Azure Security Services including Key Vault, Managed Identity, RBAC, Entra ID, and Defender. Provides secrets management, credential-free authentication, role-based access control, and threat protection.
View on GitHubmicrosoft/GitHub-Copilot-for-Azure
azure
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/microsoft/GitHub-Copilot-for-Azure/blob/main/plugin/skills/azure-security/SKILL.md -a claude-code --skill azure-securityInstallation paths:
.claude/skills/azure-security/# Azure Security Services ## Services | Service | Use When | MCP Tools | CLI | |---------|----------|-----------|-----| | Key Vault | Secrets, keys, certificates | `azure__keyvault` | `az keyvault` | | Managed Identity | Credential-free authentication | - | `az identity` | | RBAC | Role-based access control | `azure__role` | `az role` | | Entra ID | Identity and access management | - | `az ad` | | Defender | Threat protection, security posture | - | `az security` | ## MCP Server (Preferred) When Azure MCP is enabled: ### Key Vault - `azure__keyvault` with command `keyvault_list` - List Key Vaults - `azure__keyvault` with command `keyvault_secret_list` - List secrets in vault - `azure__keyvault` with command `keyvault_secret_get` - Get secret value - `azure__keyvault` with command `keyvault_key_list` - List keys - `azure__keyvault` with command `keyvault_certificate_list` - List certificates ### RBAC - `azure__role` with command `role_assignment_list` - List role assignments - `azure__role` with command `role_definition_list` - List role definitions **If Azure MCP is not enabled:** Run `/azure:setup` or enable via `/mcp`. ## CLI Fallback ```bash # Key Vault az keyvault list --output table az keyvault secret list --vault-name VAULT --output table az keyvault secret show --vault-name VAULT --name SECRET # RBAC az role assignment list --output table az role definition list --output table # Managed Identity az identity list --output table ``` ## Key Security Principles 1. **Use managed identities** - No credentials to manage 2. **Apply least privilege** - Minimum required permissions 3. **Enable Key Vault** - Never hardcode secrets 4. **Use private endpoints** - No public internet access 5. **Enable auditing** - Log all access ## Common RBAC Roles | Role | Permissions | |------|-------------| | Owner | Full access + assign roles | | Contributor | Full access, no role assignment | | Reader | Read-only | | Key Vault Secrets User | Read secrets only | | Stora