts for failed operations before giving up. Controls how many times the system attempts to retry a failed request. Default is 3 retries. |
| Retry delay |
Initial delay in seconds between retry attempts. For exponential backoff, this value is used as the base delay that gets multiplied on each retry. Default is 2 seconds. |
| Retry delay maximum |
Maximum delay in seconds between retries, regardless of the retry strategy. This parameter caps the delay time to prevent excessively long waits. Default is 10 seconds. |
| Retry mode |
Retry strategy to use when operations fail. fixed uses consistent delays between retries, while exponential increases the delay between each attempt. Default is exponential for better handling of temporary issues. |
| Retry network timeout |
Network operation timeout in seconds. When operations take longer than this timeout, they are canceled and might be retried if retries are enabled. Default is 100 seconds. |
Example prompts include:
- Set subscription: "Use subscription 'my-subscription-id' for all operations"
- Use tenant ID: "Authenticate using tenant ID 'my-tenant-id'"
- Set authentication method: "Use 'credential' authentication for this session"
- Configure retries: "Set maximum retries to 5 with a 3-second delay
- Set retry mode: "Use 'fixed' retry mode with a maximum delay of 5 seconds"
- Set network timeout: "Set network timeout to 120 seconds for all operations"
- Configure retry parameters: "Use exponential retry mode with a maximum of 4 retries and a delay of 2 seconds"
User confirmation for sensitive data
Tools that handle sensitive data, such as secrets, require user consent before execution through a security mechanism called elicitation. When you use tools that access sensitive information, the MCP client prompts you to confirm the operation before proceeding.
🛡️ Elicitation (user confirmation) Security Feature:
Elicitation prompts appear when tools might expose sensitive information like:
- Key Vault secrets
- Connection strings and passwords
- Certificate private keys
- Other confidential data
These prompts protect against unauthorized access to sensitive information. You can bypass elicitation only in automated scenarios.
Azure MCP Server provides the following tools for Azure services and Azure-related functionality.
Best practices
| Product, tool, or service |
Namespace |
Description |
| Azure best practices |
get_bestpractices |
Get guidance on Azure Functions development, deployment, and Azure SDK usage. |
| Terraform best practices for Azure |
azureterraformbestpractices |
Get guidance on implementing Terraform for Azure resources. |
AI and Machine Learning
| Product, tool, or service |
Namespace |
Description |
| Azure AI Foundry |
foundry |
Work with Azure AI Foundry models, deployments, and endpoints. |
| Azure AI Search |
search |
Manage Azure AI Search resources, including search services, indexes, and queries. |
| Azure AI Speech |
speech |
Manage Azure AI Speech resources such as speech-to-text services. |
Analytics
| Product, tool, or service |
Namespace |
Description |
| Azure App Lens |
applens |
Diagnose and analyze application performance issues using Azure App Lens. |
| Azure Data Explorer |
kusto |
Work with Azure Data Explorer clusters, databases, tables, and queries. |
| Azure Event Hubs |
eventhubs |
Manage Azure Event Hubs namespaces and event hubs. |
Compute
Containers
Databases
| Product, tool, or service |
Namespace |
Description |
| Azure Cosmos DB |
cosmos |
Work with Azure Cosmos DB accounts, databases, containers, and documents. |
| Azure Database for MySQL |
mysql |
Manage Azure Database for MySQL servers, databases, and tables. |
| Azure Database for PostgreSQL |
postgres |
Manage Azure Database for PostgreSQL servers, databases, and tables. |
| Azure Redis |
redis |
Manage Azure Redis instances, Redis clusters, and access policies. |
| Azure SQL |
sql |
Work with Azure SQL Database servers, databases, firewall rules, and elastic pools. |
| Product, tool, or service |
Namespace |
Description |
| Azure Application Insights |
applicationinsights |
List Application Insights resources. |
| Azure App Configuration |
appconfig |
Manage centralized application settings and feature flags. |
| Azure CLI |
extension |
Find Azure CLI commands and get installation instructions for CLI tools. |
| Azure Developer CLI |
extension |
Get installation instructions for Azure Developer CLI (azd), learn usage for deployment scenarios, and access azd MCP tools when azd is installed locally |
| Azure Load Testing |
loadtesting |
Create, run, and see load testing. |
DevOps
| Product, tool, or service |
Namespace |
Description |
| Azure Bicep schema |
bicepschema |
Retrieve Bicep schemas for Azure resources to use in Infrastructure as Code templates. |
| Azure Developer CLI |
extension |
Get installation instructions for Azure Developer CLI (azd), learn usage for deployment scenarios, and access azd MCP tools when azd is installed locally |
| Azure Deploy |
deploy |
Deploy and manage Azure resources using templates and scripts. |
| Azure Managed Grafana |
grafana |
List Azure Managed Grafana workspaces. |
| Azure Monitor |
monitor |
Query Azure Monitor logs and metrics. |
| Azure Workbooks |
workbooks |
Create, manage, and update Azure Workbooks for data visualization and reporting. |
Hybrid and multicloud
| Product, tool, or service |
Namespace |
Description |
| Azure Database for PostgreSQL |
postgres |
Manage Azure Database for PostgreSQL servers, databases, and tables. |
| Azure SQL |
sql |
Work with Azure SQL Database servers, databases, firewall rules, and elastic pools. |
Identity
| Product, tool, or service |
Namespace |
Description |
| Azure RBAC |
role |
View and manage Azure role-based access control assignments. |
Integration
| Product, tool, or service |
Namespace |
Description |
| Azure Event Grid |
eventgrid |
Manage Azure Event Grid resources, including topics and subscriptions. |
| Azure Native ISV |
datadog |
Work with Azure Native ISV services, including Datadog integration for monitoring and observability. |
| Azure Service Bus |
servicebus |
Work with Azure Service Bus messaging services. |
Internet of Things (IoT)
| Product, tool, or service |
Namespace |
Description |
| Azure Cosmos DB |
cosmos |
Work with Azure Cosmos DB accounts, databases, containers, and documents. |
| Azure Event Grid |
eventgrid |
Manage Azure Event Grid resources, including topics and subscriptions. |
| Azure Functions |
functionapp |
List Azure Functions. |
Management and governance
| Product, tool, or service |
Namespace |
Description |
| Azure Cloud Architect |
cloudarchitect |
Design cloud systems by gathering requirements through guided questions and recommending optimal solutions. |
| Azure Managed Grafana |
grafana |
List Azure Managed Grafana workspaces. |
| Azure Monitor |
monitor |
Query Azure Monitor logs and metrics. |
| Azure Quick Review CLI |
extension |
Generate compliance and security reports for Azure resources. |
| Azure Quotas |
quota |
Manage Azure resource quotas and limits. |
| Azure Resource Health |
resourcehealth |
Check the health status of Azure resources. |
| Azure Workbooks |
workbooks |
Create, manage, and update Azure Workbooks for data visualization and reporting. |
| Resource Groups |
group |
List Azure resource groups. |
| Subscription |
subscription |
List Azure subscriptions. |
Messaging
| Product, tool, or service |
Namespace |
Description |
| Azure Event Grid |
eventgrid |
Manage Azure Event Grid resources, including topics and subscriptions. |
| Azure Event Hubs |
eventhubs |
Manage Azure Event Hubs namespaces and event hubs. |
| Azure Service Bus |
servicebus |
Work with Azure Service Bus messaging services. |
Mobile
| Product, tool, or service |
Namespace |
Description |
| Azure App Configuration |
appconfig |
Manage centralized application settings and feature flags. |
| Azure AI Foundry |
foundry |
Work with Azure AI Foundry models, deployments, and endpoints. |
| Azure AI Search |
search |
Manage Azure AI Search resources, including search services, indexes, and queries. |
| Azure Communication Services |
communication |
Send SMS and email messages using Azure Communication Services. |
Security
| Product, tool, or service |
Namespace |
Description |
| Azure App Configuration |
appconfig |
Manage centralized application settings and feature flags. |
| Azure Confidential Ledger |
confidentialledger |
Manage Azure Confidential Ledger resources, including ledgers and transactions. |
| Azure Key Vault |
keyvault |
List and create keys, secrets, certificates in Azure Key Vault. |
Storage
| Product, tool, or service |
Namespace |
Description |
| Azure Storage |
storage |
List Azure Storage accounts, containers, blobs, and tables. |
| Azure Confidential Ledger |
confidentialledger |
Manage Azure Confidential Ledger resources, including ledgers and transactions. |
| Azure Managed Lustre |
managedlustre |
Manage Azure Managed Lustre file systems. |
Virtual desktop infrastructure (VDI)
| Product, tool, or service |
Namespace |
Description |
| Azure Virtual Desktop |
virtualdesktop |
Manage Azure Virtual Desktop host pools, session hosts, and user sessions. |
Web
| Product, tool, or service |
Namespace |
Description |
| Azure App Configuration |
appconfig |
Manage centralized application settings and feature flags. |
| Azure App Service |
appservice |
Manage database connections for Azure App Service instances. |
| Azure AI Search |
search |
Manage Azure AI Search resources, including search services, indexes, and queries. |
| Azure Communication Services |
communication |
Send SMS and email messages using Azure Communication Services. |
| Azure Functions |
functionapp |
List Azure Functions. |
| Azure SignalR |
signalr |
Manage Azure SignalR resources and runtimes. |
Other
| Product, tool, or service |
Namespace |
Description |
| Azure Marketplace |
marketplace |
Discover Azure Marketplace products and offers. |
| Azure MCP tool |
No namespace |
Discover and manage available Azure MCP Server tools. |
Related content