Official (Vendor)Active· 7d★ 4.3by Microsoft
Azure
Microsoft's official Azure MCP. 40+ Azure services in one server: storage, compute, databases, AI, monitoring.
A
Safety & Trust
Delv Safety Grade: A
Score 82/100 · assessed 2026-04-28
Maintainer95
Permissions55
Supply chain85
Transparency90
Incidents100
Microsoft's official Azure MCP server provides comprehensive access to 40+ Azure services including storage, compute, databases, AI, and monitoring. The maintainer credentials are impeccable (Microsoft itself), and the server is open source with good documentation. However, the permission scope is extremely broad. With valid Azure credentials, this server can read and write across your entire Azure estate: deploy apps, query databases, manage secrets, modify storage, and access monitoring data. The install method via npm is standard and verifiable. The required environment variables (tenant ID, client ID, client secret) grant service principal access, which means the scope is limited only by what that principal is authorized to do in your Azure subscription. This is appropriate for production troubleshooting and infrastructure work, but represents significant blast radius if credentials leak or the AI makes mistakes. No known security incidents.
Lethal Trifecta (prompt-injection exposure)
TWO OF THREEPrivate dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound
Same shape as AWS.
Green flags
- Official Microsoft vendor with strong security track record
- Open source repository with active maintenance and issue tracking
- Standard npm distribution with semantic versioning
- Uses Azure service principal auth model (industry standard)
- Comprehensive documentation and clear capability descriptions
Red flags
- Extremely broad scope: 40+ services means large attack surface if compromised
- Service principal credentials in env vars grant wide Azure subscription access
- Write capabilities across storage, compute, databases without fine-grained controls
- Key Vault access means potential exposure of production secrets
- No apparent sandboxing or rate limiting mentioned in documentation
Permissions requested
Outbound networkAccess secretsDB readDB writeRead filesWrite filesExternal LLM call
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.
Install
npm install -g @azure/mcp
Env vars needed:
AZURE_TENANT_IDAZURE_CLIENT_IDAZURE_CLIENT_SECRETReview
Microsoft's official Azure MCP is the most comprehensive cloud integration I've tested. It exposes 40+ Azure services through a single server: storage accounts, App Service deployments, Cosmos DB queries, Azure Monitor metrics, Key Vault secrets, and more. The scope is genuinely impressive. You can ask Claude to list your storage accounts, generate a SAS token, then read a blob, all in one conversation thread without switching contexts.
I'd reach for this when I'm troubleshooting production issues or prototyping infrastructure changes. The Azure Monitor integration is particularly useful. You can query logs and metrics in natural language, which beats writing KQL by hand when you're under pressure. Deploying to App Service via chat feels almost too easy: "deploy this container to my staging slot" just works, assuming your service principal has the right permissions.
The authentication story is straightforward: create a service principal in Entra ID, grant it appropriate RBAC roles, then drop the tenant ID, client ID, and client secret into your environment. The server handles token refresh automatically. One thing to watch: the service principal needs explicit permissions for every Azure resource type you want to touch. If you forget to grant Storage Blob Data Reader, you'll get cryptic permission errors mid-conversation.
The main quirk is that it's a monolith. You get all 40+ services whether you need them or not, which makes the initial setup feel heavier than niche MCPs. The tool list in Claude can get crowded. But if you're already deep in Azure, this is the canonical way to wire your agent into your cloud estate. It's maintained by Microsoft, so it tracks Azure API changes faster than community alternatives.
Skip this if you only use one or two Azure services, or if you're on AWS or GCP. The setup overhead isn't worth it for casual use. But if Azure is your primary cloud and you want your agent to be a first-class operator, this is the obvious choice.
Verdict
The definitive Azure integration for Claude and compatible hosts. Install it if Azure is your day job and you want to query, deploy, and troubleshoot without leaving your agent. Skip it if you're only dabbling in Azure or prefer lighter, single-service MCPs.
Good at
- Covers 40+ Azure services in one server, so you don't need multiple MCPs for storage, compute, and monitoring.
- Official Microsoft support means it tracks Azure API changes and deprecations reliably.
- Azure Monitor integration lets you query logs and metrics in natural language, which is faster than writing KQL.
- Service principal authentication handles token refresh automatically, no manual re-auth.
- Deploying to App Service or reading Cosmos DB documents via chat actually works as advertised.
Watch out
- The tool list gets crowded because you load all 40+ services even if you only need two or three.
- Setting up the service principal and RBAC roles is fiddly if you're not already familiar with Entra ID.
- Permission errors are cryptic when the service principal lacks a specific role, which slows down initial setup.
- Hosts beyond Claude Desktop require manual config adjustments, no one-click install.
- Overkill if you only interact with one or two Azure services occasionally.
Use cases
- Querying Azure Monitor from the agent
- Listing storage accounts and SAS tokens
- Deploying to App Service via natural language
- Reading Cosmos DB documents on demand
Getting started
1. Install globally with `npm install -g @azure/mcp`.
2. Create an Entra ID service principal and assign it RBAC roles for the Azure resources you want to access (Storage Blob Data Reader, Contributor, etc.).
3. Add the server to your Claude Desktop config with `AZURE_TENANT_ID`, `AZURE_CLIENT_ID`, and `AZURE_CLIENT_SECRET` environment variables.
4. Restart Claude Desktop and verify by asking "list my Azure storage accounts" or similar.
5. Watch out for permission errors: the service principal needs explicit grants for every resource type you query.
Works with
Claude DesktopClaude CodeCursorVS Code
Similar MCPs
- ESXi MCPManages VMware ESXi and vCenter for VM lifecycle and real-time performance monitoring via REST and SSE.
- TerraformHashiCorp's official Terraform MCP. Connects agents to the Terraform Registry for module discovery and infrastructure-as-code automation.
- HerokuHeroku's official MCP. Manage apps, databases, dynos, and pipelines through the platform CLI from inside an agent.
- AWS LabsAWS Labs ships a growing family of MCPs for S3, Lambda, EKS, CDK, etc. Modular install — pick the services you actually use.