Feature request: Incorporate Security Best Practices into Azure MCP Server’s Best Practices Tool

[msmbaldwin]

I'm the Azure Security Lead in the Learn organization, and am leading an effort to create “Secure your Service” articles. Some examples of published articles are:

• Secure your Key Vault
• Secure Azure DevOps
• Secure Azure Cloud HSM

We’d like to start a discussion about incorporating security best practices into the Azure MCP Server’s Best Practices tool so that customers can get security guidance alongside deployment guidance. This would help customers follow recommended security patterns when provisioning services. The security best practices could be interwoven with general best practices or kept distinct (perhaps via a separate call or parameter)

I already maintain https://github.com/msmbaldwin/security-horizontal-copilot, which uses the Learn MCP server to generate these articles based on best practices in Microsoft Docs. Incorporating this functionality into Azure MCP Server might be a better way to scale this.

Relatedly, the Microsoft Cloud Security Benchmark (MCSB) teams plans to release a v2 next week. This could serve as another source of security best practices.

Lastly, we have an SFI Pattern and Practices library at https://learn.microsoft.com/en-us/security/zero-trust/sfi/phishing-resistant-mfa, which is also publishing security best practices.

Thanks!

[joshfree]

Thanks for reaching out @msmbaldwin -- we'd love to have a discussion with you about this. @fanyang-mono and @charris-msft are the right folks to chat with. I'll let the three of you take it from here

[msmbaldwin]

Thanks, @joshfree!

[joshfree]

@msmbaldwin there's a link here from the onboarding issue template: https://aka.ms/azmcp/intake which has more details like our teams server if you want to chat off github

[fanyang-mono]

@msmbaldwin and I have briefly chatted about this at the end of September. I will work with him to get the content in the bestpractices tool.