Home / MCP Servers
โš™๏ธ

MCP Servers for Security

Model Context Protocol. AI-to-security-tool integration framework

Overview

What is MCP?

The Model Context Protocol (MCP) is an open standard that enables AI assistants to connect with external data sources and tools through a universal interface. In security operations, MCP servers bridge AI models with security platforms, enabling intelligent query, analysis, and response across your entire security ecosystem.

๐Ÿ”—

Connect

Bridge AI models with security tools via a standardized protocol for seamless data exchange
๐Ÿงฉ

Extend

Build custom tools, resources, and prompts that AI assistants can discover and use dynamically
๐Ÿš€

Deploy

Run MCP servers locally or in the cloud with stdio or SSE transport for production readiness
Architecture

How MCP Works

MCP follows a client-server architecture where AI applications (hosts) communicate with MCP servers that expose tools, resources, and prompts through standardised transports.

Architecture Flow
AI Host App
VS Code, Claude, etc.
MCP Client
Built into the host
Sentinel MCP Server
run_kql_query, list_tables, get_incidents
Azure Log Analytics
Sentinel Workspace
VS Code. Host
Copilot Chat
(Model)
stdio
Sentinel MCP Server
TypeScript, isolated
HTTPS + OAuth
Sentinel REST API
MCP Client
Manages lifecycle, routes requests, surfaces consent UI
stdio
Other MCP Servers
git, filesystem, etc.
HTTPS + OAuth
Log Analytics Query API
Building Blocks

MCP Primitives

๐Ÿ› ๏ธ Tools

Executable functions that AI models can invoke. query Sentinel, run KQL, analyze alerts, trigger playbooks, or interact with any security API.

๐Ÿ“‚ Resources

Structured data that AI models can read. threat intelligence feeds, configuration files, incident reports, compliance documents, and log data.

๐Ÿ’ฌ Prompts

Reusable prompt templates with arguments. pre-built investigation workflows, hunting procedures, and analysis frameworks for common security tasks.
Use Cases

Security MCP Use Cases

Sentinel MCP Server

Query Log Analytics workspaces, run KQL hunting queries, manage incidents, and trigger playbooks through AI-driven natural language interactions.

Defender XDR MCP Server

Investigate incidents, run advanced hunting queries, manage alerts, and perform device actions through a unified AI interface.

Threat Intelligence MCP Server

Aggregate threat intelligence from multiple sources, enrich IOCs, and provide contextual threat information to AI-powered SOC workflows.

Compliance MCP Server

Query compliance status, check policy adherence, generate compliance reports, and recommend configurations via Purview integration.
Getting Started

Build Your First MCP Server

Get started with MCP using TypeScript or Python. Here's a minimal example of a security-focused MCP server.

import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";

const server = new McpServer({
  name: "security-mcp",
  version: "1.0.0"
});

// Define a tool for querying security alerts
server.tool(
  "query_alerts",
  "Query security alerts from Microsoft Sentinel",
  {
    severity: z.enum(["High", "Medium", "Low"]).describe("Alert severity"),
    timeRange: z.string().describe("Time range, e.g. '24h', '7d'"),
    limit: z.number().default(10).describe("Max results to return")
  },
  async ({ severity, timeRange, limit }) => {
    // Call Microsoft Graph Security API or Sentinel API
    const alerts = await querySecurityAlerts(severity, timeRange, limit);
    return {
      content: [{ type: "text", text: JSON.stringify(alerts, null, 2) }]
    };
  }
);

const transport = new StdioServerTransport();
await server.connect(transport);
from mcp.server.fastmcp import FastMCP

mcp = FastMCP("security-mcp")

@mcp.tool()
async def query_alerts(
    severity: str,
    time_range: str = "24h",
    limit: int = 10
) -> str:
    """Query security alerts from Microsoft Sentinel.

    Args:
        severity: Alert severity. High, Medium, or Low
        time_range: Time range, e.g. '24h', '7d'
        limit: Maximum results to return
    """
    # Call Microsoft Graph Security API or Sentinel API
    alerts = await query_security_alerts(severity, time_range, limit)
    return json.dumps(alerts, indent=2)

@mcp.resource("sentinel://incidents/{incident_id}")
async def get_incident(incident_id: str) -> str:
    """Retrieve a specific Sentinel incident by ID."""
    incident = await fetch_incident(incident_id)
    return json.dumps(incident, indent=2)

if __name__ == "__main__":
    mcp.run()
Hands-on Labs

MCP Server Labs

Build real MCP servers from scratch. implement security tools, deploy to production, and create multi-server AI agents for enterprise SOC operations.

01
Beginnerโฑ 90 min ยท 10 steps

Build a Sentinel MCP Server with KQL Tools

Scaffold a TypeScript MCP server project, implement tools for running KQL queries against a Sentinel workspace, add Azure AD authentication with MSAL, test interactively with the MCP Inspector, and connect the server to Claude Desktop for natural-language querying.
02
Intermediateโฑ 120 min ยท 14 steps

Create a Defender XDR MCP Server

Build an MCP server exposing Defender XDR incident management and advanced hunting capabilities, implement Zod input validation and structured error handling, add resource endpoints for security baselines and device inventory, and configure multi-user access with scoped permissions.
03
Intermediateโฑ 120 min ยท 14 steps

Deploy MCP Servers with SSE Transport in Azure

Containerize your MCP server with Docker, deploy to Azure Container Apps with managed identity, configure SSE transport with token-based authentication, set up Azure Monitor health checks and structured logging, and integrate with a production AI application.
04
Advancedโฑ 180 min ยท 22 steps

Build a Multi-Server Security AI Agent

Create an AI agent that connects to Sentinel, XDR, and Threat Intelligence MCP servers simultaneously, implement cross-server correlation logic for unified investigations, build automated triage workflows that span multiple security products, and deploy as an enterprise-ready security copilot.
Scripts

MCP Scripts

Ready-to-run PowerShell scripts for lab simulations. View all scripts โ†’

ScriptDescriptionLevelParameters
New-MCPServerProject.ps1Scaffold MCP server project with TypeScript, tools, and client configBeginner-ProjectName, -Template [Sentinel|XDR|Blank]
Deploy-MCPServerAzure.ps1Deploy to Azure Container Apps with SSE transport and managed identityIntermediate-Action [Build|Deploy|Status|Cleanup]
Test-MCPServer.ps1Test & validate: MCP Inspector, smoke tests, SSE, Azure AD authIntermediate-Action [Inspector|SmokeTest|TestSSE|TestAuth]
Learn

MCP Resources

๐Ÿ“˜
MCP Specification
Official Model Context Protocol specification and docs
๐Ÿ™
MCP GitHub
Official MCP repositories. SDKs, examples, and servers
๐Ÿ“ฆ
TypeScript SDK
Official MCP TypeScript/Node.js SDK package
๐Ÿ
Python SDK
Official MCP Python SDK package
FAQ

MCP Servers FAQ

What is the Model Context Protocol (MCP)?

MCP is an open standard created by Anthropic that enables AI assistants to connect with external tools, data sources, and APIs through a universal client-server interface:

  • Problem it solves: Every AI tool integration previously required custom code, unique APIs, and platform-specific adapters. MCP provides one standard protocol that works across any AI host (Claude, VS Code Copilot, custom agents).
  • Architecture: AI Host App → MCP Client (built into the host) → MCP Server (your code) → External System (Azure APIs, databases, etc.)
  • Three primitives: Tools (functions the AI can call), Resources (data the AI can read), and Prompts (reusable templates the AI can use)
  • Security context: MCP servers for security enable AI agents to run KQL queries, manage Sentinel incidents, investigate Defender XDR alerts, and perform threat intelligence lookups. all through natural language.

Think of MCP as "USB for AI". a plug-and-play standard that lets any AI model connect to any tool without custom integration code.

MCP Introduction

What transport protocols does MCP support?

MCP supports two transport mechanisms for client-server communication:

  • stdio (Standard I/O): The client launches the server as a child process and communicates via stdin/stdout. Best for local servers running on the same machine as the AI host (e.g., Claude Desktop, VS Code). Zero network configuration needed. The host manages the server lifecycle (start, stop, restart).
  • SSE (Server-Sent Events): The server runs as an HTTP service, and the client connects via an SSE endpoint. Best for remote/cloud servers deployed on Azure Container Apps, AWS, or any HTTP-capable hosting. Supports multiple concurrent clients and is the production deployment model.

When to use which:

  • Development and personal use: stdio (simpler, self-contained)
  • Team deployment: SSE (centralised server, shared access, managed identity for Azure AD auth)
  • Production at scale: SSE behind Azure Container Apps with auto-scaling and monitoring

MCP Transports

What programming languages can I use to build MCP servers?

MCP is language-agnostic, but official SDKs accelerate development:

  • TypeScript/JavaScript (official SDK): @modelcontextprotocol/sdk. the most mature SDK with full support for tools, resources, prompts, and both stdio/SSE transports. Recommended for production servers.
  • Python (official SDK): mcp package. full-featured Python SDK with async support. Excellent for security teams already using Python for automation scripts.
  • Community SDKs: Rust, Go, Java, C#, Ruby, and Kotlin SDKs built by the community with varying completeness
  • Any language: MCP uses JSON-RPC 2.0 over stdio or HTTP. Any language that can read/write JSON and handle stdin/stdout or HTTP can implement an MCP server from scratch.

For security MCP servers, TypeScript is recommended: it has the best SDK, strong typing with Zod validation, and seamless integration with Azure SDKs (@azure/identity, @azure/monitor-query).

MCP Architecture

How do MCP servers differ from REST APIs?

While both expose functionality over a protocol, MCP servers are designed specifically for AI consumption:

  • Dynamic discovery: REST APIs require documentation and hardcoded endpoints. MCP servers expose their capabilities through a list_tools call. the AI client dynamically discovers available tools, their parameters, and descriptions at runtime.
  • Semantic descriptions: Each MCP tool includes a natural-language description that helps the AI model understand when to use it and what it does. REST APIs rely on external docs.
  • Typed parameters with validation: MCP uses JSON Schema (via Zod in TypeScript) for input validation. The AI knows exactly what parameters are required, their types, and constraints before calling.
  • Bidirectional context: MCP supports resources (data the AI can pull) and prompts (templates the AI can use) in addition to tools. providing richer context than a simple request-response API.
  • Lifecycle management: The MCP client manages server lifecycle (connect, disconnect, reconnect). something REST APIs don't handle.

In practice: a REST API says "here's an endpoint, figure out how to call it." An MCP server says "I can run KQL queries. Give me a query string and a workspace ID, and I'll return the results."

MCP Tools

Can I deploy MCP servers to production?

Yes. MCP servers can be containerised and deployed to any cloud platform for production use:

  • Azure Container Apps (recommended): Serverless containerised hosting with auto-scaling, managed identity for Azure AD authentication, built-in TLS, and Application Insights monitoring. SSE transport works natively.
  • Docker anywhere: Build a Dockerfile for your MCP server and deploy to any container orchestrator: Azure Kubernetes Service, AWS ECS/Fargate, Google Cloud Run, or self-hosted Docker.
  • Authentication: Use Azure Managed Identity (for Container Apps) or MSAL client credentials flow for secure token acquisition. Never embed secrets in the server code.
  • Monitoring: Integrate with Application Insights for request tracing, error tracking, and performance monitoring. Log all tool invocations for audit compliance.
  • Multi-user access: SSE servers support multiple concurrent clients. Use token-based authentication to identify users and enforce RBAC on tool access.

Production checklist: HTTPS only, managed identity, health check endpoint, structured logging, rate limiting, input validation on all tool parameters, and automated deployment via CI/CD.

Production deployment

How do I test MCP servers during development?

MCP provides several testing tools and approaches:

  • MCP Inspector: A browser-based debugging tool (npx @modelcontextprotocol/inspector) that connects to your server and lets you interactively call tools, view resources, and test prompts with a visual UI. Essential for development.
  • Claude Desktop: Configure your local MCP server in Claude Desktop's config file for end-to-end testing with a real AI model. Validates that the AI correctly discovers and invokes your tools.
  • VS Code MCP support: VS Code with GitHub Copilot supports MCP servers natively. Add your server to .vscode/mcp.json and test through Copilot Chat.
  • Unit tests: Test individual tool handlers directly by calling them with mock inputs. The TypeScript SDK provides test utilities for this.
  • Smoke tests: Verify server startup, tool listing, and basic invocations in CI/CD pipelines before deployment.

Development workflow: code → test with MCP Inspector → validate with Claude Desktop or VS Code → deploy to Container Apps → test SSE endpoint.

MCP Inspector