Access Your SRE Agent from Any IDE, Terminal, or AI Assistant

Your team is already utilizing an SRE Agent, which monitors your services, understands your architecture, and manages operational tasks. Now, developers can interact with this agent using natural language directly from the tools they rely on daily — like their editor, terminal, or AI assistant. You can check what the agent knows, ask it questions, search its memory, and integrate it into your workflow without switching from your coding environment.

The Azure SRE Agent tools are now available in the Azure MCP Server. The azure/mcp package comes with a comprehensive suite of SRE Agent tools, enabling you to manage your SRE Agents from any MCP-compatible client, such as GitHub Copilot CLI, VS Code Copilot, Cursor, Claude Desktop, or any other agent framework that uses MCP. There’s no need for a separate command-line interface, portal tab, or custom integration code; your SRE Agent is now accessible wherever you’re already working.

This innovation is about connecting with developers on their terms. Your SRE Agent holds valuable insights about your systems — including incident history, architecture details, and operational trends. Now, this expertise is available right in VS Code, your terminal, or any MCP-compatible AI assistant. Just type your question in everyday language, and your agent will respond within your existing workflow. Your SRE Agent transforms from a destination into a seamless part of your daily operations.

This article will guide you through what you can do and how to set it up, using GitHub Copilot CLI as our reference. The same setup can be applied in VS Code Copilot, Claude Desktop, Cursor, and any other MCP-compatible client.

After connecting the Azure MCP Server with Copilot CLI, you can communicate with your SRE Agent infrastructure as easily as you would ask a colleague:

• “Show me my SRE agents in subscription “
• “Create a Kusto connector named prod-logs on agent myagent that points to cluster https://help.kusto.windows.net, database Samples“
• “Search memories on agent myagent for ‘deployment failures'”
• “Pause the nightly scheduled task on agent myagent“
• “Create an architecture plan for a multi-region web app”

The complete set of capabilities can be divided into seven key areas:

1. Manage SRE Agents: List, retrieve, and create Microsoft.App/agents resources in your subscription. Discover the tools available to each agent. Resource groups are automatically determined through Resource Graph.
2. Configure Connectors: Set up and manage Kusto connectors, MCP connectors (for both http and stdio transports), Azure Monitor connectors, and more. These connectors integrate via ARM and show up in Azure portal, just like anything else you create there. MCP connectors automatically use a system-assigned managed identity.
3. Run and Inspect Threads: Create and manage conversation threads, get their details, send messages, and oversee hooks on a thread. This allows you to communicate programmatically with the agent or check its actions in real-time.
4. Schedule Recurring Work: Create, manage, pause, resume, and delete scheduled tasks.
5. Handle Incidents: List ongoing incidents and execute setup commands for PagerDuty and ServiceNow.
6. Knowledge and Prompts: Manage routine prompts like safety rules and standing instructions. Search, upload, and remove memories, as well as access agent documentation by topic.
7. Create Workflows: Generate architecture plans based on requirements. Produce, validate, and apply YAML workflows.

Allowing an AI assistant broad management access to your SRE Agents comes with specific safeguards you should be aware of:

• Destructive Operations Require Confirmation: Any deletion of connectors, hooks, memories, skills, scheduled tasks, or sub-agents requires the explicit --confirm true flag. This ensures you won’t accidentally remove something through an autocompleted command.
• Secured Secrets: Sensitive information such as bearer tokens, API keys, passwords, connection strings, and Authorization headers are removed before reaching your client.
• Sanitised Error Messages: Upstream error responses are scrubbed of sensitive information and shortened before being displayed, preventing any potential leaks through error messages.
• Pinned Data-Plane Calls: All data-plane calls are restricted to *.azuresre.ai. HTTPS is mandatory to avoid server-side request forgery (SSRF); http:// is only permitted for localhost.
• Third-Party Host Restrictions: ServiceNow connectors are limited to .service-now.com and .servicenowservices.com, while PagerDuty subdomains must be valid DNS names.
• Environment-Referenced Secrets for MCP Connectors: Header and environment values for MCP connectors must be referenced using ${env:NAME} syntax. Literal secrets are not accepted, ensuring they never enter the LLM context.

Before you connect anything, ensure you have the following installed and authenticated.

node --version

If you’re not using a current LTS version, please update via nodejs.org or through your package manager. The Azure MCP Server is tested with active Node.js LTS releases.

The MCP server uses DefaultAzureCredential, which retrieves credentials from your az login session. Ensure you have Azure CLI installed and logged in.

Install it here: https://learn.microsoft.com/cli/azure/install-azure-cli

az --version
az login

If you’re working across multiple tenants, run:

az login --tenant <tenant-id>

For multiple subscriptions, set a default one:

az account set --subscription <subscription-id>

To install Copilot CLI, follow the official instructions available here: https://docs.github.com/en/copilot/how-tos/use-copilot-agents/use-copilot-cli

Once installed, launch it and authenticate using your GitHub account.

The Azure MCP Server runs as an npm package (azure/mcp) and can be initiated via npx. The easiest way to set it up is interactively from within Copilot CLI:

/mcp add

Follow the prompts — name it azure, set the command to npx, and provide arguments as -y azure/mcp@latest server start.

Alternatively, you can manually add it to your MCP configuration file (~/.copilot/mcp.json or .copilot/mcp.json in your repository):

{
  "mcpServers": {
    "azure": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "@azure/mcp@latest", "server", "start"]
    }
  }
}

After saving, restart Copilot CLI. On the next launch, npx will fetch azure/mcp and start the server automatically.

If you prefer global installation, use this command:

npm install -g @azure/mcp
azmcp server start

@latest signifies that npx will pull the latest version each time it runs, but it caches aggressively. If you upgrade and an older version is still in operation, run:

npx clear-npx-cache

rm -rf ~/.npm/_npx

Then restart Copilot CLI. To maintain version stability in your environment, pin a specific version like this:

"args": ["-y", "@azure/[email protected]", "server", "start"]

Update the version string when you’re ready to upgrade.

The MCP server doesn’t link to a specific agent; it dynamically discovers agents from your subscription, allowing you to target one per command. Here are two steps to ensure proper access:

You will need two roles assigned to the Microsoft.App/agents resource (or at the resource group or subscription level):

az role assignment create \
  --assignee <your-upn-or-objectid> \
  --role "Reader" \
  --scope /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.App/agents/<agentName>

az role assignment create \
  --assignee <your-upn-or-objectid> \
  --role "SRE Agent Administrator" \
  --scope /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.App/agents/<agentName>

For Windows PowerShell, you can use a single line or backtick continuations instead of \.

From the Copilot CLI, you can simply ask:

“Show me my SRE agents in subscription “

This will display each agent’s name, resource group, and endpoint. Once you’ve gathered this information, you’re ready to proceed.

It’s essential to distinguish between two functional layers:

• Control-Plane (Agents, Connectors): Utilizes Azure Resource Manager at Microsoft.App/agents, API version 2025-05-01-preview. Any resources you create or modify will reflect in the Azure portal.
• Data-Plane (Threads, Memories, Scheduled Tasks, Incidents, Prompts, Skills, Hooks, Docs, Workflows): Communicates through the agent’s endpoint at https://--..azuresre.ai.

The server automatically manages the token audience for the SRE Agent; you won’t need to handle separate credentials for the data plane. Your az login session covers both sides.

Ask Copilot CLI: “Show me my Azure subscriptions” or “List my SRE agents”. If the sreagent_* tools are visible in your tool list and successfully return information, then you’ve established a connection and are using a version containing this release.

If you don’t have an SRE Agent yet, you can set one up in minutes, either through the Azure portal or the CLI. Once connected to your code, logs, and incident sources, it will begin gathering expertise from day one. After adding the Azure MCP Server to your editor, your agent will be just a sentence away in every session.