// SCAN REPORT

MCP Azure DevOps Server

21 tools. 4 can modify or destroy data without limits.

4 write tools that can modify data. Rate limits recommended.

Last updated:

4 can modify or destroy data
17 read-only
21 tools total

Community server · catalogue entry verified 11/06/2026

How to control MCP Azure DevOps Server ↓

TOOL MAP

Read (17) Write / Execute (4) Destructive / Financial (0)

MOST DANGEROUS TOOLS

High Risk
Write · Medium update_work_item This tool creates or modifies data reversibly without deleting or destroying information, placing it in the Write category. Write · Medium add_parent_child_link This tool modifies the structure and organization of work items by creating or updating relationships between them. Write · Medium add_work_item_comment While comments cannot be deleted post-creation (suggesting Destructive-like permanence), the core action is creating/adding data to a work item, which is a Write operation. Write · High create_work_item This tool creates new work items in Azure DevOps, which is a reversible write operation.

4 of MCP Azure DevOps Server's 21 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL MCP AZURE DEVOPS SERVER

PolicyLayer is an MCP gateway — it sits between your AI agents and MCP Azure DevOps Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "add_parent_child_link": {
    "limits": [
      {
        "counter": "add_parent_child_link_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "get_all_teams": {
    "limits": [
      {
        "counter": "get_all_teams_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register MCP Azure DevOps Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MCP AZURE DEVOPS →

Free to start. No card required.

ALL 21 MCP AZURE DEVOPS SERVER TOOLS

WRITE 4 tools
Write add_parent_child_link Adds a parent-child relationship between two work items. Use this tool when you need to: Write add_work_item_comment Adds a new comment to a work item. Use this tool when you need to: - Provide feedback or Write create_work_item create_work_item Write update_work_item Modifies an existing work item's fields and properties. Use this tool when you need to:
READ 17 tools
Read get_all_teams Retrieves all teams in the Azure DevOps organization. Use this tool when you need to: Read get_process_details Gets detailed information about a specific process. Use this tool when you need to: - Read get_project_process_id Gets the process ID associated with a project. Use this tool when you need to: - Find Read get_projects get_projects Read get_team_area_paths Retrieves the area paths assigned to a specific team. Use this tool when you need to: Read get_team_iterations Retrieves the iterations (sprints) assigned to a specific team. Use this tool when you need t Read get_team_members Retrieves the membership roster for a specific team. Use this tool when you need to: Read get_work_item Retrieves detailed information about one or multiple work items. Use this tool when you need Read get_work_item_comments Retrieves all comments associated with a specific work item. Use this tool when you need to: Read get_work_item_template Gets detailed information about a specific work item template. Use this tool when you need to Read get_work_item_templates Gets a list of all work item templates for a team. Use this tool when you need to: - Read get_work_item_type Gets detailed information about a specific work item type. Use this tool when you need to: Read get_work_item_type_field Gets detailed information about a specific field in a work item type. Use this tool when you Read get_work_item_type_fields Gets a list of all fields for a specific work item type. Use this tool when you need to: Read get_work_item_types Gets a list of all work item types in a project. Use this tool when you need to: - Se Read list_processes Lists all available processes in the organization. Use this tool when you need to: - Read query_work_items query_work_items

FAQ

How do I prevent bulk modifications through MCP Azure DevOps Server? +

The MCP Azure DevOps Server server has 4 write tools including add_parent_child_link, add_work_item_comment, create_work_item. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MCP Azure DevOps Server.

How many tools does the MCP Azure DevOps Server MCP server expose? +

21 tools across 2 categories: Read, Write. 17 are read-only. 4 can modify, create, or delete data.

How do I enforce a policy on MCP Azure DevOps Server? +

Register the MCP Azure DevOps Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MCP Azure DevOps Server tool call.

Deterministic rules across all 21 MCP Azure DevOps Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON MCP AZURE DEVOPS →

Free to start. No card required.

21 MCP Azure DevOps Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.