Azure Integration

The Azure MCP server provides universal Azure ARM API access with On-Behalf-Of (OBO) authentication.

Authentication: Azure AD OBO token exchange

Tools

azure_arm_execute

Universal ARM API tool:

Input:
  method: string - HTTP method (GET, POST, PUT, PATCH, DELETE)
  path: string - ARM API path
  api_version: string - API version
  body?: object - Request body (for POST/PUT/PATCH)
  subscription_id?: string - Subscription ID
  meta?: object - Request metadata

Output: ARM REST API response

Design Philosophy

Instead of implementing thousands of specific tools (one per Azure resource operation), the Azure MCP uses a single universal tool that can call any ARM API endpoint.

Common Operations

Resource Groups

Virtual Machines

Storage Accounts

App Services

Azure SQL

Authentication Flow

  1. User authenticates with Azure AD

  2. Platform receives user's access token

  3. Token exchanged via OnBehalfOfCredential

  4. New token scoped to ARM API

  5. Request made to Azure with user's permissions

Fallback

When no user token available:

  • Uses service principal credentials

  • From environment variables or managed identity

API Version

Always specify the correct API version for the resource provider. Find versions at:

Error Handling

  • 401 Unauthorized: Token expired or invalid

  • 403 Forbidden: User lacks permissions

  • 404 Not Found: Resource doesn't exist

  • 400 Bad Request: Invalid request body

PreviousAWS IntegrationNextCode Execution

Last updated