azure_vm_list

List VMs

Server Infra Ops skyvanguard/infra-ops-mcp
Category Read
Risk class Low
Parameters 00 required

What azure_vm_list does on Infra Ops

AI agents call azure_vm_list to retrieve information from Infra Ops without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.

Why azure_vm_list needs a policy

Listing VMs is a read-only query that retrieves infrastructure inventory information without modifying, executing against, or deleting any resources. The blast radius of misuse is minimal—an attacker gains visibility into VM inventory but cannot directly compromise or alter infrastructure. Low severity appropriate for pure enumeration.

From the tool's definition Tool name is 'azure_vm_list' and description states 'List VMs' — this is a retrieval operation with no side effects.

Questions about azure_vm_list

What does the azure_vm_list tool do? +

List VMs. It is categorised as a Read tool in the Infra Ops MCP Server, which means it retrieves data without modifying state.

How do I enforce a policy on azure_vm_list? +

Register the Infra Ops MCP server in PolicyLayer and add a rule for azure_vm_list: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Infra Ops. Nothing to install.

What risk level is azure_vm_list? +

azure_vm_list is a Read tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit azure_vm_list? +

Yes. Add a rate_limit block to the azure_vm_list rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block azure_vm_list completely? +

Set action: deny in the PolicyLayer policy for azure_vm_list. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides azure_vm_list? +

azure_vm_list is provided by the Infra Ops MCP server (skyvanguard/infra-ops-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.