Mcp Azure

39 tools. 19 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

19 can modify or destroy data
20 read-only
39 tools total

Community server · catalogue entry verified 03/07/2026

How to control Mcp Azure ↓

What Mcp Azure exposes to your agents

Read (20) Write / Execute (16) Destructive / Financial (3)
Critical Risk

The most dangerous Mcp Azure tools

19 of Mcp Azure's 39 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Mcp Azure

PolicyLayer is an MCP gateway — it sits between your AI agents and Mcp Azure, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "ado_delete_attachment": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "ado_add_attachment": {
    "limits": [
      {
        "counter": "ado_add_attachment_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "ado_abandon_pull_request": {
    "limits": [
      {
        "counter": "ado_abandon_pull_request_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Mcp Azure — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MCP AZURE →

Instant setup, no code required.

All 39 Mcp Azure tools

WRITE 15 tools
Write ado_add_attachment Agrega un adjunto a un Work Item existente. Maneja automáticamente concurrencia cuando múltiples adjuntos se a Write ado_add_comment Agrega un comentario/entrada de discusión a un Work Item. Soporta formato Markdown y menciones. Para mencionar Write ado_add_pull_request_reviewer Agrega un revisor a un Pull Request. Write ado_add_work_item_link Crea una relación (Parent/Child/Related/Duplicate/Successor/Predecessor) entre dos Work Items de Azure DevOps. Write ado_approve_pull_request Aprueba un Pull Request (voto: 10). Write ado_configure Configura la conexión a Azure DevOps con token de acceso personal (PAT). Write ado_create_pull_request Crea un nuevo Pull Request. Write ado_create_pull_request_thread Crea un nuevo hilo de comentarios (comentario general o comentario de código). Write ado_create_work_item Crea un nuevo Work Item en Azure DevOps. Usa ado_get_work_item_type_fields para ver campos requeridos. Write ado_reject_pull_request Rechaza un Pull Request (voto: -10). Write ado_reply_to_pull_request_thread Responde a un hilo de comentarios existente. Write ado_update_pull_request Actualiza propiedades de un Pull Request (título, descripción, estado de borrador). Write ado_update_pull_request_thread_status Actualiza el estado de un hilo de comentarios (ej: marcar como Fixed, WontFix, etc.). Write ado_update_work_item Actualiza un Work Item existente en Azure DevOps Write ado_upload_attachment Sube un archivo como adjunto a Azure DevOps y devuelve la URL del adjunto
READ 20 tools
Read ado_abandon_pull_request Abandona un Pull Request (cambia estado a Abandoned). Read ado_get_attachments Obtiene la lista de adjuntos de un Work Item Read ado_get_comments Obtiene los comentarios/historial de discusión de un Work Item. Incluye menciones resueltas. Read ado_get_pull_request Obtiene detalles completos de un Pull Request. Read ado_get_pull_request_commits Obtiene todos los commits de un Pull Request. Read ado_get_pull_request_reviewers Obtiene todos los revisores y sus votos de un Pull Request. Read ado_get_pull_request_threads Obtiene todos los hilos de comentarios de un Pull Request. Read ado_get_pull_request_work_items Obtiene los work items vinculados a un Pull Request. Read ado_get_repository Obtiene detalles de un repositorio específico por nombre o ID. Read ado_get_work_item Obtiene un Work Item de Azure DevOps por su ID Read ado_get_work_item_type_fields Obtiene los campos disponibles y requeridos para un tipo de Work Item Read ado_list_areas Lista las áreas disponibles en el proyecto Read ado_list_branches Lista las ramas (branches) de un repositorio. Read ado_list_iterations Lista las iteraciones/sprints disponibles en el proyecto Read ado_list_pull_requests Lista Pull Requests con filtros opcionales. Busca por repositorio o en todo el proyecto. Read ado_list_repositories Lista todos los repositorios Git del proyecto. Read ado_query_area Consulta User Stories de un área específica en Azure DevOps Read ado_query_sprint Consulta User Stories de un sprint específico en Azure DevOps Read ado_query_wiql Ejecuta una consulta WIQL personalizada en Azure DevOps Read ado_search_users Busca usuarios en Azure DevOps por nombre o email. Devuelve el ID de identidad (UUID) necesario para menciones

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Mcp Azure

Can an AI agent delete data through the Mcp Azure MCP server? +

Yes. The Mcp Azure server exposes 3 destructive tools including ado_delete_attachment, ado_delete_work_item, ado_remove_work_item_link. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Mcp Azure? +

The Mcp Azure server has 15 write tools including ado_add_attachment, ado_add_comment, ado_add_pull_request_reviewer. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Mcp Azure.

How many tools does the Mcp Azure MCP server expose? +

39 tools across 3 categories: Destructive, Read, Write. 20 are read-only. 19 can modify, create, or delete data.

How do I enforce a policy on Mcp Azure? +

Register the Mcp Azure MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Mcp Azure tool call.

Deterministic rules across all 39 Mcp Azure tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

39 Mcp Azure tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.