MCP Server Policy

AZURE MCP POLICY

Enforce policies on every tool call to the Azure MCP Server. 49 tools listed, categorised, and ready for rules.

Azure/azure-mcp 1 read 48 write 49 tools total

azure cloud infrastructure microsoft

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches Azure.

terminal

# Download policy scaffold


curl -o azure.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/azure.yaml

# Run with Intercept


intercept --policy azure.yaml -- npx -y @Azure/azure-mcp

Server documentation: https://github.com/Azure/azure-mcp

READ TOOLS

search Manage Azure AI Search resources, indexes, and queries

FINANCIAL TOOLS

pricing Get Azure retail pricing, cost estimates, and billing details

subscription List Azure subscriptions

OTHER TOOLS

acr List Azure Container Registry instances

advisor Get recommendations to optimise Azure resources

aks List Azure Kubernetes Service clusters

appconfig Manage centralized application settings and feature flags

applens Diagnose and analyze application performance issues

applicationinsights List Application Insights resources

appservice Manage Azure App Service instances

azuremigrate Get step-by-step guidance for Platform Landing Zone changes

bicepschema Retrieve Bicep schemas for Azure resources

cloudarchitect Design cloud systems with guided questions

communication Send SMS and email messages via Azure Communication Services

compute Get details for Azure VMs, scale sets, and managed disks

confidentialledger Manage Azure Confidential Ledger resources

cosmos Work with Azure Cosmos DB accounts, databases, and containers

datadog Work with Azure Native ISV services including Datadog

deploy Deploy and manage Azure resources using templates

eventgrid Manage Azure Event Grid resources and subscriptions

eventhubs Manage Azure Event Hubs namespaces and event hubs

extension Find Azure CLI commands and get installation instructions

fileshares Manage Azure file shares

foundry Work with Azure AI Foundry models, deployments, and endpoints

functionapp List Azure Functions

grafana List Azure Managed Grafana workspaces

group List Azure resource groups

keyvault List and create keys, secrets, certificates in Azure Key Vault

kusto Work with Azure Data Explorer clusters, databases, and queries

loadtesting Create, run, and see load testing

managedlustre Manage Azure Managed Lustre file systems

marketplace Discover Azure Marketplace products and offers

monitor Query Azure Monitor logs and metrics

mysql Manage Azure Database for MySQL servers and databases

policy Manage Azure Policy assignments, definitions, and initiatives

postgres Manage Azure Database for PostgreSQL servers and databases

quota Manage Azure resource quotas and limits

redis Create and list Azure Redis resources

resourcehealth Check the health status of Azure resources

role View and manage Azure role-based access control assignments

servicebus Work with Azure Service Bus messaging services

servicefabric Manage Service Fabric managed clusters

signalr Manage Azure SignalR resources and runtimes

speech Manage Azure AI Speech resources

sql Work with Azure SQL Database servers, databases, and firewall rules

storage Manage Azure Storage accounts, containers, blobs, and tables

storagesync Manage Azure file sync services

virtualdesktop Manage Azure Virtual Desktop host pools and sessions

workbooks Create, manage, and update Azure Workbooks

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

azure.yaml

version: "1"
description: "Policy for Azure/azure-mcp"
default: "allow"
tools:
    search:
        rules: []
    pricing:
        rules: []
    subscription:
        rules: []
    acr:
        rules: []
    advisor:
        rules: []
    aks:
        rules: []
    appconfig:
        rules: []
    applens:
        rules: []
    applicationinsights:
        rules: []
    appservice:
        rules: []
    azuremigrate:
        rules: []
    bicepschema:
        rules: []
    cloudarchitect:
        rules: []
    communication:
        rules: []
    compute:
        rules: []
    confidentialledger:
        rules: []
    cosmos:
        rules: []
    datadog:
        rules: []
    deploy:
        rules: []
    eventgrid:
        rules: []
    eventhubs:
        rules: []
    extension:
        rules: []
    fileshares:
        rules: []
    foundry:
        rules: []
    functionapp:
        rules: []
    grafana:
        rules: []
    group:
        rules: []
    keyvault:
        rules: []
    kusto:
        rules: []
    loadtesting:
        rules: []
    managedlustre:
        rules: []
    marketplace:
        rules: []
    monitor:
        rules: []
    mysql:
        rules: []
    policy:
        rules: []
    postgres:
        rules: []
    quota:
        rules: []
    redis:
        rules: []
    resourcehealth:
        rules: []
    role:
        rules: []
    servicebus:
        rules: []
    servicefabric:
        rules: []
    signalr:
        rules: []
    speech:
        rules: []
    sql:
        rules: []
    storage:
        rules: []
    storagesync:
        rules: []
    virtualdesktop:
        rules: []
    workbooks:
        rules: []

RELATED POLICIES

HashiCorp Vault 20 tools

infrastructure

FREQUENTLY ASKED QUESTIONS

What tools does the Azure MCP server expose?

The Azure MCP Server exposes 49 tools across 3 categories: Read, Financial, Other. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on Azure?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the Azure MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the Azure policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON AZURE

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →

AZURE MCP POLICY

GET STARTED

READ TOOLS

search

FINANCIAL TOOLS

pricing

subscription

OTHER TOOLS

acr

advisor

aks

appconfig

applens

applicationinsights

appservice

azuremigrate

bicepschema

cloudarchitect

communication

compute

confidentialledger

cosmos

datadog

deploy

eventgrid

eventhubs

extension

fileshares

foundry

functionapp

grafana

group

keyvault

kusto

loadtesting

managedlustre

marketplace

monitor

mysql

policy

postgres

quota

redis

resourcehealth

role

servicebus

servicefabric

signalr

speech

sql

storage

storagesync

virtualdesktop

workbooks