@azure/mcp

Exposes Azure cloud resources (compute, storage, networking, databases) as callable tools through the Model Context Protocol, enabling LLM agents to discover and invoke Azure operations via a standardized schema-based interface. Implements MCP's tool registry pattern to map Azure SDK operations into structured function definitions with JSON Schema validation, allowing Claude and other MCP-compatible clients to introspect available Azure capabilities and execute them with type-safe parameters.

Manages Azure authentication flows (service principals, managed identities, interactive login, connection strings) and injects credentials into the MCP server context so that tool calls execute with proper Azure authorization. Uses @azure/identity library's DefaultAzureCredential chain to support multiple authentication methods without code changes, automatically selecting the appropriate credential type based on the runtime environment (local development, container, managed identity).

Exposes Azure Virtual Networks, Network Security Groups, Azure Firewall, and Application Gateway operations as MCP tools, enabling agents to configure network topology, security rules, and traffic management. Implements rule validation to prevent misconfiguration (e.g., overly permissive rules), supports network peering and VPN gateway setup, and provides network diagnostics tools for troubleshooting connectivity issues. Agents can define network policies declaratively and have the server translate them into Azure resource configurations.

Discovers available Azure resources and operations at server startup, dynamically generating MCP tool schemas that describe each Azure operation's parameters, return types, and documentation. Uses Azure SDK's type introspection and metadata to construct JSON Schema definitions for each tool, enabling MCP clients to understand what operations are available without hardcoding a tool catalog. Supports filtering and scoping to specific Azure services or resource groups to reduce tool surface area.

Enables LLM agents to compose multi-step Azure workflows by chaining tool calls across different Azure services, with the MCP server handling state management and dependency resolution between operations. The server maintains operation context across multiple tool invocations, allowing agents to reference outputs from previous steps (e.g., use a created VM's ID in a subsequent networking operation) without explicit state passing. Implements idempotency patterns to safely retry failed operations without duplicating resources.

Exposes Azure Monitor, Application Insights, and resource health APIs as MCP tools, enabling agents to query real-time metrics, logs, and status information about provisioned resources. Implements query builders that translate natural language monitoring requests into Azure Monitor KQL (Kusto Query Language) or REST API calls, returning structured time-series data and health status. Supports both synchronous status checks and asynchronous metric aggregation for long-running operations.

Exposes Azure Cost Management APIs as MCP tools, enabling agents to analyze spending patterns, identify underutilized resources, and generate optimization recommendations. Implements cost aggregation across subscriptions and resource groups, supports filtering by service type or time period, and provides cost forecasting based on historical trends. Integrates with Azure Advisor to surface automated optimization recommendations (e.g., 'resize oversized VMs', 'delete unused storage accounts') as actionable tool outputs.

Exposes Azure Key Vault operations as MCP tools, enabling agents to securely manage secrets, certificates, and keys without exposing sensitive data to the LLM client. Implements secret versioning, rotation policies, and access control through Key Vault's RBAC model. Secrets are retrieved server-side and injected into Azure SDK clients or returned to the agent only when explicitly requested, ensuring sensitive data never flows through the LLM context.

Enforces Azure RBAC policies at the MCP server level, ensuring that tool calls are authorized based on the authenticated identity's assigned roles. Implements policy evaluation by checking the identity's role assignments against required permissions for each tool, blocking unauthorized operations before they reach Azure. Logs all tool invocations with identity, operation, and result for audit compliance, supporting export to Azure Monitor or external SIEM systems.

Enables agents to deploy Azure resources using ARM templates or Bicep files through MCP tools, supporting parameterized deployments with validation and dry-run capabilities. Implements template validation before deployment to catch syntax errors and missing parameters, supports incremental and complete deployment modes, and tracks deployment status through Azure's deployment API. Agents can reference template outputs (e.g., deployed resource IDs) in subsequent tool calls.

Exposes Azure Container Instances, Azure Container Registry, and Azure Kubernetes Service (AKS) operations as MCP tools, enabling agents to deploy, manage, and monitor containerized workloads. Implements container image management (push, pull, delete), AKS cluster operations (create, scale, upgrade), and pod/deployment management through Kubernetes API integration. Supports both imperative operations (create container, scale cluster) and declarative approaches (apply Kubernetes manifests).