CHANGELOG.md

Release History

2.0.0 (2026-04-09)

🚀 New Major Release — Azure MCP Server 2.0

We're thrilled to announce the second major release of the Azure MCP Server! Version 2.0 represents a significant evolution from the 1.0 release, bringing remote HTTP deployment, dramatically expanded Azure service coverage, comprehensive security hardening, and major performance improvements. This release spans over 40 beta iterations and hundreds of contributions.

Key Features & Improvements

• Deploy as a Remote MCP Server: Deploy the Azure MCP Server as a shared, multi-user HTTP service with Entra ID authentication and On-Behalf-Of (OBO) authorization
• Use with Sovereign Clouds: Full support for Azure Government and Azure China clouds across multiple services
• More Docker Options: AMD64 and ARM64 images are now available. Trimmed binaries cut image size by ~60% compared to initial Docker builds
• New Installation Methods: Added two new distribution formats:
  • PyPI: With UVX support for Python/uv-based workflows
  • MCP Bundles (.mcpb): A portable format compatible with Claude Desktop
• Security Hardening: Comprehensive input validation, SSRF protection, SQL/KQL injection prevention, query parameterization, and endpoint validation across all services
• User Confirmation Prompts: Added user confirmation prompts for sensitive and destructive operations via MCP elicitation
• Foundry Integration: Added integration with the external Azure AI Foundry MCP server (https://mcp.ai.azure.com) providing agent lifecycle, batch evaluation, prompt optimization, and project connection management tools
• More Tools: Increased tool coverage from 170+ to 260+ across 50+ services
• Improved Performance: Server startup reduced from ~20s to ~1-2s when proxied MCP servers are enabled (Microsoft Documentation, Azure Developer CLI, Azure AI Foundry)

Getting Started

Install the Azure MCP Server from your preferred platform:

• VS Code: Install the Azure MCP Server extension
• Visual Studio 2022: Install GitHub Copilot for Azure
• Visual Studio 2026: Install the Azure and AI Development workload
• Claude and GitHub Copilot CLI: Install the Azure Copilot Plugin
• IntelliJ IDEA: Install the Azure Toolkit for IntelliJ
• Eclipse IDE: Install the Azure Toolkit for Eclipse
• NuGet: Run dotnet tool install -g Azure.Mcp --version 2.0.0
• npm: Run npx @azure/mcp@2.0.0
• Docker: Run docker pull mcr.microsoft.com/azure-mcp:2.0.0
• PyPI: Run pip install msmcp-azure==2.0.0
• MCP Bundles: Download the .mcpb file for your platform/architecture and open it with your client, like Claude Desktop:
  • Linux: x64 | ARM64
  • macOS: x64 | ARM64
  • Windows: x64 | ARM64

Documentation

• Complete Command Reference
• Authentication
• Remote Server Deployment
• Connecting to Sovereign Clouds
• Troubleshooting
• Contributing Guidelines

Thank You

This release was made possible by the incredible efforts of our engineering team, partners, contributors, and the invaluable feedback from our users and the open-source community. We want to extend a huge thank you to everyone who contributed, tested, and provided feedback throughout the development of Azure MCP Server 2.0!

For a complete history of changes included in this release, see entries for versions 2.0.0-beta.1 through 2.0.0-beta.40.

2.0.40 (2026-04-07) (pre-release)

Changed

• Added query parameterization for SQL-based tools (MySQL, PostgreSQL, Cosmos DB) and input sanitization for KQL-based tools (Kusto, Monitor, Deploy), with shared helpers in Microsoft.Mcp.Core. [#2362]

2.0.39 (2026-04-06) (pre-release)

Added

• Added endpoint validation for the namespace parameter in servicebus tools to ensure it resolves to a valid Azure Service Bus domain. [#2349]

Fixed

• Added input validation for Azure Storage account names in StorageService. [#2350]

2.0.38 (2026-04-03) (pre-release)

Fixed

• Replaced structured logging of entire options objects with explicit non-sensitive identifiers in error log statements across all commands. [#2336]
• Added URI validation for disk creation source parameter to enforce HTTPS and Azure Blob Storage endpoints. [#2339]

2.0.37 (2026-04-02) (pre-release)

Fixed

• Fix endpoint validation on non-Public cloud environments. [#2322]

Changed

• Added a ClientName option and ToolArea model property to the plugin-telemetry tool. ClientType will be deprecated once usage data decreases. [#2324]

2.0.36 (2026-03-31) (pre-release)

Fixed

• Added service name validation for Azure AI Search tools. [#2307]

2.0.35 (2026-03-30) (pre-release)

Changed

• Added skill name and tool name validation to the plugin-telemetry tool. Skill names are validated against an allowlist to prevent logging of customer-defined custom skill names. Tool names are validated by stripping known client prefixes (Claude Code, VS Code, Copilot CLI) and matching against registered commands or area names, with normalized names logged for consistent telemetry. Added an allowlist for Azure extension tools that are not azmcp commands but still tracked. Expanded the plugin file-reference allowlist with additional azure-enterprise-infra-planner reference paths. [#2291]
• Refactored PluginTelemetryCommand to use constructor injection for allowlist providers and lazy resolution of ICommandFactory via IServiceProvider to avoid circular dependency during startup. [#2291]

Fixed

• Configured the right audience based on Cloud configuration when creating SDK clients for tools in:
  • AppConfiguration [#2287]
  • Container Registry [#2286]
  • Monitor Query [#2285]
  • Search [#2283]
• Fixed JSON deserialization issues for resourcehealth events with timezone-less datetime values. [#2293]

2.0.34 (2026-03-27) (pre-release)

Added

• Added --dangerously-disable-retry-limits server start option to bypass retry policy bounds enforcement when explicitly required. [#2239]

Changed

• Breaking: Removed support for custom URL-based authority hosts in the --cloud option. The option now accepts only well-known cloud names. Unrecognized values now throw an ArgumentException instead of defaulting to the public cloud. Supported values are: [#2257]
  • AzureCloud
  • AzurePublicCloud
  • Public
  • AzurePublic
  • AzureChinaCloud
  • China
  • AzureChina
  • AzureUSGovernment
  • AzureUSGovernmentCloud
  • USGov
  • USGovernment
• Enforced upper bounds on retry policy values to prevent excessively large retry configurations. [#2239]
• Bumped @azure/msal-browser to 5.2.0+ to comply with Component Governance requirements. [#2260]
• Removed references to the non-existent --public-access-level parameter from the storage_blob_container_create tool description and associated e2e test prompts. [#2264]

Fixed

• Enforced read-only and HTTP mode restrictions at tool execution time, not just during tool listing. [#2226]
• Improved reliability by adding regex timeouts to prevent hangs, limiting large resource listings, and allowing cancellation to propagate correctly through exception handling. [#2223]
• Fixed Cosmos DB cache key generation to include the authentication method, preventing incorrect client reuse across authentication types. [#2217]
• Fixed validation gap in BaseAzureResourceService where the additionalFilter parameter could be concatenated into Resource Graph queries without validation. Pipe operators are now rejected. [#2217]
• Added input validation for ledger names in ConfidentialLedgerService to ensure only valid characters are accepted. [#2211]
• Fixed elicitation for GitHub Copilot CLI by updating from UntitledSingleSelectEnumSchema to TitledSingleSelectEnumSchema. [#2253]
• Fixed incorrect SignalR caching where runtime results were not stored in the cache, causing every request to re-fetch instead of returning cached data. [#2254]
• Added CacheKeyBuilder to construct cache keys using characters disallowed in Azure resource and subscription names, preventing cache collisions in multi-client remote scenarios. [#2259]
• Added vault name validation in KeyVaultService to prevent unsafe input from being interpolated into Key Vault and Managed HSM URIs. [#2238]

2.0.33 (2026-03-25) (pre-release)

Added

• Updated secret elicitation to require explicit user confirmation before proceeding with sensitive operations. [#2197]

Changed

• Extended elicitations/user consent prompts to cover destructive operations (delete, modify, create) in addition to secret operations, and consolidated both into a single prompt to avoid duplicate confirmation. [#2208]

Fixed

• Added IPv4 format validation and blocked dangerous IP ranges in the sql_server_firewall-rule_create command to prevent overly permissive firewall rules. [#2206]
• Improved HttpRequestException handling to return the actual HTTP status code when available instead of defaulting to 503 Service Unavailable. [#2200]

2.0.32 (2026-03-24) (pre-release)

Added

• Added blocklist validation for security-sensitive PostgreSQL server parameters (audit logging, TLS/SSL, authentication, shared libraries, row-level security) in the server param set command to prevent accidental weakening of server security. [#2164]
• Added --public-network-access option to the redis_create command to control public network access for Azure Managed Redis resources (defaults to disabled). [#2179]

Changed

• Centralized Foundry and Azure OpenAI endpoint validation using the shared EndpointValidator with sovereign cloud support. [#2162]
• Added file path validation and canonicalization for the speech_stt_recognize and speech_tts_synthesize commands. [#2162]
• Added skill name allowlist validation to the plugin-telemetry tool to prevent logging of customer-defined custom skill names, and expanded the plugin file-reference allowlist with additional azure-enterprise-infra-planner reference paths. [#2149]
• Removed structured logging of the full options payload from the sql_server_create command to prevent accidental exposure of sensitive values. [#2158]
• Updated Docker release pipeline to publish additional minor version tags (e.g., 2.0, 2.0-amd64, 2.0-arm64) allowing consumers to pin to a minor release stream. [#2144]

Fixed

• Fixed PostgreSQL and MySQL server name validation to require allowed Azure domain suffixes when a fully qualified domain name is provided. [#2159]
• Fixed Cosmos DB credential authentication to strictly honor the requested authentication method instead of falling back to account-key authentication. [#2162]
• Fixed snapshot lookup in the FileShares namespace to use exact resource ID matching instead of substring matching. [#2168]
• Improved Cosmos DB query validator to detect a broader range of boolean tautology patterns. [#2171]
• Fixed the sql_server_create command to default --public-network-access to Disabled for secure-by-default server creation. [#2181]

2.0.31 (2026-03-20) (pre-release)

Added

• Added new compute commands to delete VMs and VM scale sets with --force-deletion support: [#2065]
  • compute_vm_delete
  • compute_vmss_delete
• Added containerapps_list tool to list Azure Container Apps in a subscription. [#1981]
• Enhanced monitor instrumentation tools with framework-aware onboarding for .NET, Node.js, and Python, including guidance for Application Insights 3.x migration and Azure Monitor Distro adoption, and added the send_enhancement_select tool to submit selected enhancements to an active orchestrator session. [#2115]
• Added default subscription resolution from the Azure CLI profile (~/.azure/azureProfile.json) for all subscription-scoped commands, falling back to AZURE_SUBSCRIPTION_ID environment variable. [#1974]
• Added group_resource_list tool to list all resources within an Azure Resource Group, including generic and non-specialized resources. [#1975]

Changed

• Breaking: Renamed the following monitor tools to use dash-separated names instead of underscores: [#2134]
  • get-learning-resource
  • orchestrator-start
  • orchestrator-next
  • send-brownfield-analysis
• Breaking: Narrowed the subscription list command response model to include only (subscriptionId, displayName, state, tenantId, isDefault) instead of the full Azure SDK SubscriptionData type. [#1974]
• Improved tool descriptions to enhance LLM selection accuracy for the following tools: [#2131]
  • extension_azqr
  • extension_cli_generate
  • extension_cli_install

2.0.30 (2026-03-19) (pre-release)

Changed

• Breaking: Moved the following tools from the monitorinstrumentation namespace to the monitor namespace: [#2087]
  • list_learning_resources
  • get_learning_resource
  • orchestrator_start
  • orchestrator_next
  • send_brownfield_analysis
• Breaking: Consolidated the list_learning_resources and get_learning_resource tools into a single get_learning_resource tool in the monitor namespace. [#2113]
• Extended command telemetry to include additional attributes (plugin-version, skill-name, skill-version). [#2114]
• Reviewed MCP tool Command definitions and resolved validation inconsistencies, aligning implementations with tool development guidelines and improving consistency across multiple tool areas. [#2086]

2.0.29 (2026-03-18) (pre-release)

Added

• Added new compute tool for deleting Azure managed disks: [#2059]
  • compute_disk_delete

Changed

• Added GitHub API rate limiting handling, runtime configuration support, and live test infrastructure for the Azure.Mcp.Tools.Functions toolset. [#2071]
• Removed hardcoded Model Context Protocol version in favor of using the latest supported by the C# SDK. [#2101]
• Added tenant parameter support to Azure Resource Graph queries in BaseAzureResourceService, enabling queries to run against the intended tenant context. [#1945]

Fixed

• Fixed SQL injection vulnerability in MySQL query validation that allowed bypassing safety checks via version-specific comments and UNION-based attacks. [#2083]
• Hardened Postgres SQL query validator to block set-operation keywords (UNION, INTERSECT, EXCEPT), additional dangerous system catalogs, and fixed false-positive comment detection inside string literals. [#2096]
• Hardened SSRF protection in EndpointValidator against IPv6 transition mechanism bypass vectors (IPv4-mapped, 6to4, Teredo, NAT64, NAT64v2, IPv4-compatible), added wildcard DNS blocklist, trailing-dot FQDN normalization, and sanitized error messages to prevent IP address leakage. [#2066]

2.0.28 (2026-03-17) (pre-release)

Added

• Enhanced Azure File Shares private endpoint connection management with improved reliability and updated SDK support. [#1823]
• Added new monitorinstrumentation tools that analyze a local workspace and return step-by-step guidance to instrument applications with Azure Monitor: [#1960]
  • list_learning_resources
  • get_learning_resource
  • orchestrator_start
  • orchestrator_next
  • send_brownfield_analysis
• Enhanced the wellarchitectedframework serviceguide get tool to act as a list command when no service parameter is provided, reducing the total number of tools. [#2020]
• Expanded the PostgreSQL query validator blocklist with additional dangerous functions and system catalogs. [#2067]
• Added a hidden plugin-telemetry tool to emit skill/tool invocation telemetry for agent scenarios (e.g., Copilot CLI), including validated and sanitized file references via an embedded allowlist. [#1979]

Changed

• Breaking: Removed the following tools from the foundryextensions namespace: [#2037]
  • agents_get-sdk-sample
  • threads_create
  • threads_list
  • threads_get-messages
• Improved testability of the following namespaces by removing a dependency on CommandContext.ServiceProvider in ExecuteAsync:
  • appservice [#1900]
  • foundryextensions [#1990]
  • redis [#1888]
  • storage [#1880]
  • loadtesting [#2062]
  • kusto [#2061]
  • marketplace [#2064]
  • keyvault [#2060]
  • managedlustre [#2063]
• Refactored tools in the following namespaces to use constructor dependency injection instead of resolving services via context.GetService<T>() in ExecuteAsync:
  • communication [#1913]
  • eventhubs [#1986]
  • eventgrid [#1985]
• Reintroduced capturing error information in telemetry with standard exception.message, exception.type, and exception.stacktrace telemetry tags, replacing the ErrorDetails tag. [#1942]
• Improved descriptions for better LLM selection accuracy for the following:
  • The deploy_architecture_diagram_generate and deploy_plan_get tools [#2023]
  • The search index get, search index query, and search service list tools [#2038]
  • The azuremigrate namespace [#2043]
  • The resourcehealth namespace [#2025]
• Centralized ARM access token acquisition in BaseAzureService via GetArmAccessTokenAsync, eliminating duplicated inline credential and token fetching logic across service implementations. [#2033]
• Updated Landing Zone URL in the azuremigrate tools to use aka.ms links. [#2028]
• Standardized CacheService TTLs across services by introducing centralized CacheDurations tiers (subscription 12h→2h; service data 1h→5m). [#1973]
• Switched Docker publishing to 1ES tasks for pushing images to ACR and split the release process into separate load and multi-arch manifest publish steps. [#2069]
• Updated eng/common from the tools repo, pulling in shared engineering pipeline/script changes and dependency/lockfile refreshes. [#2030]
• Updated .NET SDK from 10.0.103 to 10.0.201. [#2072]
• Updated Azure.ResourceManager.FileShares from 1.0.0-beta.1 to 1.0.0-beta.2. [#1823]
• Updated Azure.Bicep.Types from 0.6.27 to 0.6.50. [#1574]

Fixed

• Improved the applens resource diagnose tool to use ARG-based resource discovery with optional subscription, resource group, and resource type parameters. [#2018]
• Added filtering on LocalRequired when running in remote mode. [#2017]
• Fixed the postgres list tool incorrectly requiring --resource-group and --user when listing servers at the subscription scope. Both parameters are now optional as intended. [#2015]
• Fixed a connection string injection vulnerability in PostgreSQL and MySQL tools by using parameterized connection string builders instead of string interpolation. [#2056]
• Fixed KQL injection vulnerabilities in Kusto tools where user-controlled table names were directly interpolated into KQL commands without escaping, allowing arbitrary command execution. [#2070]
• Fixed credential chain crash from InteractiveBrowserCredential failure. [#2076]

2.0.27 (2026-03-12) (pre-release)

Added

• Added compute disk create and compute disk update commands for managing Azure managed disks. [#1936]
• Added Azure Device Registry namespace list command (azmcp deviceregistry namespace list) [#1961]
• Added Azure Functions toolset with three new tools: functions_language_list for listing supported languages, functions_project_get for retrieving project initialization files, and functions_template_get for listing and fetching function template source code. [#1959]
• CodeToCloud feature parity improvements for Deploy and Quota areas: [#1663]
  • Support deployment using Azure CLI with Bicep/Terraform
  • Support creation of a deploy-to-existing-resources plan
  • New resource type support in quota checks, including SQL, MySQL, and CosmosDB
  • New IaC rules added for better support regarding code quality, configuration success and security

Changed

• Breaking: azmcp deploy pipeline guidance get option renames and removals: [#1663]
  • --use-azd-pipeline-config renamed to --is-azd-project
  • --azd-iac-options renamed to --iac-options
  • --organization-name, --repository-name, and --github-environment-name options removed
  • --pipeline-platform and --deploy-option added as new options This new design allows an overall better user experience to generate CI/CD pipeline to Azure.
• AzureIsv: Improved testability by removing dependency on CommandContext.ServiceProvider in ExecuteAsync. [#1902]
• Compute: Improved testability by removing dependency on CommandContext.ServiceProvider in ExecuteAsync. [#1914]
• Refactored Azure Migrate commands to use constructor dependency injection instead of context.GetService() [#1909]
• Refactored FunctionAppGetCommand to use constructor dependency injection for IFunctionAppService instead of resolving it via context.GetService<T>() in ExecuteAsync. [#1991]
• Refactored Azure.Mcp.Tools.Extension commands to use constructor dependency injection instead of resolving services via context.GetService<T>() in ExecuteAsync. [#1988]
• Refactored Azure.Mcp.Tools.Grafana to use constructor dependency injection instead of resolving services via context.GetService<T>() in ExecuteAsync. [#1992]

2.0.26 (2026-03-10) (pre-release)

Added

• Added DeviceCodeCredential support for headless environments (Docker, WSL, SSH tunnels, CI) where browser-based interactive authentication is unavailable. It is automatically used as a last-resort fallback in the default and dev credential chains, and can also be selected exclusively by setting AZURE_TOKEN_CREDENTIALS=DeviceCodeCredential. Not available in stdio or http server transport modes. [#1908]
• Added Azure Compute VM create/update and VMSS create/update. [#1705]
• Added Azure Well-Architected Framework service guide tool to provide architectural best practices, design patterns, and recommendations based on the five pillars: reliability, security, cost optimization, operational excellence, and performance efficiency. [#1964]

Changed

• AppLens: Improved testability by removing dependency on CommandContext.ServiceProvider in ExecuteAsync. [#1884]
• Acr: Improved testability by removing dependency on CommandContext.ServiceProvider in ExecuteAsync. [#1881]
• Aks: Improved testability by removing dependency on CommandContext.ServiceProvider in ExecuteAsync. [#1883]
• Authorization: Improved testability by removing dependency on CommandContext.ServiceProvider in ExecuteAsync. [#1901]
• Advisor: Improved testability by removing dependency on CommandContext.ServiceProvider in ExecuteAsync. [#1882]
• Refactored ApplicationInsights tools to use constructor dependency injection. [#1899]

2.0.25 (2026-03-05) (pre-release)

Added

• Added new tools available via the external Azure AI Foundry MCP server (https://mcp.ai.azure.com) that provide capabilities not previously available in Azure MCP Server: [#1771]
  • agent_container_control: Control an agent container
  • agent_container_status_get: Get the status of an agent container
  • agent_definition_schema_get: Get the schema for an agent definition
  • agent_invoke: Invoke an agent interactively
  • evaluation_agent_batch_eval_create: Create a batch evaluation run for an agent
  • evaluation_dataset_batch_eval_create: Create a batch evaluation run using a dataset
  • evaluator_catalog_create: Create a custom evaluator in the catalog
  • evaluator_catalog_delete: Delete an evaluator from the catalog
  • evaluator_catalog_get: Get an evaluator from the catalog
  • evaluator_catalog_update: Update an evaluator in the catalog
  • project_connection_create: Create a connection in a Foundry project
  • project_connection_delete: Delete a connection from a Foundry project
  • project_connection_get: Get details of a Foundry project connection
  • project_connection_list: List connections in a Foundry project
  • project_connection_list_metadata: List metadata for connections in a Foundry project
  • project_connection_update: Update a connection in a Foundry project
  • prompt_optimize: Optimize a prompt for a specific model
• Added eng/scripts/Preflight.ps1 developer CI preflight check script with format, spelling, build, tool metadata, README validation, unit test, and AOT analysis steps. [#1893]
• Added tools for web app diagnostics. [#1907]

Changed

• Breaking: Foundry tools previously under the foundry namespace have moved to the new foundryextensions namespace within Azure MCP Server, retaining direct in-process access to Azure OpenAI, knowledge indexes, agent threads, and resources: [#1771]
  • foundryextensions_agents_get_sdk_sample: Get an SDK code sample for Azure AI Foundry Agents
  • foundryextensions_knowledge_index_list: List knowledge indexes in a Foundry project
  • foundryextensions_knowledge_index_schema: Get the schema of a knowledge index
  • foundryextensions_openai_chat_completions_create: Create a chat completion using an Azure OpenAI deployment
  • foundryextensions_openai_create_completion: Create a text completion using an Azure OpenAI deployment
  • foundryextensions_openai_embeddings_create: Create embeddings using an Azure OpenAI deployment
  • foundryextensions_openai_models_list: List available Azure OpenAI models
  • foundryextensions_resource_get: Get details about a Foundry resource
  • foundryextensions_threads_create: Create a new agent thread
  • foundryextensions_threads_get_messages: Get messages from an agent thread
  • foundryextensions_threads_list: List agent threads
• Breaking: The following Azure AI Foundry tools were renamed as part of the migration to the external Foundry MCP server (https://mcp.ai.azure.com). See the Breaking Changes entry for the full list of removed tools: [#1771]
  • foundry_agents_list → agent_get
  • foundry_agents_create → agent_update
  • foundry_agents_connect → agent_invoke
  • foundry_models_list → model_catalog_list
  • foundry_models_deploy → model_deploy
  • foundry_models_deployments_list → model_deployment_get
  • foundry_agents_query-and-evaluate → evaluation_agent_batch_eval_create
  • foundry_agents_evaluate → evaluator_catalog_get
• Added Cloud to telemetry to denote which Azure cloud the tool is using. [#1918]
• Updated Microsoft.Identity.Web and Microsoft.Identity.Web.Azure from 4.4.0-preview.1 to 4.4.0. [#1896]

Fixed

• Fixed JSON Schema generation for OpenAI Codex model compatibility: added additionalProperties: false, enum types now emit as string with named values, added enum array to enum properties, empty descriptions are omitted instead of serialized as empty strings. [#1893]
• Fixed argument parsing to support camelCase parameter names and flat argument structures sent by Codex and other OpenAI models. [#1893]
• Fixed flaky VisualStudioToolNameTests by using in-process CommandFactory instead of external process with timeout. [#1893]
• Fixed Linux stdio watcher regression where using CWD as content root could exhaust inotify watchers (ENOSPC). Host builders now use AppContext.BaseDirectory as content root. [#1935]

2.0.24 (2026-03-03) (pre-release)

Added

• Added App Service web app deployment retrieval tool. [#1898]

Changed

• Breaking: Consolidated sql_db_show and sql_db_list commands into a single sql_db_get command, and sql_server_show and sql_server_list commands into a single sql_server_get command. [#1897]

Fixed

• Fixed multiple bugs for the Azure Workbooks tool [#1646]

2.0.23 (2026-02-27) (pre-release)

Added

• Disable external process commands (azqr) in HTTP remote mode for security. [#1522]
• Added the appservice_webapp_get tool to retrieve details about Web Apps. [#1810]
• Added the following App Service Web App settings tools: [#1831]
  • appservice_webapp_settings_get-appsettings: Get application settings for an App Service Web App
  • appservice_webapp_settings_update-appsettings: Update application settings for an App Service Web App

Changed

• Breaking: Consolidated the cosmos_account_list, cosmos_database_list, and cosmos_database_container_list commands into a single cosmos_list command. [#1821]
• Improve testability by removing dependency on CommandContext.ServiceProvider in the ExecuteAsync() method for App Configuration *Command classes. [#1815]

Fixed

• Fixed azqr tool calls failing due to costs parameter removed in latest version. [#1739]
• Fixed OAuth Protected Resource Metadata flows in Azure Container Apps (ACA) by reading the X-Forwarded-Proto header (opt-in via AZURE_MCP_DANGEROUSLY_ENABLE_FORWARDED_HEADERS) to correctly construct the scheme in WWW-Authenticate challenge responses and the OAuth PRM endpoint. [#1820]

2.0.22 (2026-02-24) (pre-release)

Added

• The Azure MCP Server is now also available as an MCP Bundle (.mcpb), compatible with clients such as Claude Desktop and Claude Code. [#1681]
• Added sovereign cloud endpoint support for the AppLens, Application Insights, App Service, Azure Migrate, Confidential Ledger, Cosmos, Extension, Foundry, Key Vault, Kusto, Marketplace, Monitor, MySql, Postgres, Pricing, Quota, Resource Health, Search, Service Fabric, Speech, and Storage services. [#1729]
• Added endpoint validation for Azure Communication Services, App Configuration, and Container Registry. [#1765]
• Added the "createmigrateproject" action in the azuremigrate_platformlandingzone_request tool to create a new Azure Migrate project if one doesn't exist. [#1724]

Changed

• Breaking: Consolidated Resource Health availability-status commands: merged resourcehealth_availability-status_get and resourcehealth_availability-status_list into a single dual-mode resourcehealth_availability-status_get command. The command now accepts an optional --resourceId parameter: when provided, it returns a single resource's availability status; when omitted, it lists all resources. Tool name changed from resourcehealth_availability-status_list to use only resourcehealth_availability-status_get. [#1796]
• Switched Docker base image to runtime-deps:10.0-alpine. Since the server binary is self-contained, the full ASP.NET runtime base is unnecessary. Expected ~20-25% image size reduction (for example, azure-mcp images arm64: 648MB to ~482MB, amd64: 784MB to ~624MB). [#1782]
• Improved the storage_table_list tool description for better LLM tool selection. [#1800]

Fixed

• (Undocumented fix from version 2.0.0-beta.21) Added validation logic for endpoint parameters in Foundry tools. [#1658]
• Fixed error handling to ensure error messages are preserved for missing parameters. [#1751]

2.0.21 (2026-02-19) (pre-release)

Added

• Enabled trimmed binary for Docker and HTTP transport support for all distributions. [#1760]

Changed

• Add McpServerName to telemetry. [#1755]

2.0.20 (2026-02-17) (pre-release)

Added

• Added two new Azure Service Fabric managed clusters tools: [#1696]
  • servicefabric_managedcluster_node_get: List all nodes in a Service Fabric managed cluster
  • servicefabric_managedcluster_nodetype_restart: Restart nodes from a Service Fabric managed cluster

Changed

• Resolve gaps in the capture of certain telemetry tags. [#1718]
• Improved formatting of the --help CLI command and added examples. [#1640]
• Added prompt templates documentation (docs/prompt-templates.md) showing how to set tenant and subscription context once using .github/copilot-instructions.md or at the start of chat sessions, eliminating repetitive prompting. [#1744]
• Improved error message for tenant mismatch authentication errors with actionable resolution steps. [#1737]

2.0.19 (2026-02-12) (pre-release)

Added

• Added compute_disk_get tool to retrieve Azure managed disk information that supports listing all disks in a subscription, listing disks in a resource group, and getting specific disk details. [#1559]
• Added support for OAuth-protected registry servers by allowing oauthScopes in registry.json for HTTP-transport servers. [#1509]

Changed

• Consolidated KeyVault get/list commands - separate list commands removed: [#1653]
  • Removed keyvault_key_list - use keyvault_key_get without providing a key name
  • Removed keyvault_secret_list - use keyvault_secret_get without providing a secret name
  • Removed keyvault_certificate_list - use keyvault_certificate_get without providing a certificate name
• Consolidated Monitor WebTest commands – (get/list merged into monitor_webtests_get, create/update merged into monitor_webtests_createorupdate): [#1678]
  • Removed monitor_webtests_list – use monitor_webtests_get without providing a WebTest name
  • Removed monitor_webtests_update – use monitor_webtests_createorupdate for both create and update scenarios
• Consolidated MySQL and PostgreSQL list commands – separate server/database/table list tools removed: [#1710]
  • Removed postgres_server_list, postgres_database_list, postgres_table_list – use postgres_list with appropriate parameters to route hierarchically
  • Removed mysql_server_list, mysql_database_list, mysql_table_list – use mysql_list with appropriate parameters to route hierarchically
• Consolidated Load Testing TestRun commands – separate list/update commands removed: [#1711]
  • Removed loadtesting_testrun_list – use loadtesting_testrun_get for retrieving test runs
  • Removed loadtesting_testrun_update – use loadtesting_testrun_createorupdate for both create and update scenarios
• Added processor architecture to captured telemetry. [#1691]

2.0.18 (2026-02-10) (pre-release)

Added

• AMD64 and ARM64 Docker images of the Azure MCP Server are now available. [#1651]

Fixed

• Added CORS policy to restrict cross-origin requests to localhost when running in unauthenticated development environment. [#1609]
• Fixed elicitation prompts failing with 'Form mode elicitation requests require a requested schema' error by using simple accept/decline prompts instead of form-based schemas for sensitive tool confirmations. [#1668]

2.0.17 (2026-02-05) (pre-release)

Added

• Added log telemetry support for customer-owned AppInsights. [#1638]
• Added support for dangerous persistent logging configuration in VSIX extension, allowing users to specify a directory for detailed debug logs via the azureMcp.dangerouslyWriteSupportLogsToDir setting. [#1639]

Fixed

• Improved input validation in ResourceHealth and Kusto tools: [#1634]
  • ResourceHealth: Added resource ID validation using Azure.Core.ResourceIdentifier.Parse()
  • Kusto: Added cluster URI validation with domain suffix and hostname allowlist

Changed

• Added cancellation token support so deploy operations can be cancelled cleanly and consistently. [#1627]
• Improved cancellation behavior for async enumerators by adding support for CancellationToken, making it easier to correctly stop long-running or streaming async iteration. [#1649]

2.0.16 (2026-02-03) (pre-release)

Added

• Added Azure Compute VM operations with flexible compute vm get command that supports listing all VMs in a subscription, listing VMs in a resource group, getting specific VM details, and retrieving VM instance view with runtime status: [#1482]
  • compute_vm_get
• Added Virtual Machine Scale Set (VMSS) get operations to retrieve VMSS information including listing across subscriptions or resource groups, getting specific VMSS details, and retrieving individual VM instances within a scale set: [#1482]
  • compute_vmss_get
• Added Azure Retail Pricing MCP tool for querying Azure service pricing information: [#1621]
  • pricing_get

Fixed

• Added support for new versions of Azure AI Search knowledge bases and those set to 'minimal' reasoning effort. [#1422]

Changed

• Removed ErrorDetails from telemetry. [#1625]
• Updated bestpractices tool description to ask LLM to use azure skills. [#1622]
• Updated swa app deployment instructions in bestpractices tool. [#1637]

2.0.15 (2026-01-29) (pre-release)

Added

• Added host information to tools execution telemetry. [#1604]

Fixed

• Fixed async disposal pattern in CosmosService by implementing IAsyncDisposable and replacing async void Dispose with proper async disposal. [#1532]
• Fixed a regression that disabled telemetry for remote Azure MCP server. [#1602]

Changed

• Added AreResultsTruncated to tools that list resources using Resource Graph. [#1526]
• Improved server startup performance by parallelizing external MCP server initialization, reducing startup time from ~20 seconds to ~1-2 seconds when using registry-based servers. [#1534]

2.0.14 (2026-01-27) (pre-release)

Added

• Added MCP tool for List Advisor Recommendations - advisor_recommendations_list. [#1519]
• Added new Azure Managed Lustre fileshare blob import management tools: [#1492]
  • managedlustre_fs_blob_import_create
  • managedlustre_fs_blob_import_get
  • managedlustre_fs_blob_import_cancel
  • managedlustre_fs_blob_import_delete
• Added Sovereign Cloud support for the Azure MCP server. Select services require additional changes and remain unsupported. [#1533]
• Added support for Azure Migrate platform landing zone operations with two new commands: [#1524]
  • azmcp_azuremigrate_platformlandingzone_getguidance - provides scenario-based guidance for Azure Landing Zone configurations including policy search and archetype-based policy listing
  • azmcp_azuremigrate_platformlandingzone_request - enables checking, generating, updating and downloading, platform landing zone configurations based on user inputs
• Added UVX support, enabling running MCP servers via uvx for improved Python/uv-based workflows. [#1359]

Changed

• Optimized --version flag to bypass full service initialization, reducing response time from ~10s to <3s. [#1531]
• Replaced the in-house HttpClientService with the built-in .NET IHttpClientFactory for HTTP client creation/management, improving configurability and aligning with recommended .NET patterns. [#1564]
• Added the internal utility ToolMetadataExporter to export current azmcp tool metadata (supporting Azure MCP metadata/telemetry documentation workflows). [#992]

2.0.13 (2026-01-22) (pre-release)

Changed

• Improved Foundry project endpoint parameter description. [#1555]

2.0.12 (2026-01-20) (pre-release)

Fixed

• Update outdated schema version within server.json to 2025-12-11 [#1527]

2.0.11 (2026-01-16) (pre-release)

Added

• Added 12 Azure File Shares tools for managing Azure managed file shares: [#1419]
  • File Share tools (5): CheckNameAvailability, Create, Delete, Get, Update
  • File Share Snapshot tools (4): Create, Delete, Get, Update
  • Informational tools (3): GetLimits, GetProvisioningRecommendation, GetUsageData
• Added support for listing and viewing individual Azure Policy assignments in subscriptions or scopes. [#1483]

Changed

• Breaking: Renamed the --insecure-disable-elicitation server startup option to --dangerously-disable-elicitation to align with the naming convention used by other dangerous options (e.g., --dangerously-disable-http-incoming-auth). The old option name is no longer supported. [#1374]
• Breaking: Renamed the storagesync_cloudendpoint_triggerchangedetection tool to storagesync_cloudendpoint_changedetection. The --directory-path parameter is now required. Added new optional parameters: --change-detection-mode (supports 'Default' or 'Recursive') and --paths (array of relative paths for change detection).
• Breaking: Renamed the following commands: [#1474]
  • get_bestpractices_get → get_azure_bestpractices_get
  • get_bestpractices_ai_app → get_azure_bestpractices_ai_app
• Updated repository to build projects using .NET 10. [#1221]
• Switched to Azure.ResourceManager.Monitor library to query metrics, list metrics definitions and metrics namespaces. [#1409]

2.0.10 (2026-01-09) (pre-release)

Added

• Added Azure Managed Lustre HSM (Hierarchical Storage Management) autoimport and autoexport job management tools:
  • managedlustre_fs_blob_autoimport_create - Create autoimport jobs to sync data from Azure Blob Storage to Lustre filesystem
  • managedlustre_fs_blob_autoimport_get - Get details of specific autoimport job(s)
  • managedlustre_fs_blob_autoimport_cancel - Cancel running autoimport jobs
  • managedlustre_fs_blob_autoimport_delete - Delete autoimport job records
  • managedlustre_fs_blob_autoexport_create - Create autoexport jobs to sync data from Lustre filesystem to Azure Blob Storage
  • managedlustre_fs_blob_autoexport_get - Get details of specific autoexport job(s)
  • managedlustre_fs_blob_autoexport_cancel - Cancel running autoexport jobs
  • managedlustre_fs_blob_autoexport_delete - Delete autoexport job records
• Added support for listing tables in Azure Storage via command azmcp_storage_table_list. [#743]

2.0.9 (2026-01-06) (pre-release)

Added

• Added 18 Azure Storage Sync tools for managing cloud synchronization of file shares: [#1419]
  • StorageSyncService tools (4): Create, Delete, Get, Update
  • RegisteredServer tools (3): Get, Unregister, Update
  • SyncGroup tools (3): Create, Delete, Get
  • CloudEndpoint tools (4): Create, Delete, Get, TriggerChangeDetection
  • ServerEndpoint tools (4): Create, Delete, Get, Update
• Added support for logging to local files using the --dangerously-write-support-logs-to-dir option for troubleshooting and support scenarios. When enabled, detailed debug-level logs are written to automatically-generated timestamped log files (e.g., azmcp_20251202_143052.log) in the specified folder. All telemetry is automatically disabled when support logging is enabled to prevent sensitive debug information from being sent to telemetry endpoints. [#1305]

Fixed

• Fixed a serialization issue in the Foundry Agent File Search tool. [#1205]

Changed

• Switched to a new Azure.Monitor.Query.Logs package to query logs from Azure Monitor. [#1309]
• Replace hard-coded strings for Azure.Mcp.Server with ones from IConfiguration. [#1269]
• Add hardcoded minimum TLS version of 1.2 to Storage account creation tool. [#1445]

2.0.8 (2025-12-11) (pre-release)

Fixed

• Fixed an issue where the AI Best Practices tool would get called instead of the Best Practices tool. [#1323]

2.0.7 (2025-11-25) (pre-release)

Changed

• Removed usage of writeIndented = true (pretty printing) from JsonSourceGenerationOptions to reduce token usage. [#1226]
• Updated the .NET 10 SDK version: 10.0.100-preview.7.25380.108 → 10.0.100. [#1243]

Fixed

• Added version parameter to the Azure MCP Server registration, which indicates VS code to refresh the tools for the latest MCP server registration. [#1050]
• Fixed elicitation flow to request user confirmation only once for security prompts. Previously, users saw two dialogs (input form + confirmation); now they see a single confirmation dialog (Submit/Cancel) for sensitive operations. [#1225]

2.0.6 (2025-11-20) (pre-release)

Added

• Added a [hidden] command server_info to provide server information (name, version) so server metadata is programmatically parsed in telemetry. [#1164]
• Added OpenTelemetry tracing support with Azure Monitor exporter for HTTP transport mode, allowing self-hosted instances to export traces to Application Insights when APPLICATIONINSIGHTS_CONNECTION_STRING is configured. [#1227]

Changed

• We now capture information for the MCP client request's _meta store. [#1154]
• Renamed Microsoft Azure AI Foundry to Microsoft Foundry. [#1211]
• Added version display to CLI help output. The version now appears on the first line when running any help command (e.g., azmcp --help). [#1161]

Fixed

• Improved performance of AI Code generation in Visual Studio 2026 [#1179]
• Updated AzureAIBestPractices tool to recommend AIProjectClient instead of PersistentAgentsClient [#1209]

2.0.5 (2025-11-14) (pre-release)

Added

• Enabled HTTPS redirection by default when running server start --transport http. This can be opted-out with AZURE_MCP_DANGEROUSLY_DISABLE_HTTPS_REDIRECTION when not needed. [#1169]
• Updated the User-Agent string to include transport type (stdio or http) for better telemetry and monitoring of Azure service calls. [#1146]
• Added support for creating new Redis resources via the redis_create command. [#1093]

Changed

• Breaking: Updated HttpClientService to ignore the DefaultUserAgent string set in HttpClientOptions. [#1146]
• Added a CancellationToken parameter to async methods to more I[SomeService] interfaces. [#1178]

Fixed

• Removed the DefaultUserAgent configuration from ApplicationInsightsSetup that had a hardcoded version and set the User-Agent string for all other service areas that used the HttpClientService. [#1146]

2.0.4 (2025-11-13) (pre-release)

Added

• PostgreSQL MCP tools now support both Microsoft Entra authentication and native database authentication. The default is Entra authentication, users can switch to native database authentication by providing the --auth-type parameter with the value PostgreSQL. If native authentication is selected, the user must also provide the user password via the --password parameter. [#1011]
• Telemetry: [#1150]
  • Enabled telemetry collection for the HTTP transport mode.
  • Refactored Azure Monitor exporter configuration to support multiple exporters with separate user-provided and Microsoft telemetry streams.
  • Added the AZURE_MCP_COLLECT_TELEMETRY_MICROSOFT environment variable to control Microsoft-specific telemetry collection (enabled by default).

Changed

• Added a CancellationToken parameter to async methods to more I[SomeService] interfaces. [#1133]

Fixed

• PostgreSQL MCP tools has improved the error message reported in case of failure deserializing some of the columns returned by a query. Non out-of-the-box types like vector cannot be deserialized and will now report a clear error message indicating which column caused the issue and an action plan so AI agents can recover from it. [#1024]
• Fixed exit code when invoking --help flag. Commands like tools list --help now correctly return exit code 0 instead of 1 when successfully displaying help output. [#1118]

2.0.3 (2025-11-11) (pre-release)

Added

• Added an Azure AI Best Practices toolset providing comprehensive guidance for building AI apps with Microsoft Foundry and Microsoft Agent Framework. Includes model selection guidance, SDK recommendations, and implementation patterns for agent development. [#1031]
• Added support for text-to-speech synthesis via the command speech_tts_synthesize. [#902]

Changed

• Breaking: PostgreSQL MCP tools now require SSL and verify the server's full certificate chain before creating database connections. This SSL mode provides both eavesdropping protection and man-in-the-middle protection. See SSL Mode VerifyFull for more details. [#1023]
• Refactored duplicate elicitation handling code in CommandFactoryToolLoader and NamespaceToolLoader into a shared BaseToolLoader.HandleSecretElicitationAsync method. [#1028]

Fixed

• Updated a codepath --mode namespace where learn=true wouldn't always result in agent learning happening. [#1122]
• Use the correct Assembly to find Version for telemetry. [#1122]

2.0.2 (2025-11-06) (pre-release)

Added

• Added support for speech recognition from an audio file with Fast Transcription via the command azmcp_speech_stt_recognize. [#1054]
• Added support for User-Assigned Managed Identity via the AZURE_CLIENT_ID environment variable. [#1033]
• Added the following features for deploying as a Remote MCP Server:
  • Added support for HTTP transport, including both incoming and outgoing authentication. Incoming authentication uses Entra ID, while outgoing authentication can either use Entra On-Behalf-Of (OBO) or the authentication configured in the host environment. [#1020]
  • Added support for the --dangerously-disable-http-incoming-auth command-line option to disable the built-in incoming authentication. Use this option only if you plan to provide your own incoming authentication mechanism, and with caution, as it exposes the server to unauthenticated access. [#1037]
• Enhanced the tools list command with new filtering and output options: [#741]
  • Added the --namespace option to filter tools by one or more service namespaces (e.g., 'storage', 'keyvault').
  • Added the --name-only option to return only tool names without descriptions or metadata.
• Added the following Microsoft Foundry tools: [#945]
  • foundry_agents_create: Create a new Microsoft Foundry agent.
  • foundry_agents_get-sdk-sample: Get a code sample to interact with a Foundry Agent using the Microsoft Foundry SDK.
  • foundry_threads_create: Create a new Microsoft Foundry Agent Thread.
  • foundry_threads_list: List all Microsoft Foundry Agent Threads.
  • foundry_threads_get-messages: Get messages in a Microsoft Foundry Agent Thread.

Changed

• Breaking: Renamed the --namespaces option to --namespace-mode in the tools list command for better clarity when listing top-level service namespaces. [#741]
• Telemetry:
  • Added ToolId into telemetry, based on IBaseCommand.Id, a unique GUID for each command. [#1018]
  • Added support for exporting telemetry to OTLP exporters by configuring the environment variable AZURE_MCP_ENABLE_OTLP_EXPORTER=true. [#1018]
  • Disabled telemetry for the HTTP transport. [#1072]

Fixed

• Fixed an issue that spawned child processes per namespace for consolidated mode. [#1002]
• Improved the agent learning experience by ignoring the command parameter, which resulted in neither learning nor a tool call to happen. Learning is now always invoked when learn=true is passed. [#1057]

2.0.1 (2025-10-29) (pre-release)

• Initial beta release to validate updated release infrastructure and versioning strategy. No functional changes from 1.x series.

1.0.0 (2025-10-27)

🎉 First Stable Release

We're excited to announce the first stable release of the Azure MCP Server! This milestone represents months of development, extensive testing, and valuable feedback from our community. The Azure MCP Server provides seamless integration between AI agents and 40+ Azure services through the Model Context Protocol (MCP) specification.

What's Included in 1.0.0

The Azure MCP Server now offers:

• Comprehensive Azure Service Coverage: Support for 40+ Azure services including Storage, Key Vault, Cosmos DB, SQL, Kubernetes (AKS), Microsoft Foundry, Event Hubs, Service Bus, PostgreSQL, MySQL, Redis, Azure Monitor, Application Insights, and many more
• Multiple Installation Methods: Available through NuGet, NPM, and Docker; or as an extension/plugin for VS Code, Visual Studio 2022, and IntelliJ IDEA.
• Flexible Server Modes:
  • Namespace mode (default): Organizes tools by service for easy discovery
  • Consolidated mode: Groups tools by tasks and actions for streamlined workflows
  • Single mode: All tools behind one unified "azure" tool
  • All mode: Exposes every tool individually for maximum control
• Advanced Authentication: Supports multiple Azure authentication methods with credential chaining
• Production Ready: Includes comprehensive error handling, retry policies, telemetry, and extensive test coverage
• Developer Friendly: Native AOT compilation support, read-only mode for safe exploration, and detailed documentation

Key Features

• 170+ Azure Commands across Storage, Databases, AI Services, Monitoring, and more
• Enterprise Support: Proxy configuration, managed identity authentication, and secure credential handling
• Performance Optimizations: Selective caching for expensive operations and efficient HTTP client management

Getting Started

Install the Azure MCP Server from your preferred platform:

• VS Code: Install the Azure MCP Server extension
• Visual Studio 2022: Install GitHub Copilot for Azure
• IntelliJ IDEA: Install Azure Toolkit for IntelliJ
• NuGet: dotnet tool install -g Azure.Mcp --version 1.0.0
• npm: npx @azure/mcp@1.0.0
• Docker: docker pull mcr.microsoft.com/azure-mcp:1.0.0

Documentation

• Complete Command Reference
• Authentication Guide
• Troubleshooting
• Contributing Guidelines

Thank You

This release wouldn't have been possible without the contributions from our community, extensive testing from early adopters, and collaboration with the MCP ecosystem. Thank you for your feedback, bug reports, and feature requests that helped shape this stable release.

For a complete history of pre-release changes, see versions 0.9.9 through 0.0.10 below.

0.9.9 (2025-10-24)

Other Changes

• Set telemetry fields for ToolArea and ToolName when "single" mode is used. [#952]
• Added instructions on when to not use azd init [#942]

0.9.8 (2025-10-23)

Added

• Adds unique identifier to MCP tools. [#940]

Changed

• Set telemetry field's for ToolArea and ToolName when "consolidated" mode is used or a server is loaded from registry.json. [#933]

Fixed

• Fixed SKU configuration bug in SQL database create and update commands. [#925]
• Fixed a serialization issue with Foundry tools. [#904]

0.9.7 (2025-10-22)

Changes

• Improved the following tool namespace descriptions for better LLM tool selection, including usage patterns, messaging scenarios, and when not to use their tools:
  • Service Bus [#923]
  • Application Insights [#928]
• Updated the description of the azmcp_appservice_database_add command to decrease ambiguity and increase selection accuracy by LLMs. [#912]

Fixed

• Increased Kusto HttpClient timeout from 100 seconds to 240 seconds to support long-running queries. [#907]
• Provide installation instructions when azd or other registry components are missing. [#926]

0.9.6 (2025-10-21)

Added

• Added instructions to the best practices tool for the GitHub coding agent on how to configure the Azure MCP Server. [#888]

Changed

• Added tool name length validation to ensure all tool names stay within 48 character limit for compatibility with MCP clients. [#881]

Fixed

• Fixed an issue where azmcp_entra_administrator_list was not listing administrators correctly. [#891]
• Fixed an issue where azmcp_sql_server_firewall_rule_list was not listing firewall rules correctly. [#891]
• Fixed an issue preventing the ServerStarted telemetry event from being published. [#905]
• Fixed an issue where MCP tools were missing the 'title' metadata, causing Visual Studio to display raw tool names instead of user-friendly titles. [#898]

0.9.5 (2025-10-20)

Bugs Fixed

• Update the server.json file in the NuGet distribution to match the 2025-09-29 schema version (latest from the MCP Registry). [#870]

Other Changes

• Updated how IsServerCommandInvoked telemetry is captured to more correctly report whether learning or tool call was performed. [#874]

0.9.4 (2025-10-17)

Features Added

• Added a new server startup "consolidated" mode, which groups Azure MCP tools by tasks and actions tools conduct. This can be enabled by using the --consolidated flag. [#784]

Breaking Changes

• Removes the azmcp_ prefix from all commands. [#868]

0.9.3 (2025-10-16)

Changed

• Updated the description of the following Communications commands to decrease ambiguity and increase selection accuracy by LLMs: [#804]
  • azmcp_communication_email_send
  • azmcp_communication_sms_send
• Improved the description of the --enable-insecure-transports server startup option. [#839]

Fixed

• Fixed a bug where user confirmation (elicitation) stopped working between versions 0.8.5 and 0.9.2. [#824]
• Fixed IsServerCommandInvoked always appearing to be true. [#837]
• Fixed ToolName always showing up as the tool area even if an MCP tool was invoked. [#837]

0.9.2 (2025-10-15)

Fixed

• Fixed retained-buffer leaks across services (Kusto, EventGrid, AppLens, Speech, Cosmos, Foundry, NetworkResourceProvider) and tool loaders (BaseToolLoader, ServerToolLoader, NamespaceToolLoader, SingleProxyToolLoader) by disposing JsonDocument/HttpResponseMessage instances and cloning returned JsonElements. (#817)

0.9.1 (2025-10-14)

Fixed

• Fixed an issue where azmcp_sql_db_rename would not work as expected. [#615]

Changed

• MCP server start options are now included in telemetry logs. (#794)
• Updated the description of the following Workbook commands to decrease ambiguity and increase selection accuracy by LLMs: [#787]
  • azmcp_workbook_show
  • azmcp_workbook_update

0.9.0 (2025-10-13)

Added

• Added support for sending an email via Azure Communication Services via the command azmcp_communication_email_send. [#690]
• Added the following Event Hubs commands: [#750]
  • azmcp_eventhubs_consumergroup_update: Create or update a consumer group for an Event Hub.
  • azmcp_eventhubs_consumergroup_get: Get details of a consumer group for an Event Hub
  • azmcp_eventhubs_consumergroup_delete: Delete a consumer group from an Event Hub
  • azmcp_eventhubs_eventhub_update: Create or update an Event Hub within a namespace
  • azmcp_eventhubs_eventhub_get: Get details of an Event Hub within a namespace
  • azmcp_eventhubs_eventhub_delete: Delete an Event Hub from a namespace
  • azmcp_eventhubs_namespace_update: Create or update an Event Hubs namespace
  • azmcp_eventhubs_namespace_delete: Delete an existing Event Hubs namespace.
• Added support for listing Microsoft Foundry (Cognitive Services) resources or getting details of a specific one via the command azmcp_foundry_resource_get. [#762]
• Added support for Azure Monitor Web Tests management operations: [#529]
  • azmcp_monitor_webtests_create: Create a new web test in Azure Monitor
  • azmcp_monitor_webtests_get: Get details for a specific web test
  • azmcp_monitor_webtests_list: List all web tests in a subscription or optionally, within a resource group
  • azmcp_monitor_webtests_update: Update an existing web test in Azure Monitor
• Added the following Azure CLI commands:
  • azmcp_extension_cli_generate: Generate Azure CLI commands based on user intent. [#203]
  • azmcp_extension_cli_install: Get installation instructions for Azure CLI, Azure Developer CLI and Azure Functions Core Tools. [#74]
• Added support for Azure AI Search knowledge bases and knowledge sources commands: [#719]
  • azmcp_search_knowledge_base_list: List knowledge bases defined in an Azure AI Search service.
  • azmcp_search_knowledge_base_retrieve: Execute a retrieval operation using a specified knowledge base with optional multi-turn conversation history.
  • azmcp_search_knowledge_source_list: List knowledge sources defined in an Azure AI Search service.

Changed

• Added more deployment related best practices. [#698]
• Added IsServerCommandInvoked telemetry field indicating that the MCP tool call resulted in a command invocation. [#751]
• Updated the description of the following commands to decrease ambiguity and increase selection accuracy by LLMs:
  • AKS (Azure Kubernetes Service): [#771]
    • azmcp_aks_cluster_get
    • azmcp_aks_nodepool_get
  • Marketplace: [#761]
    • azmcp_marketplace_product_list
  • Storage: [#650]
    • azmcp_storage_account_get
    • azmcp_storage_blob_get
    • azmcp_storage_blob_container_create
    • azmcp_storage_blob_container_get
• Replaced azmcp_redis_cache_list and azmcp_redis_cluster_list with a unified azmcp_redis_list command that lists all Redis resources in a subscription. [#756]
  • Flattened azmcp_redis_cache_accesspolicy_list and azmcp_redis_cluster_database_list into the aforementioned azmcp_redis_list command. [#757]

Fixed

• Fix flow of Activity.Current in telemetry service by changing ITelemetryService's activity calls to synchronous. [#558]

0.8.6 (2025-10-09)

Added

• Added --tool option to start Azure MCP server with only specific tools by name, providing fine-grained control over tool exposure. This option switches server mode to --all automatically. The --namespace and --tool options cannot be used together. [#685]
• Added support for getting ledger entries on Azure Confidential Ledger via the command azmcp_confidentialledger_entries_get. [#705]
• Added support for listing an Azure resource's activity logs via the command azmcp_monitor_activitylog_list. [#720]

Changed

• Unified required parameter validation: null or empty values now always throw ArgumentException with an improved message listing all invalid parameters. Previously this would throw either ArgumentNullException or ArgumentException only for the first invalid value. [#718]
• Telemetry:
  • Added ServerMode telemetry tag to distinguish start-up modes for the MCP server. [#738]
  • Updated ToolArea telemetry field to be populated for namespace (and intent/learn) calls. [#739]

0.8.5 (2025-10-07)

Added

• Added the following OpenAI commands: [#647]
  • azmcp_foundry_openai_chat-completions-create: Create interactive chat completions using Azure OpenAI chat models in Microsoft Foundry.
  • azmcp_foundry_openai_embeddings-create: Generate vector embeddings using Azure OpenAI embedding models in Microsoft Foundry
  • azmcp_foundry_openai_models-list: List all available OpenAI models and deployments in an Azure resource.
• Added support for sending SMS messages via Azure Communication Services with the command azmcp_communication_sms_send. [#473]
• Added support for appending tamper-proof ledger entries backed by TEEs and blockchain-style integrity guarantees in Azure Confidential Ledger via the command azmcp_confidentialledger_entries_append. [#705]
• Added the following Azure Managed Lustre commands:
  • azmcp_azuremanagedlustre_filesystem_subnetsize_validate: Check if the subnet can host the target Azure Managed Lustre SKU and size [#110].
  • azmcp_azuremanagedlustre_filesystem_create: Create an Azure Managed Lustre filesystem. [#50]
  • azmcp_azuremanagedlustre_filesystem_update: Update an Azure Managed Lustre filesystem. [#50]
• Added support for listing all Azure SignalR runtime instances or getting detailed information about a single one via the command azmcp_signalr_runtime_get. [#83]

Changed

• Renamed azmcp_azuremanagedlustre commands to azmcp_managedlustre. [#345]
  • Renamed azmcp_managedlustre_filesystem_required-subnet-size to azmcp_managedlustre_filesystem_subnetsize_ask. [#111]
• Merged the following Azure Kubernetes Service (AKS) tools: [#591]
  • Merged azmcp_aks_cluster_list into azmcp_aks_cluster_get, which can perform both operations based on whether --cluster is passed.
  • Merged azmcp_aks_nodepool_list into azmcp_aks_nodepool_get, which can perform both operations based on whether --nodepool is passed.
• Updated the description of azmcp_bicepschema_get to increase selection accuracy by LLMs. [#649]
• Update the ToolName telemetry field to use the normalized command name when the CommandFactory tool is used. [#716]
• Updated the default tool loading behavior to execute namespace tool calls directly instead of spawning separate child processes for each namespace. [#704]

Fixed

• Improved description of Load Test commands. [#92]
• Fixed an issue where Azure Subscription tools were not available in the default (namespace) server mode. [#634]
• Improved error message for macOS users when interactive browser authentication fails due to broker threading requirements. The error now provides clear guidance to use Azure CLI, Azure PowerShell, or Azure Developer CLI for authentication instead. [#684]
• Added validation for the Cosmos query command azmcp_cosmos_database_container_item_query. [#524]
• Fixed the construction of Azure Resource Graph queries for App Configuration in the FindAppConfigStore method. The name filter is now correctly passed via the additionalFilter parameter instead of tableName, resolving "ExactlyOneStartingOperatorRequired" and "BadRequest" errors when setting key-value pairs. [#670]
• Updated the description of the Monitor tool and corrected the prompt for command azmcp_monitor_healthmodels_entity_gethealth to ensure that the LLM picks up the correct tool. [#630]
• Fixed "BadRequest" error in Azure Container Registry to get a registry, and in EventHubs to get a namespace. [#729]
• Added redundancy in Dockerfile to ensure the azmcp in the Docker image is actually executable. [#732]

0.8.4 (2025-10-02)

Added

• Added support to return metadata when using the azmcp_tool_list command. [#564]
• Added support for returning a list of tool namespaces instead of individual tools when using the azmcp_tool_list command with the --namespaces option. [#496]

Changed

• Merged azmcp_appconfig_kv_list and azmcp_appconfig_kv_show into azmcp_appconfig_kv_get which can handle both listing and filtering key-values and getting a specific key-value. [#505]
• Refactored tool implementation to use Azure Resource Graph queries instead of direct ARM API calls:
  • Grafana [#628]
• Updated the description of the following commands to increase selection accuracy by LLMs:
  • App Deployment: azmcp_deploy_app_logs_get [#640]
  • Kusto: [#666]
    • azmcp_kusto_cluster_get
    • azmcp_kusto_cluster_list
    • azmcp_kusto_database_list
    • azmcp_kusto_query
    • azmcp_kusto_sample
    • azmcp_kusto_table_list
    • azmcp_kusto_table_schema
  • Redis: [#655]
    • azmcp_redis_cache_list
    • azmcp_redis_cluster_list
  • Service Bus: azmcp_servicebus_topic_details [#642]

Fixed

• Fixed the name of the Key Vault Managed HSM settings get command from azmcp_keyvault_admin_get to azmcp_keyvault_admin_settings_get. [#643]
• Removed redundant DI instantiation of MCP server providers, as these are expected to be instantiated by the MCP server discovery mechanism. [#644]
• Fixed App Lens having a runtime error for reflection-based serialization when using native AoT MCP build. [#639]
• Added validation for the PostgreSQL database query command azmcp_postgres_database_query. [#518]

0.8.3 (2025-09-30)

Added

• Added support for Azure Developer CLI (azd) MCP tools when azd CLI is installed locally - [#566]
• Added support to proxy MCP capabilities when child servers leverage sampling or elicitation. [#581]
• Added support for publishing custom events to Event Grid topics via the command azmcp_eventgrid_events_publish. [#514]
• Added support for generating text completions using deployed Azure OpenAI models in Microsoft Foundry via the command azmcp_foundry_openai_create-completion. [#54]
• Added support for speech recognition from an audio file with Azure AI Services Speech via the command azmcp_speech_stt_recognize. [#436]
• Added support for getting the details of an Azure Event Hubs namespace via the command azmcp_eventhubs_namespace_get. [#105]

Changed

• Refactored Authorization implementation to use Azure Resource Graph queries instead of direct ARM API calls. [#607]
• Refactored AppConfig implementation to use Azure Resource Graph queries instead of direct ARM API calls. [#606]
• Fixed the names of the following MySQL and Postgres commands: [#614]
  • azmcp_mysql_server_config_config → azmcp_mysql_server_config_get
  • azmcp_mysql_server_param_param → azmcp_mysql_server_param_get
  • azmcp_mysql_table_schema_schema → azmcp_mysql_table_schema_get
  • azmcp_postgres_server_config_config → azmcp_postgres_server_config_get
  • azmcp_postgres_server_param_param → azmcp_postgres_server_param_get
  • azmcp_postgres_table_schema_schema → azmcp_postgres_table_schema_get
• Updated the description of the following commands to increase selection accuracy by LLMs:
  • Microsoft Foundry: [#599]
    • azmcp_foundry_agents_connect
    • azmcp_foundry_models_deploy
    • azmcp_foundry_models_deployments_list
  • App Lens: azmcp_applens_resource_diagnose [#556]
  • Cloud Architect: azmcp_cloudarchitect_design [#587]
  • Cosmos DB: azmcp_cosmos_database_container_item_query [#625]
  • Event Grid: [#552]
    • azmcp_eventgrid_subscription_list
    • azmcp_eventgrid_topic_list
  • Key Vault: [#608]
    • azmcp_keyvault_certificate_create
    • azmcp_keyvault_certificate_import
    • azmcp_keyvault_certificate_get
    • azmcp_keyvault_certificate_list
    • azmcp_keyvault_key_create
    • azmcp_keyvault_key_get
    • azmcp_keyvault_key_list
    • azmcp_keyvault_secret_create
    • azmcp_keyvault_secret_get
    • azmcp_keyvault_secret_list
  • MySQL: [#614]
    • azmcp_mysql_server_param_set
  • Postgres: [#562]
    • azmcp_postgres_database_query
    • azmcp_postgres_server_param_set
  • Resource Health: [#588]
    • azmcp_resourcehealth_availability-status_get
    • azmcp_resourcehealth_service-health-events_list
  • SQL: [#594]
    • azmcp_sql_db_delete
    • azmcp_sql_db_update
    • azmcp_sql_server_delete
  • Subscriptions: azmcp_subscription_list [#559]

Fixed

• Fixed an issue with the help option (--help) and enabled it across all commands and command groups. [#583]
• Fixed the following issues with Kusto commands:
  • azmcp_kusto_cluster_list and azmcp_kusto_cluster_get now accept the correct parameters expected by the service. [#589]
  • azmcp_kusto_table_schema now returns the correct table schema. [#530]
  • azmcp_kusto_query does not fail when the subscription id in the input query is enclosed in double quotes anymore. [#152]
  • All commands now return enough details in error messages when input parameters are invalid or missing. [#575]

0.8.2 (2025-09-25)

Fixed

• Fixed azmcp_subscription_list to return empty enumerable instead of null when no subscriptions are found. [#508]

0.8.1 (2025-09-23)

Added

• Added support for listing SQL servers in a subscription and resource group via the command azmcp_sql_server_list. [#503]
• Added support for renaming Azure SQL databases within a server while retaining configuration via the azmcp sql db rename command. [#542]
• Added support for Azure App Service database management via the command azmcp_appservice_database_add. [#59]
• Added the following Microsoft Foundry agents commands: [#55]
  • azmcp_foundry_agents_connect: Connect to an agent in a Microsoft Foundry project and query it
  • azmcp_foundry_agents_evaluate: Evaluate a response from an agent by passing query and response inline
  • azmcp_foundry_agents_query_and_evaluate: Connect to an agent in a Microsoft Foundry project, query it, and evaluate the response in one step
• Enhanced AKS managed cluster information with comprehensive properties. [#490]
• Added support retrieving Key Vault Managed HSM account settings via the command azmcp-keyvault-admin-settings-get. [#358]

Changed

• Refactored Kusto service implementation to use Azure Resource Graph queries instead of direct ARM API calls. [#528]
• Updated IAreaSetup API so the area's command tree is returned rather than modifying an existing object. It's also more DI-testing friendly. [#478]
• Updated CommandFactory.GetServiceArea to check for a tool's service area with or without the root azmcp prefix. [#478]
• Breaking: Removed the following Storage tools: [#500]
  • azmcp_storage_blob_batch_set-tier
  • azmcp_storage_datalake_directory_create
  • azmcp_storage_datalake_file-system_list-paths
  • azmcp_storage_queue_message_send
  • azmcp_storage_share_file_list
  • azmcp_storage_table_list
• Breaking: Updated the OpenWorld and Destructive hints for all tools. [#510]

Fixed

• Fixed MCP server hanging on invalid transport arguments. Server now exits gracefully with clear error messages instead of hanging indefinitely. [#511]

0.8.0 (2025-09-18)

Added

• Added the --insecure-disable-elicitation server startup switch. When enabled, the server will bypass user confirmation (elicitation) for tools marked as handling secrets and execute them immediately. This is INSECURE and meant only for controlled automation scenarios (e.g., CI or disposable test environments) because it removes a safety barrier that helps prevent accidental disclosure of sensitive data. [#486]
• Enhanced Azure authentication with targeted credential selection via the AZURE_TOKEN_CREDENTIALS environment variable: [#56]
  • "dev": Development credentials (Visual Studio → Visual Studio Code → Azure CLI → Azure PowerShell → Azure Developer CLI)
  • "prod": Production credentials (Environment → Workload Identity → Managed Identity)
  • Specific credential names (e.g., "AzureCliCredential"): Target only that credential
  • Improved Visual Studio Code credential error handling with proper exception wrapping for credential chaining
  • Replaced custom DefaultAzureCredential implementation with explicit credential chain for better control and transparency
  • For more details, see Controlling Authentication Methods with AZURE_TOKEN_CREDENTIALS
• Added support for updating Azure SQL databases via the command azmcp_sql_db_update. [#488]
• Added support for listing Event Grid subscriptions via the command azmcp_eventgrid_subscription_list. [#364]
• Added support for listing Application Insights code optimization recommendations across components via the command azmcp_applicationinsights_recommendation_list. [#387]
• Errata: The following was announced as part of release 0.7.0, but was not actually included then.
  • Added support for creating and deleting SQL databases via the commands azmcp_sql_db_create and azmcp_sql_db_delete. [#434]
• Restored support for the following Key Vault commands: [#506]
  • azmcp_keyvault_key_get
  • azmcp_keyvault_secret_get

Changed

• Breaking: Redesigned how conditionally required options are handled. Commands now use explicit option registration via extension methods (.AsRequired(), .AsOptional()) instead of legacy patterns (UseResourceGroup(), RequireResourceGroup()). [#452]
• Breaking: Removed support for the AZURE_MCP_INCLUDE_PRODUCTION_CREDENTIALS environment variable. Use AZURE_TOKEN_CREDENTIALS instead for more flexible credential selection. For migration details, see Controlling Authentication Methods with AZURE_TOKEN_CREDENTIALS. [#56]
• Enhanced AKS nodepool information with comprehensive properties. [#454]
• Merged azmcp_appconfig_kv_lock and azmcp_appconfig_kv_unlock into azmcp_appconfig_kv_lock_set which can handle locking or unlocking a key-value based on the --lock parameter. [#485]
• Update azmcp_foundry_models_deploy to use "GenericResource" for deploying models to Azure AI Services. [#456]

0.7.0 (2025-09-16)

Added

• Added support for diagnosing Azure Resources using the App Lens API via the command azmcp_applens_resource_diagnose. [#356]
• Added support for getting a node pool in an AKS managed cluster via the command azmcp_aks_nodepool_get. [#394]
• Added elicitation support. An elicitation request is sent if the tool annotation secret hint is true. [#404]
• Added azmcp_sql_server_create, azmcp_sql_server_delete, azmcp_sql_server_show to support SQL server create, delete, and show commands. [#312]
• Added the support for getting information about Azure Managed Lustre SKUs via the following command azmcp_azuremanagedlustre_filesystem_get_sku_info. [#100]
• azmcp_functionapp_get can now list Function Apps on a resource group level. [#427]

Changed

• Breaking: Merged azmcp_functionapp_list into azmcp_functionapp_get, which can perform both operations based on whether --function-app is passed. [#427]
• Breaking: Removed Azure CLI (az) and Azure Developer CLI (azd) extension tools to reduce complexity and focus on native Azure service operations. [#404].

Fixed

• Marked the secret hint of azmcp_keyvault_secret_create tool to "true". [#430]

0.6.0 (2025-09-11)

Added

• The Azure MCP Server is now also available on NuGet.org [#368]
• Added support for listing node pools in an AKS managed cluster. [#360]

Changed

• To improve performance, packages now ship with trimmed binaries that have unused code and dependencies removed, resulting in significantly smaller file sizes, faster startup times, and reduced memory footprint. Learn more. [#405]
• Merged azmcp_search_index_describe and azmcp_search_index_list into azmcp_search_index_get, which can perform both operations based on whether --index is passed. [#378]
• Merged the following Storage tools: [#376]
  • azmcp_storage_account_details and azmcp_storage_account_list into azmcp_storage_account_get, which supports the behaviors of both tools based on whether --account is passed.
  • azmcp_storage_blob_details and azmcp_storage_blob_list into azmcp_storage_blob_get, which supports the behaviors of both tools based on whether --blob is passed.
  • azmcp_storage_blob_container_details and azmcp_storage_blob_container_list into azmcp_storage_blob_container_get, which supports the behaviors of both tools based on whether --container is passed.
• Updated the descriptions of all Storage tools. [#376]

0.5.13 - 2025-09-10

Added

• Added support for listing all Event Grid topics in a subscription via the command azmcp_eventgrid_topic_list. [#43]
• Added support for retrieving knowledge index schema information in Microsoft Foundry projects via the command azmcp_foundry_knowledge_index_schema. [#41]
• Added support for listing service health events in a subscription via the command azmcp_resourcehealth_service-health-events_list. [#367]

Changed

• Breaking: Updated/removed options for the following commands: [#108]
  • azmcp_storage_account_create: Removed the ability to configure enable-https-traffic-only (always true now), allow-blob-public-access (always false now), and kind (always StorageV2 now).
  • azmcp_storage_blob_container_create: Removed the ability to configure blob-container-public-access (always false now).
  • azmcp_storage_blob_upload: Removed the ability to configure overwrite (always false now).
• Added telemetry to log parameter values for the azmcp_bestpractices_get tool. [#375]
• Updated tool annotations. [#377]

Fixed

• Fixed telemetry bug where "ToolArea" was incorrectly populated with "ToolName". [#346]

0.5.12 - 2025-09-04

Added

• Added azmcp_sql_server_firewall-rule_create and azmcp_sql_server_firewall-rule_delete commands. [#121]
• Added a verb to the namespace name for bestpractices. [#109]
• Added instructions about consumption plan for azure functions deployment best practices. [#218]

Fixed

• Fixed a bug in MySQL query validation logic. [#81]

0.5.11 - 2025-09-02

Fixed

• Fixed VSIX signing [#91]
• Included native packages in build artifacts and pack/release scripts. [#51]

0.5.10 - 2025-08-28

Fixed

• Fixed a bug with telemetry collection related to AppConfig tools. [#44]

0.5.9 - 2025-08-26

Changed

• Updated dependencies to improve .NET Ahead-of-Time (AOT) compilation support:
  • Microsoft.Azure.Cosmos 3.51.0 → Microsoft.Azure.Cosmos.Aot 0.1.1-preview.1. [#37]

0.5.8 - 2025-08-21

Added

• Added support for listing knowledge indexes in Microsoft Foundry projects via the command azmcp_foundry_knowledge_index_list. [#1004]
• Added support for getting details of an Azure Function App via the azmcp_functionapp_get command. [#970]
• Added the following Azure Managed Lustre commands: [#1003]
  • azmcp_azuremanagedlustre_filesystem_list: List available Azure Managed Lustre filesystems.
  • azmcp_azuremanagedlustre_filesystem_required-subnet-size: Returns the number of IP addresses required for a specific SKU and size of Azure Managed Lustre filesystem.
• Added support for designing Azure Cloud Architecture through guided questions via the azmcp_cloudarchitect_design command. [#890]
• Added support for the following Azure MySQL operations: [#855]
  • azmcp_mysql_database_list - List all databases in a MySQL server.
  • azmcp_mysql_database_query - Execute a SELECT query on a MySQL database (non-destructive only).
  • azmcp_mysql_table_list - List all tables in a MySQL database.
  • azmcp_mysql_table_schema_get - Get the schema of a specific table in a MySQL database.
  • azmcp_mysql_server_config_get - Retrieve the configuration of a MySQL server.
  • azmcp_mysql_server_list - List all MySQL servers in a subscription and resource group.
  • azmcp_mysql_server_param_get - Retrieve a specific parameter of a MySQL server.
  • azmcp_mysql_server_param_set - Set a specific parameter of a MySQL server to a specific value.
• Added telemetry for tracking service area when calling tools. [#1024]

Changed

• Standardized Azure Storage command descriptions, option names, and parameter names; cleaned up JSON serialization context. [#1015]
  • Breaking: Renamed the following Storage tool option names for consistency:
    • azmcp_storage_account_create: account-name → account.
    • azmcp_storage_blob_batch_set-tier: blob-names → blobs.
• Introduced BaseAzureResourceService to enable Azure Resource read operations using Azure Resource Graph queries. [#938]
• Refactored SQL service to use Azure Resource Graph instead of direct ARM API calls, removing dependency on Azure.ResourceManager.Sql and improving startup performance. [#938]
• Enhanced BaseAzureService with EscapeKqlString for safe KQL query construction across all Azure services; fixed KQL string escaping in Workbooks queries. [#938]
• Updated to .NET 10 SDK to prepare for .NET tool packing.
• Improved bestpractices and azureterraformbestpractices tool descriptions to work better with VS Code Copilot tool grouping. [#1029]

Fixed

• SQL service tests now use case-insensitive string comparisons for resource type validation. [#938]
• HttpClient service tests now validate NoProxy collection handling correctly (instead of assuming a single string). [#938]

0.5.7 - 2025-08-19

Added

• Added support for the following Azure Deploy and Azure Quota operations: [#626]
  • azmcp_deploy_app_logs_get - Get logs from Azure applications deployed using azd.
  • azmcp_deploy_iac_rules_get - Get Infrastructure as Code rules.
  • azmcp_deploy_pipeline_guidance-get - Get guidance for creating CI/CD pipelines to provision Azure resources and deploy applications.
  • azmcp_deploy_plan_get - Generate deployment plans to construct infrastructure and deploy applications on Azure.
  • azmcp_deploy_architecture_diagram-generate - Generate Azure service architecture diagrams based on application topology.
  • azmcp_quota_region_availability-list - List available Azure regions for specific resource types.
  • azmcp_quota_usage_check - Check Azure resource usage and quota information for specific resource types and regions.
• Added support for listing Azure Function Apps via the azmcp-functionapp-list command. [#863]
• Added support for importing existing certificates into Azure Key Vault via the azmcp-keyvault-certificate-import command. [#968]
• Added support for uploading a local file to an Azure Storage blob via the azmcp-storage-blob-upload command. [#960]
• Added support for the following Azure Service Health operations: [#998]
  • azmcp-resourcehealth-availability-status-get - Get the availability status for a specific resource.
  • azmcp-resourcehealth-availability-status-list - List availability statuses for all resources in a subscription or resource group.
• Added support for listing repositories in Azure Container Registries via the azmcp-acr-registry-repository-list command. [#983]

Changed

• Improved guidance for LLM interactions with Azure MCP server by adding rules around bestpractices tool calling to server instructions. [#1007]

0.5.6 - 2025-08-14

Added

• New VS Code settings to control Azure MCP server startup behavior: [#971]
  • azureMcp.serverMode: choose tool exposure mode — single | namespace (default) | all.
  • azureMcp.readOnly: start the server in read-only mode.
  • azureMcp.enabledServices: added drop down list to select and configure the enabled services.
• Added support for listing Azure Function Apps via the azmcp-functionapp-list command. [#863]
• Added support for getting details about an Azure Storage Account via the azmcp-storage-account-details command. [#934]

Changed

• Centralized handling and validation of the --resource-group option across all commands. [#961]

0.5.5 - 2025-08-12

Added

• Added support for listing Azure Container Registry (ACR) registries in a subscription via the azmcp-acr-registry-list command. [#915]
• Added new Azure Storage commands:
  • azmcp-storage-account-create: Create a new Storage account. [#927]
  • azmcp-storage-queue-message-send: Send a message to a Storage queue. [#794]
  • azmcp-storage-blob-details: Get details about a Storage blob. [#930]
  • azmcp-storage-blob-container-create: Create a new Storage blob container. [#937]
• Bundled the GitHub Copilot for Azure extension as part of the Azure MCP Server extension pack.

Changed

• The azmcp-storage-account-list command now returns account metadata objects instead of plain strings. Each item includes: name, location, kind, skuName, skuTier, hnsEnabled, allowBlobPublicAccess, enableHttpsTrafficOnly. Update scripts to read the name property. The underlying IStorageService.GetStorageAccounts() signature changed from Task<List<string>> to Task<List<StorageAccountInfo>>. [#904]
• Consolidated "AzSubscriptionGuid" telemetry logic into McpRuntime. [#935]

Fixed

• Fixed best practices tool invocation failure when passing "all" action with "general" or "azurefunctions" resources. [#757]
• Updated metadata for CREATE and SET tools to destructive = true. [#773]

0.5.4 - 2025-08-07

Changed

• Improved Azure MCP display name in VS Code from 'azure-mcp-server-ext' to 'Azure MCP' for better user experience in the Configure Tools interface. [#871, #876]
• Updated the description of the following CommandGroups to improve their tool usage by Agents:
  • Azure AI Search [#874]
  • Storage [#879]

Fixed

• Fixed subscription parameter handling across all Azure MCP service methods to consistently use subscription instead of subscriptionId, enabling proper support for both subscription IDs and subscription names. [#877]
• Fixed ToolExecuted telemetry activity being created twice. [#741]

0.5.3 - 2025-08-05

Added

• Added support for providing the --content-type and --tags properties to the azmcp-appconfig-kv-set command. [#459]
• Added filter-path and recursive capabilities to azmcp-storage-datalake-file-system-list-paths. [#770]
• Added support for listing files and directories in Azure File Shares via the azmcp-storage-share-file-list command. This command recursively lists all items in a specified file share directory with metadata including size, last modified date, and content type. [#793]
• Added support for Azure Virtual Desktop with new commands: [#653]
  • azmcp-virtualdesktop-hostpool-list - List all host pools in a subscription
  • azmcp-virtualdesktop-sessionhost-list - List all session hosts in a host pool
  • azmcp-virtualdesktop-sessionhost-usersession-list - List all user sessions on a specific session host
• Added support for creating and publishing DevDeviceId in telemetry. [#810]
• Added caching for Cosmos DB databases and containers. [#813]

Changed

• Parameter Name Changes: Removed unnecessary "-name" suffixes from command parameters across 25+ parameters in 12+ Azure service areas to improve consistency and usability. Users will need to update their command-line usage and scripts. [#853]
  • AppConfig: --account-name → --account
  • Search: --service-name → --service, --index-name → --index
  • Cosmos: --account-name → --account, --database-name → --database, --container-name → --container
  • Kusto: --cluster-name → --cluster, --database-name → --database, --table-name → --table
  • AKS: --cluster-name → --cluster
  • Postgres: --user-name → --user
  • ServiceBus: --queue-name → --queue, --topic-name → --topic
  • Storage: --account-name → --account, --container-name → --container, --table-name → --table, --file-system-name → --file-system, --tier-name → --tier
  • Monitor: --table-name → --table, --model → --health-model, --resource-name → --resource
  • Foundry: --deployment-name → --deployment, --publisher-name → --publisher, --license-name → --license, --sku-name → --sku, --azure-ai-services-name → --azure-ai-services

Fixed

• Fixed an issue where the azmcp-storage-blob-batch-set-tier command did not correctly handle the --tier parameter when setting the access tier for multiple blobs. [#808]

0.5.2 - 2025-07-31

Added

• Added support for batch setting access tier for multiple Azure Storage blobs via the azmcp-storage-blob-batch-set-tier command. This command efficiently changes the storage tier (Hot, Cool, Archive, etc) for multiple blobs simultaneously in a single operation. [#735]
• Added descriptions to all Azure MCP command groups to improve discoverability and usability when running the server with --mode single or --mode namespace. [#791]

Changed

• Removed toast notifications related to Azure MCP server registration and startup instructions.[#785]
• Removed --partner-tenant-id option from azmcp-marketplace-product-get command. [#656]

0.5.1 - 2025-07-29

Added

• Added support for listing SQL databases via the command: azmcp-sql-db-list. [#746]
• Added support for reading AZURE_SUBSCRIPTION_ID from the environment variables if a subscription is not provided. [#533]

0.5.0 - 2025-07-24

Added

• Initial Release