Azure MCP Server: Connecting AI Agents to Azure Resources → Explore with me!

In the previous post, we explored the Model Context Protocol as a universal standard for connecting AI systems with external data sources. Now we turn our attention to one of the most comprehensive implementations of MCP in the cloud ecosystem: the Azure MCP Server. This open-source tool from Microsoft transforms how AI agents interact with Azure resources, enabling natural language commands to manage cloud infrastructure, query databases, and orchestrate workflows.

The Azure MCP Server represents Microsoft’s commitment to making Azure services accessible to AI agents through a standardized protocol. Rather than building custom integrations for each AI tool that wants to interact with Azure, the Azure MCP Server provides a single, well-defined interface that any MCP-compatible client can use. This dramatically reduces integration complexity while maintaining enterprise-grade security and governance.

What is the Azure MCP Server?

The Azure MCP Server is an open-source implementation of the Model Context Protocol specification designed specifically for Azure cloud services. It acts as a bridge between AI agents and Azure resources, exposing Azure capabilities through the three core MCP primitives: tools, resources, and prompts.

When an AI agent connects to the Azure MCP Server, it gains the ability to perform operations like listing storage accounts, executing Kusto queries on Azure Data Explorer, managing Cosmos DB databases, querying logs in Azure Monitor, and deploying applications using the Azure Developer CLI. All of this happens through natural language commands that the AI translates into structured JSON-RPC calls.

Key Features

The Azure MCP Server brings several powerful capabilities to AI-driven Azure workflows:

Native MCP Implementation: Full compliance with the Model Context Protocol specification, ensuring compatibility with any MCP client including GitHub Copilot Agent Mode, OpenAI Agents SDK, and Semantic Kernel
Microsoft Entra ID Integration: Leverages Azure Identity library for enterprise-grade authentication following Azure best practices
Comprehensive Service Coverage: Support for 170+ tools across Azure services including AI, databases, storage, monitoring, and developer tools
Multiple Authentication Modes: Supports interactive browser authentication, service principals, managed identities, and Azure CLI credentials
Flexible Tool Discovery: Namespace mode for logical tool grouping, all-tools mode for comprehensive access, and single-tool mode for focused operations

Supported Azure Services

The Azure MCP Server has reached version 1.0.0 stable release with extensive coverage of Azure services. As of November 2025, the server supports the following major service categories:

AI and Machine Learning

Azure AI Search: Perform semantic search, natural language processing, and vector similarity searches. List indexes, query data, and manage search configurations
Azure AI Foundry: Deploy and manage AI models, configure inference endpoints, and orchestrate agentic workflows

Data Services

Azure Cosmos DB (NoSQL): List accounts, databases, containers, and items. Execute SQL queries against Cosmos DB with natural language
Azure Database for PostgreSQL: List and query databases, get table schemas, manage server configurations and parameters
Azure Data Explorer (Kusto): List accounts, query databases, manage containers, and execute KQL queries for large-scale log and telemetry analysis

Storage and Messaging

Azure Storage: List accounts, blob containers, and blobs. Manage containers, upload and download files, query tables, and retrieve container properties
Azure Service Bus: Manage message queues, topics, and subscriptions for distributed application communication
Azure Event Hubs: Stream processing and event ingestion at scale

Monitoring and Management

Azure Monitor (Log Analytics): List workspaces and tables, query logs using KQL, configure monitoring and alerting
Azure App Configuration: List stores, manage key-value pairs and labeled configurations, lock and unlock settings
Azure Key Vault: Securely manage secrets, keys, and certificates with full key operations support
Azure Resource Groups: List and manage resource groups across subscriptions

Developer Tools

Azure CLI: Execute any Azure CLI command directly with full functionality and JSON output
Azure Developer CLI (azd): Template discovery, initialization, provisioning, and deployment automation
Azure Functions: Manage serverless compute with function app operations

Authentication Architecture

Security is paramount when connecting AI agents to cloud resources. The Azure MCP Server implements a robust authentication architecture built on Microsoft Entra ID (formerly Azure Active Directory), providing enterprise-grade identity and access management.

graph TB
    subgraph "MCP Client"
        A[AI Agent/Copilot]
    end
    
    subgraph "Azure MCP Server"
        B[Authentication Handler]
        C[Tool Discovery]
        D[Azure Identity Library]
        E[Tool Execution Engine]
    end
    
    subgraph "Microsoft Entra ID"
        F[OAuth 2.0 Authorization]
        G[Token Validation]
        H[RBAC Evaluation]
    end
    
    subgraph "Azure Services"
        I[Cosmos DB]
        J[Storage]
        K[Monitor]
        L[AI Services]
    end
    
    A -->|1. Connect| B
    B -->|2. Initiate Auth| D
    D -->|3. OAuth Flow| F
    F -->|4. Access Token| D
    D -->|5. Authenticated| B
    B -->|6. List Tools| C
    C -->|7. Available Tools| A
    A -->|8. Execute Tool| E
    E -->|9. Validate Token| G
    G -->|10. Check Permissions| H
    H -->|11. Authorized Request| I
    H -->|11. Authorized Request| J
    H -->|11. Authorized Request| K
    H -->|11. Authorized Request| L
    
    style B fill:#4A90E2
    style D fill:#7ED321
    style F fill:#F5A623
    style E fill:#BD10E0

Azure Identity Library Integration

The Azure MCP Server uses the Azure Identity library for .NET to handle authentication. This library provides a flexible credential chain that supports multiple authentication scenarios, allowing the server to work seamlessly across different environments.

When the environment variable AZURE_MCP_ONLY_USE_BROKER_CREDENTIAL is set to true, the server uses a broker-enabled instance of InteractiveBrowserCredential. On Windows, this leverages Web Account Manager for a seamless single sign-on experience. If a broker is not supported on the operating system, the credential gracefully degrades to a browser-based login experience.

When the environment variable is not set, the server uses a custom credential chain configured as follows:

AzurePipelinesCredential: For Azure DevOps pipeline environments using service connections
EnvironmentCredential: Uses environment variables for service principal authentication
WorkloadIdentityCredential: For workloads running in Azure with managed identities
ManagedIdentityCredential: For Azure resources with system or user-assigned managed identities
SharedTokenCacheCredential: Uses tokens cached by other Microsoft tools
AzureCliCredential: Leverages Azure CLI authentication
AzureDeveloperCliCredential: Uses Azure Developer CLI credentials
InteractiveBrowserCredential: Falls back to interactive browser login with broker support

Role-Based Access Control

Access to Azure resources through the MCP Server is governed by Azure Role-Based Access Control (RBAC). The authenticated identity must have appropriate permissions on the target resources. This ensures that AI agents can only perform operations that the user or service principal is authorized to execute.

For production scenarios, organizations should configure service principals with least-privilege access, granting only the specific permissions required for the agent’s tasks. Common role assignments include:

Storage Blob Data Reader: For read access to blob storage
Cosmos DB Account Reader Role: For querying Cosmos DB databases
Log Analytics Reader: For executing KQL queries in Log Analytics workspaces
Key Vault Secrets User: For retrieving secrets from Key Vault

Setting Up Azure MCP Server with GitHub Copilot

The most common scenario for using Azure MCP Server is connecting it to GitHub Copilot Agent Mode in Visual Studio Code. This enables developers to manage Azure resources using natural language directly from their IDE. Let’s walk through the complete setup process.

Prerequisites

Visual Studio Code (stable or Insiders release)
GitHub Copilot extension with Agent Mode enabled
An Azure subscription with appropriate permissions
Azure CLI installed and configured (optional but recommended)

Installation via NPM

Install the Azure MCP Server globally using npm:

npm install -g @azure/mcp-server-azure

Verify the installation:

azure-mcp-server --version

Configuration in VS Code

Create or edit the MCP configuration file in your VS Code settings. On Windows, this is typically located at %APPDATA%\Code\User\globalStorage\github.copilot-chat\mcp.json. On macOS and Linux, it’s at ~/.config/Code/User/globalStorage/github.copilot-chat/mcp.json.

Add the Azure MCP Server configuration:

{
  "mcpServers": {
    "azure": {
      "command": "azure-mcp-server",
      "args": ["--namespace"],
      "env": {
        "AZURE_SUBSCRIPTION_ID": "your-subscription-id-here"
      }
    }
  }
}

The namespace argument enables namespace mode, which groups tools logically for easier discovery. You can also use all-tools mode or single-tool mode depending on your needs.

Authentication Flow

When you first connect to the Azure MCP Server through GitHub Copilot, you will be prompted to authenticate. The authentication flow works as follows:

Copilot Agent Mode initiates a connection to the Azure MCP Server
The server detects no valid authentication and triggers the credential chain
If using interactive browser authentication, a browser window opens to Microsoft’s login page
You sign in with your Azure credentials
Microsoft Entra ID validates your credentials and issues an access token
The token is cached locally for future use
The server validates the token and completes the MCP initialization handshake
Tools become available for the AI agent to use

Testing the Connection

Open GitHub Copilot Chat in VS Code and enter Agent Mode by typing @agent. Try a simple prompt that requires the Azure MCP Server:

List my Azure Storage containers

The agent should use the Azure MCP Server tools to query your storage accounts and return the list of containers. You can verify tool usage by examining the Copilot Chat output, which typically shows which tools were invoked.

Working with Azure Services via Natural Language

Once connected, you can interact with Azure services using conversational commands. Here are practical examples demonstrating the power of natural language Azure management.

Azure AI Search Operations

Query your search indexes conversationally:

What indexes do I have in my Azure AI Search service 'product-search'?

Search for 'laptop' in the 'products' index and return the top 5 results

Show me the configuration for my search index 'customers'

Database Queries

Execute queries against Cosmos DB and PostgreSQL:

List all databases in my Cosmos DB account 'production-cosmos'

Query the 'users' container in Cosmos DB for documents where status is 'active'

Show me the schema for the 'orders' table in PostgreSQL server 'prod-db'

Execute this SQL query on my PostgreSQL database: 
SELECT product_name, COUNT(*) as order_count 
FROM orders 
WHERE order_date > '2025-01-01' 
GROUP BY product_name 
ORDER BY order_count DESC 
LIMIT 10

Log Analytics with KQL

Query Azure Monitor logs using natural language that gets translated to KQL:

Show me error logs from the last 24 hours in my Log Analytics workspace

Find all HTTP 500 errors in the application logs from the past week

Query the performance counters for CPU usage above 80% in the last hour

The Azure MCP Server translates these natural language queries into proper KQL syntax and executes them against your Log Analytics workspace.

Storage Operations

List all storage accounts in my subscription

Show me the blob containers in storage account 'proddata'

Upload this file to the 'documents' container in my 'proddata' storage account

Download all files from the 'backups' container created in the last week

Programmatic Integration with Python

Beyond IDE integration, you can use the Azure MCP Server programmatically in your applications. Here is a complete example using Python with the MCP client library:

import asyncio
from mcp import ClientSession, StdioServerParameters
from mcp.client.stdio import stdio_client

async def query_azure_storage():
    """
    Connect to Azure MCP Server and query storage accounts
    """
    server_params = StdioServerParameters(
        command="azure-mcp-server",
        args=["--namespace"],
        env={
            "AZURE_SUBSCRIPTION_ID": "your-subscription-id"
        }
    )
    
    async with stdio_client(server_params) as (read, write):
        async with ClientSession(read, write) as session:
            # Initialize the session
            await session.initialize()
            
            # List available tools
            tools = await session.list_tools()
            print(f"Available tools: {len(tools.tools)}")
            
            # Find the storage account list tool
            storage_tool = next(
                (t for t in tools.tools 
                 if "storage" in t.name.lower() and "list" in t.name.lower()),
                None
            )
            
            if storage_tool:
                print(f"Using tool: {storage_tool.name}")
                
                # Execute the tool
                result = await session.call_tool(
                    storage_tool.name,
                    arguments={}
                )
                
                # Process results
                for content in result.content:
                    if content.type == "text":
                        print(f"Storage accounts: {content.text}")

async def query_cosmos_db():
    """
    Execute a Cosmos DB query via Azure MCP Server
    """
    server_params = StdioServerParameters(
        command="azure-mcp-server",
        args=["--namespace"]
    )
    
    async with stdio_client(server_params) as (read, write):
        async with ClientSession(read, write) as session:
            await session.initialize()
            
            # Execute Cosmos DB query
            result = await session.call_tool(
                "cosmos_execute_query",
                arguments={
                    "account_name": "production-cosmos",
                    "database_name": "users",
                    "container_name": "profiles",
                    "query": "SELECT * FROM c WHERE c.status = 'active' OFFSET 0 LIMIT 100"
                }
            )
            
            for content in result.content:
                if content.type == "text":
                    import json
                    data = json.loads(content.text)
                    print(f"Found {len(data)} active users")

# Run the examples
asyncio.run(query_azure_storage())
asyncio.run(query_cosmos_db())

Node.js Integration Example

For Node.js applications, here is how to integrate with the Azure MCP Server:

import { Client } from "@modelcontextprotocol/sdk/client/index.js";
import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";

async function queryAzureMonitor() {
  // Create transport for Azure MCP Server
  const transport = new StdioClientTransport({
    command: "azure-mcp-server",
    args: ["--namespace"],
    env: {
      AZURE_SUBSCRIPTION_ID: process.env.AZURE_SUBSCRIPTION_ID,
    },
  });

  // Create MCP client
  const client = new Client(
    {
      name: "azure-monitor-client",
      version: "1.0.0",
    },
    {
      capabilities: {},
    }
  );

  try {
    // Connect to the server
    await client.connect(transport);
    console.log("Connected to Azure MCP Server");

    // List available tools
    const toolsResponse = await client.request(
      {
        method: "tools/list",
      },
      {}
    );

    console.log(`Available tools: ${toolsResponse.tools.length}`);

    // Execute a Log Analytics query
    const queryResult = await client.request(
      {
        method: "tools/call",
      },
      {
        name: "loganalytics_query",
        arguments: {
          workspace_name: "production-logs",
          query: `
            AppRequests
            | where TimeGenerated > ago(1h)
            | where ResultCode >= 500
            | summarize ErrorCount = count() by OperationName
            | order by ErrorCount desc
          `,
        },
      }
    );

    // Process results
    if (queryResult.content && queryResult.content.length > 0) {
      const results = JSON.parse(queryResult.content[0].text);
      console.log("Recent errors:", results);
    }
  } catch (error) {
    console.error("Error querying Azure Monitor:", error);
  } finally {
    await client.close();
  }
}

// Execute the query
queryAzureMonitor().catch(console.error);

C# Integration with Semantic Kernel

For .NET developers using Semantic Kernel, the Azure MCP Server integrates seamlessly:

using Microsoft.SemanticKernel;
using Microsoft.SemanticKernel.Connectors.MCP;

public class AzureMcpExample
{
    public async Task QueryCosmosDbAsync()
    {
        // Create kernel with Azure OpenAI
        var kernel = Kernel.CreateBuilder()
            .AddAzureOpenAIChatCompletion(
                deploymentName: "gpt-4",
                endpoint: "https://your-openai.openai.azure.com/",
                apiKey: Environment.GetEnvironmentVariable("AZURE_OPENAI_KEY")
            )
            .Build();

        // Add Azure MCP Server as a plugin
        var mcpConfig = new McpServerConfig
        {
            Command = "azure-mcp-server",
            Arguments = new[] { "--namespace" },
            Environment = new Dictionary
            {
                ["AZURE_SUBSCRIPTION_ID"] = 
                    Environment.GetEnvironmentVariable("AZURE_SUBSCRIPTION_ID")
            }
        };

        var mcpPlugin = await kernel.ImportPluginFromMcpServerAsync(
            "AzureServices",
            mcpConfig
        );

        // Use natural language to query Cosmos DB
        var result = await kernel.InvokePromptAsync(@"
            Query my Cosmos DB account 'production-cosmos' in the 'users' database,
            'profiles' container for all users who registered in the last 30 days.
            Return the count grouped by country.
        ");

        Console.WriteLine(result);
    }

    public async Task ManageStorageAsync()
    {
        var kernel = Kernel.CreateBuilder()
            .AddAzureOpenAIChatCompletion(
                deploymentName: "gpt-4",
                endpoint: "https://your-openai.openai.azure.com/",
                apiKey: Environment.GetEnvironmentVariable("AZURE_OPENAI_KEY")
            )
            .Build();

        var mcpConfig = new McpServerConfig
        {
            Command = "azure-mcp-server",
            Arguments = new[] { "--namespace" }
        };

        await kernel.ImportPluginFromMcpServerAsync("AzureServices", mcpConfig);

        // Natural language storage management
        var result = await kernel.InvokePromptAsync(@"
            List all blob containers in my 'proddata' storage account.
            For each container, show the total size and file count.
        ");

        Console.WriteLine(result);
    }
}

Advanced Configuration Options

The Azure MCP Server supports several advanced configuration options for enterprise scenarios.

Service Principal Authentication

For automated scenarios and CI/CD pipelines, use service principal authentication:

{
  "mcpServers": {
    "azure": {
      "command": "azure-mcp-server",
      "args": ["--namespace"],
      "env": {
        "AZURE_SUBSCRIPTION_ID": "your-subscription-id",
        "AZURE_TENANT_ID": "your-tenant-id",
        "AZURE_CLIENT_ID": "service-principal-client-id",
        "AZURE_CLIENT_SECRET": "service-principal-secret"
      }
    }
  }
}

Managed Identity in Azure

When running on Azure compute resources (VMs, Container Apps, Functions), use managed identities:

{
  "mcpServers": {
    "azure": {
      "command": "azure-mcp-server",
      "args": ["--namespace"],
      "env": {
        "AZURE_SUBSCRIPTION_ID": "your-subscription-id",
        "AZURE_CLIENT_ID": "user-assigned-identity-client-id"
      }
    }
  }
}

For system-assigned managed identities, you can omit the AZURE_CLIENT_ID, and the credential chain will automatically detect and use the system-assigned identity.

Tool Discovery Modes

The Azure MCP Server supports three tool discovery modes:

Namespace Mode (default): Groups tools logically by service for easier discovery. Use –namespace flag
All Tools Mode: Exposes all 170+ tools simultaneously. Use –all-tools flag
Single Tool Mode: Exposes only a specific tool for focused operations. Use –tool flag

For production scenarios with many agents, namespace mode provides the best balance between discoverability and performance.

Security Best Practices

When deploying Azure MCP Server in production environments, follow these security guidelines:

Principle of Least Privilege

Configure service principals and managed identities with minimal required permissions. For example, if an agent only needs to read from Cosmos DB, assign the Cosmos DB Account Reader Role rather than Contributor or Owner roles.

Network Security

The Azure MCP Server requires access to specific endpoints:

login.microsoftonline.com for Microsoft Entra authentication
management.azure.com for Azure Resource Manager operations
Resource-specific endpoints (for example, *.blob.core.windows.net for Storage)

Configure firewall rules and network security groups to allow only these required endpoints.

Disable Local Authentication

Many organizations disable local authentication methods like access keys and SAS tokens for security compliance. When local authentication is disabled, the Azure MCP Server must use Microsoft Entra authentication exclusively. Ensure that:

Service principals or managed identities have appropriate data plane roles
Subscription or resource group reader permissions are granted for discovery
Resource-specific roles are assigned (for example, Storage Blob Data Reader)

Audit and Monitoring

Enable Azure Monitor and logging to track all MCP Server operations:

Configure diagnostic settings on Azure resources to capture data plane operations
Use Azure Activity Log to track resource management operations
Set up alerts for suspicious patterns or unauthorized access attempts
Regularly review access logs and audit trails

Troubleshooting Common Issues

Authentication Failures

If authentication fails, verify:

Azure CLI is installed and you are logged in with az login
Environment variables are correctly set for service principal authentication
The subscription ID is correct and accessible to your account
Network connectivity to login.microsoftonline.com is available

Permission Denied Errors

When operations fail with permission errors:

Verify RBAC role assignments using Azure Portal or az role assignment list
Ensure roles are assigned at the correct scope (subscription, resource group, or resource)
Wait a few minutes after role assignment as changes can take time to propagate
Check if the resource has local authentication disabled and Entra ID authentication is configured

Tool Discovery Issues

If tools are not appearing in the AI agent:

Verify the Azure MCP Server is running by checking the process list
Review the MCP configuration file for syntax errors
Restart VS Code and reconnect to the server
Try switching between namespace and all-tools mode to see if it resolves discovery issues

Real-World Use Cases

Organizations are using Azure MCP Server to transform their cloud operations workflows. Here are some practical examples:

Automated Incident Response

DevOps teams use AI agents connected to Azure MCP Server to automate incident response. When an alert fires, the agent queries Log Analytics to understand the error pattern, checks related metrics in Azure Monitor, and can even scale resources or restart services based on predefined policies.

Cost Optimization

Finance teams use natural language queries to analyze Azure costs across subscriptions, identify underutilized resources, and generate reports. The AI agent can query Cost Management data, compare spending patterns, and suggest optimization opportunities.

Data Analytics Workflows

Data scientists use Azure MCP Server to query data across multiple Azure data services without context switching. They can ask questions in natural language that span Cosmos DB, PostgreSQL, and Azure Data Explorer, letting the AI agent orchestrate the queries and aggregate results.

Looking Ahead

The Azure MCP Server represents a fundamental shift in how we interact with cloud infrastructure. By enabling AI agents to manage Azure resources through natural language, it democratizes cloud operations and makes complex tasks accessible to a broader audience.

In the next post, we will explore how to build custom MCP servers on Azure. You will learn how to create your own MCP servers that expose proprietary business logic, deploy them to Azure Container Apps and Azure Functions, implement security with Microsoft Entra ID, and integrate monitoring with Azure Monitor and Application Insights.

We will also cover advanced patterns like multi-tenant MCP servers, horizontal scaling strategies, and how to use Azure API Management for governance and rate limiting. The goal is to equip you with the knowledge to build production-grade MCP servers that extend Azure’s capabilities for your specific use cases.

Written by:

Chandan 535 Posts

You May Have Missed

The Complete Picture: Balancing Professional and Personal Support Systems

For Parents, Partners, and Friends: A Guide to Supporting Your Loved One in Tech

The HR Conversation: When and How to Involve HR in Your Mental Health Journey

Finding Your Tech Tribe: The Power of Peer Support Groups

How to whitelist website on AdBlocker?