mcp
mcp copied to clipboard
microsoft
[BESTPRACTICES] Get Azure Policy info to increase deployment success
Description: We need the ability to incorporate Azure Policy information whenever best practice tools or deployment tools are invoked. The goal is to proactively prevent deployment failures by ensuring that infrastructure-as-code and related automation respect the organization’s defined Azure policies.
- Azure Policies often define critical constraints and requirements for resources, security, compliance, and configuration within a tenant.
- Deployment failures can occur when these policies are not considered during planning or execution, leading to wasted cycles and delayed releases.
- By integrating policy awareness, tools can surface relevant policy details, validate planned changes against policy requirements, and provide actionable feedback before deployment begins.
- This feature should support dynamic retrieval of policy assignments and definitions, ideally scoped to the target environment or resource group.
- It should work seamlessly with both best practice recommendation flows and deployment automation, ensuring that all generated plans and actions are policy-compliant.
New tool or enhance existing tools?
- A new tool may be more flexible, giving the LLM the ability to call it as needed, but it adds yet another tool to our very long list and risks not ever being called.
- Enhancing existing tools reduces the number of tool calls the LLM needs to make and can help ensure that the information is always included when a particular tool deems it relevant. However, it prevents the LLM from being able to call the tool ad-hoc and will potentially require a number of existing tools to be updated.
References
- https://ms.portal.azure.com/#view/Microsoft_Azure_Policy/PolicyMenuBlade/~/Assignments
- Policies can be queried via Azure Resource Graph (ARG)
Adding @JasonYeMSFT to help with policy tool for deployment best practices
@msalaman - let me know if you have any questions - I'm happy to chat about this.