azure-utils-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@azure-utils-mcplist my Cosmos DB accounts"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Azure Utils MCP Server
An MCP (Model Context Protocol) server for Azure development and operations. Compatible with any MCP client — Claude Code, Claude Desktop, Cursor, and others.
Covers three areas:
Cosmos DB — list accounts, databases, and containers; run SQL queries; read, write, and delete documents
Service Bus — list namespaces, queues, and topics; send messages; peek, purge, and requeue dead letter queues
Authorization / PIM — list eligible roles and activate PIM role assignments
Authentication uses DefaultAzureCredential, which picks up an active az login session automatically. Optionally, Cosmos DB key-based auth and Service Bus connection-string auth can be used via environment variables (see Authentication below).
Requirements
Installation
macOS
brew install uv azure-cliLinux
curl -LsSf https://astral.sh/uv/install.sh | sh
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash # Debian/UbuntuFor other Linux distributions see the Azure CLI install docs.
Windows
winget install --id=astral-sh.uv
winget install --id=Microsoft.AzureCLIConfiguration
Claude Code users:
claude mcp add --scope user azure-utils -- uvx azure-utils-mcpFor other MCP clients, add the following to your server configuration:
{
"mcpServers": {
"azure-utils": {
"command": "uvx",
"args": ["azure-utils-mcp"]
}
}
}Restart your MCP client after adding the server.
Installing from source
git clone https://github.com/BrianDeacon/azure-utils-mcp
cd azure-utils-mcp
uv sync
az loginThen configure with the cloned path:
{
"mcpServers": {
"azure-utils": {
"command": "uv",
"args": ["run", "--directory", "/path/to/azure-utils-mcp", "azure-utils-mcp"]
}
}
}Authentication
All tools default to DefaultAzureCredential, which picks up an active az login session, managed identity, or other standard Azure credential sources.
For Cosmos DB and Service Bus, you can optionally use key-based or connection-string auth by setting environment variables. Each tool accepts an optional parameter to specify which env var to read from, with sensible defaults:
Service | Tool parameter | Default env var | What it holds |
Cosmos DB |
|
| Account key for data-plane operations |
Service Bus |
|
| Connection string for data-plane operations |
If the specified environment variable is set, its value is used for authentication. If not, DefaultAzureCredential is used as a fallback.
This design lets you point different tool calls at different credentials by overriding the env var name. For example, you might use MY_DEV_COSMOS_KEY for one account and MY_PROD_COSMOS_KEY for another, keeping both in your environment without conflict.
Other environment variables:
AZURE_SUBSCRIPTION_ID— used bylist_accounts/list_namespacesif set; otherwise resolved fromaz login
Cosmos DB Tools
The account parameter accepts either a short account name (e.g. my-cosmos-account) or a full endpoint URL. The https:// prefix and .documents.azure.com suffix are added automatically if missing.
All Cosmos DB data-plane tools (everything except cosmosdb_list_accounts) accept an optional key_env_var parameter (default AZURE_COSMOS_KEY). See Authentication.
cosmosdb_list_accounts
List all Cosmos DB accounts in the current Azure subscription.
cosmosdb_list_databases
Parameter | Type | Required | Description |
| string | yes | Cosmos DB account name or endpoint |
| string | no | Env var holding the account key (default |
cosmosdb_list_containers
Parameter | Type | Required | Description |
| string | yes | Cosmos DB account name or endpoint |
| string | yes | Database name |
| string | no | Env var holding the account key (default |
cosmosdb_get_container_info
Parameter | Type | Required | Description |
| string | yes | Cosmos DB account name or endpoint |
| string | yes | Database name |
| string | yes | Container name |
| string | no | Env var holding the account key (default |
Returns partition key path, indexing policy, default TTL, unique key policy, and system properties.
cosmosdb_query_items
Parameter | Type | Required | Description |
| string | yes | Cosmos DB account name or endpoint |
| string | yes | Database name |
| string | yes | Container name |
| string | yes | SQL query (e.g. |
| integer | no | Max items to return (default 100, cap 1000) |
| string | no | Env var holding the account key (default |
cosmosdb_query_items_to_file
Same as cosmosdb_query_items but writes results to a file. Use when result sets may be large.
Parameter | Type | Required | Description |
| string | yes | Cosmos DB account name or endpoint |
| string | yes | Database name |
| string | yes | Container name |
| string | yes | SQL query |
| string | yes | Path to write results as a JSON array |
| integer | no | Max items to return (default 100, cap 1000) |
| string | no | Env var holding the account key (default |
cosmosdb_count_items
Parameter | Type | Required | Description |
| string | yes | Cosmos DB account name or endpoint |
| string | yes | Database name |
| string | yes | Container name |
| string | no | SQL WHERE clause body (e.g. |
| string | no | Env var holding the account key (default |
cosmosdb_read_item
Parameter | Type | Required | Description |
| string | yes | Cosmos DB account name or endpoint |
| string | yes | Database name |
| string | yes | Container name |
| string | yes | Item |
| string | yes | Partition key value |
| string | no | Env var holding the account key (default |
cosmosdb_upsert_item
Parameter | Type | Required | Description |
| string | yes | Cosmos DB account name or endpoint |
| string | yes | Database name |
| string | yes | Container name |
| object | yes | Full item document — must include an |
| string | no | Env var holding the account key (default |
cosmosdb_delete_item
Destructive.
Parameter | Type | Required | Description |
| string | yes | Cosmos DB account name or endpoint |
| string | yes | Database name |
| string | yes | Container name |
| string | yes | Item |
| string | yes | Partition key value |
| string | no | Env var holding the account key (default |
Service Bus Tools
The namespace parameter accepts either a short name (e.g. my-namespace) or a fully qualified hostname. The .servicebus.windows.net suffix is appended automatically if absent.
All Service Bus data-plane tools (everything except servicebus_list_namespaces) accept an optional connection_string_env_var parameter (default AZURE_SERVICEBUS_CONNECTION_STRING). See Authentication.
servicebus_list_namespaces
List all Service Bus namespaces in the current Azure subscription.
servicebus_list_queues
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| string | no | Env var holding the connection string (default |
servicebus_list_topics
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| boolean | no | If true, returns a map of topic → subscription names (default false) |
| string | no | Env var holding the connection string (default |
servicebus_send_message
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| string | yes | Queue or topic name |
| string | yes | Message body |
| string | no | Required for session-enabled queues |
| string | no | Correlation ID |
| object | no | Key/value map of custom properties |
| string | no | ISO 8601 datetime to enqueue the message |
| string | no | Env var holding the connection string (default |
servicebus_send_batch
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| string | yes | Queue or topic name |
| array | yes | Array of message objects, each with |
| string | no | Env var holding the connection string (default |
servicebus_peek_messages / servicebus_peek_messages_to_file
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| string | yes | Queue name |
| integer | no | Max messages (default 10, cap 100) |
| string | no | Peek within a specific session |
| string | yes (to_file only) | Path to write message bodies |
| string | no | Env var holding the connection string (default |
servicebus_peek_dlq / servicebus_peek_dlq_to_file
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| string | yes | Queue name |
| integer | no | Max messages (default 10, cap 100) |
| string | yes (to_file only) | Path to write message bodies |
| string | no | Env var holding the connection string (default |
servicebus_purge_queue / servicebus_purge_dlq
Destructive.
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| string | yes | Queue name |
| integer | no | Safety cap (default 1000) |
| string | no | Env var holding the connection string (default |
servicebus_requeue_dlq
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| string | yes | Queue name |
| integer | no | Safety cap (default 100) |
| string | no | Env var holding the connection string (default |
servicebus_peek_subscription_messages / servicebus_peek_subscription_messages_to_file
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| string | yes | Topic name |
| string | yes | Subscription name |
| integer | no | Max messages (default 10, cap 100) |
| string | no | Peek within a specific session |
| string | yes (to_file only) | Path to write message bodies |
| string | no | Env var holding the connection string (default |
servicebus_peek_subscription_dlq / servicebus_peek_subscription_dlq_to_file
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| string | yes | Topic name |
| string | yes | Subscription name |
| integer | no | Max messages (default 10, cap 100) |
| string | yes (to_file only) | Path to write message bodies |
| string | no | Env var holding the connection string (default |
servicebus_purge_subscription / servicebus_purge_subscription_dlq
Destructive.
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| string | yes | Topic name |
| string | yes | Subscription name |
| integer | no | Safety cap (default 1000) |
| string | no | Env var holding the connection string (default |
servicebus_requeue_subscription_dlq
Parameter | Type | Required | Description |
| string | yes | Service Bus namespace |
| string | yes | Topic name |
| string | yes | Subscription name |
| integer | no | Safety cap (default 100) |
| string | no | Env var holding the connection string (default |
Authorization / PIM Tools
authorization_list_eligible_roles
List all Azure PIM roles you are eligible to activate, across all accessible subscriptions. Returns role name, scope, and whether the eligibility is permanent or time-limited.
authorization_activate_role
Parameter | Type | Required | Description |
| string | yes | Role name as returned by |
| string | yes | Scope as returned by |
| string | yes | Reason for activation |
| string | no | ISO 8601 duration (e.g. |
Returns activation status and request ID. Provisioned means immediately active; PendingApproval means an approver must act first.
Security
Authentication defaults to
DefaultAzureCredential. When key-based or connection-string auth is used via environment variables, only the env var name is passed as a tool argument, never the secret value itself.purge_*andrequeue_*tools enforce amax_messagessafety cap to prevent accidental bulk operations.cosmosdb_delete_itemis a hard point-delete requiring both item ID and partition key.
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/BrianDeacon/azure-utils-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server