Azure Security Services

Services

MCP Server (Preferred)

When Azure MCP is enabled:

Key Vault

• azure__keyvault with command keyvault_list – List Key Vaults
• azure__keyvault with command keyvault_secret_list – List secrets in vault
• azure__keyvault with command keyvault_secret_get – Get secret value
• azure__keyvault with command keyvault_key_list – List keys
• azure__keyvault with command keyvault_certificate_list – List certificates

RBAC

• azure__role with command role_assignment_list – List role assignments
• azure__role with command role_definition_list – List role definitions

If Azure MCP is not enabled: Run /azure:setup or enable via /mcp.

CLI Fallback

# Key Vault
az keyvault list --output table
az keyvault secret list --vault-name VAULT --output table
az keyvault secret show --vault-name VAULT --name SECRET

# RBAC
az role assignment list --output table
az role definition list --output table

# Managed Identity
az identity list --output table

Key Security Principles

1. Use managed identities – No credentials to manage
2. Apply least privilege – Minimum required permissions
3. Enable Key Vault – Never hardcode secrets
4. Use private endpoints – No public internet access
5. Enable auditing – Log all access

Common RBAC Roles

Service Details

For deep documentation on specific services:

• Key Vault best practices -> Key Vault documentation
• Managed identity patterns -> Managed identities documentation
• RBAC configuration -> azure-role-selector skill or Azure RBAC documentation