Azure MCP Server (Community)
Community TypeScript MCP server for Microsoft Azure that manages resource groups, resources, role assignments, and executes arbitrary Azure SDK JavaScript code via Node.js vm module
Score Breakdown
Server Info
- Package
- azure-mcp
- Registry
- npm
- Repository
- Streen9/azure-mcp
- Maintainer
- Community
- Category
- Cloud & Infrastructure
- Tags
- azurecloudmicrosoft
- Last Scanned
- 28 May 2026
Findings
12 issuesAuthentication & Identity
CRITICALStdio-only transport - no per-request token support
stdio-only transport using StdioServerTransport. Authentication uses Azure ChainedTokenCredential supporting three methods in priority order: ClientSecretCredential (AZURE_CLIENT_ID + AZURE_CLIENT_SECRET + AZURE_TENANT_ID env vars), ManagedIdentityCredential, and DefaultAzureCredential fallback. No ... Platform cannot pass per-request tokens; must spawn one server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers.
HIGHNo MCP OAuth spec implementation
Server does not implement the MCP OAuth authorization server spec. The platform must handle the full OAuth flow, token management, and credential injection externally.
Implement the MCP OAuth spec (.well-known/oauth-authorization-server) for native per-user authentication.
HIGHEnv var credentials with no rotation mechanism
Credentials (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID) are read from environment variables at startup. Rotation requires restarting the server process. All requests share the same service account credential.
Support dynamic credential refresh or secrets manager integration.
Tool Schema Quality
MEDIUMOnly 0 of 9 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
CRITICALDangerous execution surface: run-azure-code executes arbitrary JavaScript via Node.js vm.runInContext with Azure SDK clients in scope; LLM-generated code runs with full subscription permissions
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
Permission Granularity
LOWTool descriptions lack resource scope
Descriptions don't specify what data types or resources they access.
Add resource type statements to descriptions.
LLM Safety
MEDIUM3 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
Data Exposure
MEDIUM3 list operations lack pagination
list-tenants, list-resource-groups, and list-role-assignments use for-await-of loops that return all results with no pagination, limit, or cursor parameters. For large Azure subscriptions with many resources or role assignments, this could return very large payloads. run-azure-code can expose arbitrary data depending on the generated code.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by Streen9 (gkvp70@gmail.com)
No official vendor backing.
Seek vendor verification.
HIGH12 dependency vulnerabilities (1 critical, 10 high)
npm audit found 1 critical and 10 high severity CVEs.
Run `npm audit fix` and update vulnerable dependencies.
Tools
9 total| Name | Description | Risk |
|---|---|---|
| list-tenants | List all available Azure tenants | read |
| select-tenant | Select Azure tenant and subscription | write |
| list-resource-groups | List all resource groups in the selected subscription | read |
| get-resource-details | Get detailed information about a specific resource | read |
| create-resource-group | Create a new resource group | write |
| list-role-assignments | List role assignments for the subscription or resource group | read |
| get-role-definitions | List available role definitions | read |
| get-user-permissions | Get detailed user permissions by combining role assignments and role definitions | read |
| run-azure-code | Run Azure code | admin |
Deploy Azure MCP Server (Community) securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow