Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Azure Model Context Protocol (MCP) Server exposes many tools you can use from an existing client to interact with Azure services through natural language prompts. For example, you can use the Azure MCP Server to interact with Azure resources conversationally from GitHub Copilot agent mode in Visual Studio Code or other AI agents with commands like these:
- "Show me all my resource groups"
- "List blobs in my storage container named 'documents'"
- "What's the value of the 'ConnectionString' key in my app configuration?"
- "Query my log analytics workspace for errors in the last hour"
- "Show me all my Cosmos DB databases"
Azure MCP Server start parameters
The azmcp server supports the following options for server start parameters:
| Option | Required or optional | Description |
|---|---|---|
| Debug | Optional | Enable debug mode with verbose logging to stderr. |
| Enable insecure transports | Optional | Enable insecure transport. |
| Insecure disable user confirmation | Optional | Disable user confirmation (elicitation) before allowing high risk commands to run, such as returning secrets (passwords) from KeyVault. |
| Namespace | Optional | The Azure service namespaces to expose on the MCP server (for example, storage, keyvault, cosmos). |
| Read only | Optional | Whether the MCP server should be read-only. If true, no write operations are allowed. |
| Transport | Optional | Transport mechanism to use for Azure MCP Server. |
Tool parameters
The Azure MCP Server tools define parameters for the data they need to complete tasks. For example, these parameters might include the subscription ID, an account name, or a resource group.
You might include the data for these parameters in the prompt you use to call a tool, or the previous conversation context might establish the data. If the conversation context provides the data, the Azure MCP Server can use that information without requiring you to repeat it in every prompt. This context creates a more natural conversational experience while still ensuring all necessary data is available for the tools.
The tools reference articles document the parameters specific to each tool. All of the tools also share the following global parameters.
| Parameter | Description |
|---|---|
| Subscription | Azure subscription ID or name for target resources. This parameter identifies the Azure subscription that contains the resources you want to manage. You can use either the subscription GUID or the display name. Required for most operations. |
| Resource group | The name of the Azure resource group. This is a logical container for Azure resources that helps organize and manage related resources together. Required for most resource-specific operations. |
| Tenant Id | Azure tenant ID for authentication. This parameter specifies the Microsoft Entra ID tenant to authenticate against. Can be either the GUID identifier or the display name of your Entra ID tenant. Optional - uses default tenant if not specified. |
| Authentication method | Authentication method to use for Azure operations. Options include credential (Azure CLI/managed identity), key (access key), or connectionString. Default is credential, which uses Azure CLI authentication or managed identity. |
| Maximum retries | Maximum number of retry attempts for failed operations before giving up. Controls how many times the system attempts to retry a failed request. Default is 3 retries. |
| Retry delay | Initial delay in seconds between retry attempts. For exponential backoff, this value is used as the base delay that gets multiplied on each retry. Default is 2 seconds. |
| Retry delay maximum | Maximum delay in seconds between retries, regardless of the retry strategy. This parameter caps the delay time to prevent excessively long waits. Default is 10 seconds. |
| Retry mode | Retry strategy to use when operations fail. fixed uses consistent delays between retries, while exponential increases the delay between each attempt. Default is exponential for better handling of temporary issues. |
| Retry network timeout | Network operation timeout in seconds. When operations take longer than this timeout, they are canceled and might be retried if retries are enabled. Default is 100 seconds. |
Example prompts include:
- Set subscription: "Use subscription 'my-subscription-id' for all operations"
- Use tenant ID: "Authenticate using tenant ID 'my-tenant-id'"
- Set authentication method: "Use 'credential' authentication for this session"
- Configure retries: "Set maximum retries to 5 with a 3-second delay
- Set retry mode: "Use 'fixed' retry mode with a maximum delay of 5 seconds"
- Set network timeout: "Set network timeout to 120 seconds for all operations"
- Configure retry parameters: "Use exponential retry mode with a maximum of 4 retries and a delay of 2 seconds"
User confirmation for sensitive data
Tools that handle sensitive data, such as secrets, require user consent before execution through a security mechanism called elicitation. When you use tools that access sensitive information, the MCP client prompts you to confirm the operation before proceeding.
🛡️ Elicitation (user confirmation) Security Feature:
Elicitation prompts appear when tools might expose sensitive information like:
- Key Vault secrets
- Connection strings and passwords
- Certificate private keys
- Other confidential data
These prompts protect against unauthorized access to sensitive information. You can bypass elicitation only in automated scenarios.
Available tools
Azure MCP Server provides the following tools for Azure services and Azure-related functionality.
| Tool | Description |
|---|---|
| Azure best practices | Get guidance on Azure Functions development, deployment, and Azure SDK usage. |
| Azure Application Insights | List Application Insights resources. |
| Azure AI Foundry | Work with Azure AI Foundry models, deployments, and endpoints. |
| Azure AI Search | Manage Azure AI Search resources, including search services, indexes, and queries. |
| Azure AI Speech | Manage Azure AI Speech resources such as speech-to-text services. |
| Azure App Configuration | Manage centralized application settings and feature flags. |
| Azure App Lens | Diagnose and analyze application performance issues using Azure App Lens. |
| Azure App Service | Manage database connections for Azure App Service instances. |
| Azure Bicep schema | Retrieve Bicep schemas for Azure resources to use in Infrastructure as Code templates. |
| Azure CLI | Find Azure CLI commands and get installation instructions for CLI tools. |
| Azure Cloud Architect | Design cloud systems by gathering requirements through guided questions and recommending optimal solutions. |
| Azure Communication Services | Send SMS and email messages using Azure Communication Services. |
| Azure Confidential Ledger | Manage Azure Confidential Ledger resources, including ledgers and transactions. |
| Azure Container Registry | List Azure Container Registry instances. |
| Azure Cosmos DB | Work with Azure Cosmos DB accounts, databases, containers, and documents. |
| Azure Data Explorer | Work with Azure Data Explorer clusters, databases, tables, and queries. |
| Azure Database for MySQL | Manage Azure Database for MySQL servers, databases, and tables. |
| Azure Database for PostgreSQL | Manage Azure Database for PostgreSQL servers, databases, and tables. |
| Azure Deploy | Deploy and manage Azure resources using templates and scripts. |
| Azure Developer CLI | Execute Azure Developer CLI commands for application development and deployment. |
| Azure Event Grid | Manage Azure Event Grid resources, including topics and subscriptions. |
| Azure Event Hubs | Manage Azure Event Hubs namespaces and event hubs. |
| Azure Functions | List Azure Functions. |
| Azure Key Vault | List and create keys, secrets, certificates in Azure Key Vault. |
| Azure Kubernetes Service | List Azure Kubernetes Service clusters. |
| Azure Load Testing | Create, run, and see load testing. |
| Azure Managed Grafana | List Azure Managed Grafana workspaces. |
| Azure Managed Lustre | Manage Azure Managed Lustre file systems. |
| Azure Marketplace | Discover Azure Marketplace products and offers. |
| Azure MCP tool | Discover and manage available Azure MCP Server tools. |
| Azure Monitor | Query Azure Monitor logs and metrics. |
| Azure Native ISV | Work with Azure Native ISV services, including Datadog integration for monitoring and observability. |
| Azure Quick Review CLI | Generate compliance and security reports for Azure resources. |
| Azure Quotas | Manage Azure resource quotas and limits. |
| Azure RBAC | View and manage Azure role-based access control assignments. |
| Azure Redis | Manage Azure Redis instances, Redis clusters, and access policies. |
| Azure Resource Health | Check the health status of Azure resources. |
| Azure Service Bus | Work with Azure Service Bus messaging services. |
| Azure SignalR | Manage Azure SignalR resources and runtimes. |
| Azure SQL | Work with Azure SQL Database servers, databases, firewall rules, and elastic pools. |
| Azure Storage | List Azure Storage accounts, containers, blobs, and tables. |
| Azure Virtual Desktop | Manage Azure Virtual Desktop host pools, session hosts, and user sessions. |
| Resource Groups | List Azure resource groups. |
| Subscription | List Azure subscriptions. |
| Terraform best practices for Azure | Get guidance on implementing Terraform for Azure resources. |