Azure cloud networking -- VNets, NSGs, ExpressRoute, VPN Gateways, Azure Firewalls, Load Balancers, Application Gateways, Route Tables, Network Watcher, Private Endpoints, DNS zones. Use when auditing Azure VNets, troubleshooting hybrid connectivity (ExpressRoute/VPN), checking NSG rules, inspecting firewall policies, or analyzing load balancer health.
python mcp-servers/azure-network-mcp/azure_network_mcp_server.py (stdio transport)AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID| Tool | What It Does |
|---|---|
azure_list_subscriptions | List all accessible Azure subscriptions |
| Tool | What It Does |
|---|---|
azure_list_vnets | List all VNets with address space, subnet/peering count |
azure_get_vnet_details | Full VNet details: subnets (NSG, route table, delegations), peerings, DNS |
azure_get_vnet_peerings | VNet peering status with traffic forwarding settings |
| Tool | What It Does |
|---|---|
azure_list_nsgs | List all NSGs with association info and orphan detection |
azure_get_nsg_rules | All rules (custom + default) sorted by priority |
azure_get_effective_security_rules | Effective aggregated rules for a NIC |
| Tool | What It Does |
|---|---|
azure_audit_nsg_compliance | CIS Azure Foundations Benchmark audit (rules 6.1-6.4) |
| Tool | What It Does |
|---|---|
azure_get_expressroute_status | Circuit status, peering config, provisioning state |
azure_get_expressroute_routes | Learned route table for a peering |
| Tool | What It Does |
|---|---|
azure_get_vpn_gateway_status | Gateway config, connections, BGP settings |
| Tool | What It Does |
|---|---|
azure_list_firewalls | List Azure Firewalls with SKU and policy association |
azure_get_firewall_policy | Policy details: rule collections, threat intel, IDPS |
| Tool | What It Does |
|---|---|
azure_list_load_balancers | List LBs with frontend/backend/probe summary |
azure_get_lb_backend_health | Backend pool health per member |
| Tool | What It Does |
|---|---|
azure_get_app_gateway_health | App GW config, WAF, backend health; Front Door routing |
| Tool | What It Does |
|---|---|
azure_get_route_tables | Route tables, UDRs, effective routes for a NIC |
azure_get_network_watcher_status | Network Watcher availability, connection monitors, flow logs |
azure_get_private_endpoints | Private Endpoints with DNS zone associations |
azure_get_dns_zones | DNS zones (public/private) and record sets |
When asked "show me our Azure network" or "audit Azure VNets":
azure_list_subscriptions -- discover available subscriptionsazure_list_vnets -- get all VNets in the target subscriptionazure_get_vnet_details -- subnets, peerings, DNS, NSGsazure_get_vnet_peerings -- check peering state (Connected/Disconnected)When asked "check ExpressRoute status" or "is the VPN tunnel up":
azure_get_expressroute_status -- circuit provisioning, peering stateazure_get_expressroute_routes -- verify learned routes from on-premazure_get_vpn_gateway_status -- VPN connection status, BGP peersWhen asked "audit NSG rules" or "check security posture":
azure_audit_nsg_compliance -- run CIS benchmark against all NSGsazure_list_nsgs -- identify orphaned NSGsazure_get_nsg_rules -- review offending rulesazure_get_effective_security_rules -- verify effective rules on critical NICs| Variable | Required | Description |
|---|---|---|
AZURE_TENANT_ID | Yes | Azure AD tenant ID |
AZURE_CLIENT_ID | Yes | Service principal client ID |
AZURE_CLIENT_SECRET | Yes | Service principal secret |
AZURE_SUBSCRIPTION_ID | Yes | Default subscription |