azure-security
SKILL.md
Azure Security Services
Services
| Service | Use When | MCP Tools | CLI |
|---|---|---|---|
| Key Vault | Secrets, keys, certificates | azure__keyvault |
az keyvault |
| Managed Identity | Credential-free authentication | - | az identity |
| RBAC | Role-based access control | azure__role |
az role |
| Entra ID | Identity and access management | - | az ad |
| Defender | Threat protection, security posture | - | az security |
MCP Server (Preferred)
When Azure MCP is enabled:
Key Vault
azure__keyvaultwith commandkeyvault_list- List Key Vaultsazure__keyvaultwith commandkeyvault_secret_list- List secrets in vaultazure__keyvaultwith commandkeyvault_secret_get- Get secret valueazure__keyvaultwith commandkeyvault_key_list- List keysazure__keyvaultwith commandkeyvault_certificate_list- List certificates
RBAC
azure__rolewith commandrole_assignment_list- List role assignmentsazure__rolewith commandrole_definition_list- List role definitions
If Azure MCP is not enabled: Run /azure:setup or enable via /mcp.
CLI Fallback
# Key Vault
az keyvault list --output table
az keyvault secret list --vault-name VAULT --output table
az keyvault secret show --vault-name VAULT --name SECRET
# RBAC
az role assignment list --output table
az role definition list --output table
# Managed Identity
az identity list --output table
Key Security Principles
- Use managed identities - No credentials to manage
- Apply least privilege - Minimum required permissions
- Enable Key Vault - Never hardcode secrets
- Use private endpoints - No public internet access
- Enable auditing - Log all access
Common RBAC Roles
| Role | Permissions |
|---|---|
| Owner | Full access + assign roles |
| Contributor | Full access, no role assignment |
| Reader | Read-only |
| Key Vault Secrets User | Read secrets only |
| Storage Blob Data Reader | Read blobs only |
Service Details
For deep documentation on specific services:
- Key Vault best practices -> Key Vault documentation
- Managed identity patterns -> Managed identities documentation
- RBAC configuration ->
azure-role-selectorskill or Azure RBAC documentation
Weekly Installs
2
Repository
microsoft/github-copilot-for-azureFirst Seen
Feb 4, 2026
Installed on
mcpjam2
claude-code2
replit2
junie2
windsurf2
zencoder2