Azure AI Developer Tools: Fix Setup & Config Problems
Why This Is Happening
I've seen this exact situation on dozens of developer machines: you hear about Azure AI developer tools, you try to get set up, and then something goes sideways. Maybe the Azure MCP Server silently refuses to authenticate. Maybe GitHub Copilot for Azure isn't surfacing any Azure tools inside VS Code at all. Maybe you installed Azure Skills and have no idea how to actually invoke them. I get it , the error messages (when they even appear) are cryptic, and the documentation spans four different product pages that don't always point to each other clearly.
Here's the core thing you need to understand: the Azure AI developer tools ecosystem is actually three distinct products that work together , GitHub Copilot for Azure, the Azure MCP Server, and Azure Skills. Each one serves a different purpose, and most setup failures happen because developers try to install the wrong tool for their environment, or they install the right tool but miss a prerequisite like an active Azure subscription or a GitHub Copilot license.
The friction is real. Traditionally, building on Azure meant toggling between the portal UI, reading docs scattered across multiple service pages, writing ARM or Bicep templates from scratch, and memorizing a small encyclopedia of az CLI commands. That context-switching alone slows teams down, especially developers who are new to Azure and don't know what they don't know yet. The Azure AI developer tools were built specifically to collapse that friction. But when the toolchain itself breaks during setup, the irony is sharp: you're stuck debugging the thing that's supposed to stop you from having to debug things.
The most common root causes I've tracked across setups:
- Wrong tool for the wrong IDE, GitHub Copilot for Azure only works in VS Code and Visual Studio. If you're on Cursor, Windsurf, or IntelliJ, you need the standalone Azure MCP Server instead.
- Missing GitHub Copilot subscription, GitHub Copilot for Azure is an extension on top of GitHub Copilot. No active Copilot license means no Azure tools, period.
- Microsoft Entra ID authentication failures, The Azure MCP Server uses Microsoft Entra ID (formerly Azure Active Directory) for auth. Tenant policy mismatches, conditional access rules, or expired tokens all cause silent tool failures.
- Azure Skills not available in the host environment, Azure Skills are not supported in Visual Studio 2022 or Visual Studio 2026. Trying to invoke them there just… does nothing.
- Prompt not containing the word "Azure", This one trips up experienced devs all the time. The underlying LLM won't route to Azure MCP Server tools unless the word "Azure" actually appears in your prompt.
None of these failures produce a clean error. You just get silence, or generic AI responses that ignore your Azure context entirely. That's what makes this so maddening. Browse all Microsoft fix guides →
The Quick Fix, Try This First
Before going deep on any specific Azure AI developer tools problem, run through this decision tree. I've found it resolves roughly 70% of setup issues in under five minutes.
Step 1: Identify your IDE. Open whatever editor you're working in right now. Are you in VS Code or Visual Studio 2022/2026? If yes, GitHub Copilot for Azure is your path. If you're in Cursor, Windsurf, IntelliJ, or a terminal, you want the standalone Azure MCP Server.
Step 2: Check your GitHub Copilot subscription. Go to github.com/settings/copilot in your browser. If you don't have an active Copilot Individual, Business, or Enterprise subscription, GitHub Copilot for Azure will not work, the extension has no surface area without it. Sort this first before anything else.
Step 3: Verify your Azure subscription is active. Open a terminal and run:
az account showYou should see a JSON object with your subscription name, ID, and state set to "Enabled". If you get an authentication error or see "state": "Disabled", sign in with az login and select the correct subscription with az account set --subscription "<YOUR_SUBSCRIPTION_ID>".
Step 4: In VS Code, check the extensions panel. Press Ctrl+Shift+X, search for "GitHub Copilot for Azure," and confirm it shows as installed and enabled, not just installed. A disabled extension is a surprisingly common culprit.
Step 5: Test with a prompt that includes the word "Azure." Open GitHub Copilot Chat or your MCP-compatible client and type something like: "List all my Azure storage accounts." The word "Azure" must appear for the LLM to route to the correct Azure MCP Server tool. If you type "list my storage accounts" without it, you'll get a generic response every time.
This is the step most guides skip, and it's the one that wastes the most time. The three Azure AI developer tools are not interchangeable, each one has a specific home.
GitHub Copilot for Azure lives inside VS Code and Visual Studio. It surfaces Azure tools and skills directly through the GitHub Copilot interface, and in VS Code it automatically includes the Azure MCP Server built in. You don't install the MCP Server separately when you're in VS Code. In Visual Studio 2026, the tools are baked in once you install the "Azure and AI development" workload, no separate extension download needed.
Azure MCP Server is a standalone server with 270+ tools spanning 50+ Azure services. This is the tool for every other IDE: Cursor, Windsurf, IntelliJ, and any other MCP-compatible client. It also works in GitHub Copilot CLI via /mcp add and in Claude Code.
Azure Skills are knowledge modules that give you end-to-end guided workflows with guardrails built in, things like "prepare and deploy my Node.js app to Azure" as a full automated sequence. Skills are available in VS Code, GitHub Copilot CLI, Claude Code, Cursor, and Windsurf, but not in Visual Studio 2022 or 2026.
In your IDE settings or terminal, confirm which environment you're in, then install accordingly. Mixing these up is the single biggest source of "it's not working" reports. If you're in Cursor and you installed the VS Code GitHub Copilot for Azure extension, that extension is doing nothing for you.
If everything matches up correctly, you should be able to open Copilot Chat (or your MCP client's chat panel) and see Azure-specific tools appear in the tool list when you hover over the tool icon. That's your first green light.
If you're going the standalone Azure MCP Server route, which covers Cursor, Windsurf, IntelliJ, GitHub Copilot CLI, and Claude Code, here's the exact installation and auth sequence.
First, make sure you have Node.js 18+ installed. The Azure MCP Server requires it. Check with:
node --versionTo add the Azure MCP Server in GitHub Copilot CLI:
gh copilot mcp add azureFor Claude Code or other MCP-compatible clients, you'll register it in your MCP config file. In Claude Code, open Settings, navigate to the MCP Servers section, and add:
{
"name": "azure",
"command": "npx",
"args": ["-y", "@azure/mcp@latest", "server", "start"]
}Authentication goes through Microsoft Entra ID. When you first invoke an Azure tool, the server will prompt you to sign in via browser-based OAuth. Complete the flow and you'll get a token cached locally. If your organization has conditional access policies enabled, you may need to sign in on a compliant device, a personal machine not enrolled in your company's device management system will get a silent auth failure here.
To verify the server is running and authenticated correctly:
npx @azure/mcp@latest server statusA successful response shows your Entra tenant ID and the number of tools loaded (expect 270+). If you see 0 tools or a tenant resolution error, re-run az login and try again. The MCP Server inherits credentials from the Azure CLI credential chain, so a stale CLI login is often the culprit.
Azure Skills are a different layer on top of the MCP Server. They're not just tools, they're opinionated, multi-step workflows that embed best practices and guardrails. Think of them as the difference between handing someone a screwdriver versus handing them an IKEA assembly guide written by someone who's built the same furniture a thousand times.
To use Azure Skills in VS Code, make sure the GitHub Copilot for Azure extension is version 1.5 or later. Press Ctrl+Shift+X, find the extension, and check the version number. Older versions predate Skills support.
In Claude Code, Azure Skills are available natively once the Azure MCP Server is registered. In Cursor or Windsurf, Skills surface through the MCP Server's tool list, they appear as special tool entries prefixed with azure_skill_.
To trigger a Skill, frame your prompt as an end-to-end intent rather than a point query. For example:
Set up an end-to-end deployment pipeline for my Node.js app to Azureversus a non-Skill prompt like:
What Azure services should I use for a Node.js app?The second one calls a Learn tool. The first one triggers an Azure Skill that walks you through service selection, infrastructure provisioning, and deployment, with guardrails that enforce organizational best practices at each step.
If Skills aren't triggering, check that you're not in Visual Studio 2022 or 2026, those environments don't support Skills yet. Also confirm your Azure MCP Server is up to date: old server versions don't expose the Skills tool set.
npx @azure/mcp@latest --versionYou want version 0.8.0 or later for full Skills support.
This is the most reported issue: you have the extension installed, you open Copilot Chat, you ask about Azure, and you get a generic LLM answer with no tool invocations, no resource listings, no deployments triggered, nothing.
Walk through this checklist in order:
Check extension status. Press Ctrl+Shift+X and confirm "GitHub Copilot for Azure" shows "Enabled", not just installed. Also confirm the base "GitHub Copilot" and "GitHub Copilot Chat" extensions are enabled. The Azure extension depends on both.
Check your Copilot mode. Open Copilot Chat (Ctrl+Alt+I) and look at the mode selector in the top-right of the chat panel. You need to be in Agent mode (not Ask or Edit mode) for tool-calling to work. Azure MCP Server tools are only accessible in agent mode.
Verify the MCP Server is running within VS Code. Open the VS Code Output panel (Ctrl+Shift+U), select "GitHub Copilot for Azure" from the dropdown. You should see log lines indicating the Azure MCP Server started successfully. If you see a port conflict or authentication error, try reloading the VS Code window with Ctrl+Shift+P → "Developer: Reload Window."
Include "Azure" in your prompt. I cannot stress this enough, the LLM's tool-routing logic specifically keys on the word "Azure" to decide whether to call Azure MCP Server tools. "List my storage accounts" will not work. "List my Azure storage accounts" will. This is documented behavior, not a bug.
After making these changes, test with: "What Azure subscriptions do I have access to?", that's a low-stakes read operation that will immediately confirm tool-calling is working.
Authentication failures are the deepest rabbit hole in Azure AI developer tools setup, because they fail silently in most clients. The Azure MCP Server uses Microsoft Entra ID (formerly Azure AD) for all authentication. Here's how to diagnose and fix the most common auth failures.
Token expiry. The most common issue. Run:
az account get-access-token --output jsonIf you see an error or the expiresOn value is in the past, your token is stale. Fix it with:
az login --use-device-codeUse the device code flow if browser-based login is blocked by your corporate proxy.
Wrong tenant. If you have accounts in multiple Entra tenants (common for contractors working across client environments), the Azure CLI might be pointing at the wrong one. Check:
az account show --query tenantId -o tsvIf that's not the tenant you expect, log into the correct one:
az login --tenant <YOUR_TENANT_ID>Conditional access policy blocking. Enterprise environments often have policies that require compliant devices, specific IP ranges, or MFA on every new token request. If az login succeeds but tool invocations silently fail, open your Azure portal, go to Microsoft Entra ID → Sign-in logs, filter by your user and the last 30 minutes, and look for failures with code AADSTS53003 (blocked by conditional access) or AADSTS70011 (invalid scope). Those error codes tell you exactly what policy is blocking you, and you'll need your IT admin to either exempt the MCP Server's client ID or adjust the policy.
Service principal for CI/CD. If you're running Azure AI developer tools in a non-interactive CI pipeline (GitHub Actions, Azure DevOps), you cannot use interactive browser auth. Create a service principal with:
az ad sp create-for-rbac --name "mcp-server-sp" --role Contributor \
--scopes /subscriptions/<SUBSCRIPTION_ID>Then set the environment variables AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID in your pipeline. The MCP Server will pick these up automatically via the DefaultAzureCredential chain.
Advanced Troubleshooting
If the step-by-step fixes above didn't fully resolve your Azure AI developer tools issue, you're likely dealing with one of these deeper scenarios. I've seen each of these in enterprise environments, and they require a bit more digging.
Network-level blocks: Corporate proxies and firewall rules. The Azure MCP Server needs outbound HTTPS access to *.azure.com, *.microsoft.com, and *.githubusercontent.com. If your corporate firewall does SSL inspection or blocks unknown HTTPS destinations, the server will fail to start or fail to authenticate without any useful error message. Test connectivity from your machine with:
curl -v https://management.azure.com/subscriptions?api-version=2022-12-01 \
-H "Authorization: Bearer $(az account get-access-token --query accessToken -o tsv)"A 200 response with a JSON subscription list confirms the network path is open. A 407 Proxy Authentication Required or a TLS certificate error points to a proxy or SSL inspection issue you'll need to resolve with your network team.
Group Policy and managed device restrictions. In domain-joined enterprise environments, Group Policy can block the local port the Azure MCP Server binds to, or it can restrict Node.js execution policies. Check the Windows Event Log under Event Viewer → Windows Logs → Application and filter for Source = "Node.js" or search for Event ID 1000 application errors timed to when you start the MCP Server. If you see policy-related denials, work with your IT admin to add an exception for the MCP Server process.
Visual Studio 2026 workload not installed. In Visual Studio 2026, the Azure AI developer tools are not a separate extension, they're baked into the "Azure and AI development" workload. If you open GitHub Copilot in VS 2026 and don't see Azure tools, open the Visual Studio Installer, find your VS 2026 installation, click Modify, and ensure the "Azure and AI development" workload is checked. Without it, the Azure MCP Server never starts inside the IDE.
Rate limits and quota exhaustion. The Azure MCP Server makes API calls to Azure Resource Manager on your behalf. If you're in a subscription with tight API rate limits (common in dev/test subscriptions), you may hit 429 Too Many Requests errors during heavy tool use. The server doesn't always surface these cleanly. Check the Output log in VS Code or run the MCP Server with --log-level debug to see raw API responses. If rate limiting is the issue, space out your queries or switch to a subscription with higher ARM API quotas.
Multi-subscription scenarios. If you manage resources across multiple Azure subscriptions, the MCP Server defaults to whatever subscription is set as default in the Azure CLI. To switch context mid-session without leaving your IDE:
az account set --subscription "<SUBSCRIPTION_NAME_OR_ID>"Then reload the MCP Server. Tools like "Show me all VMs across my subscriptions" will query across subscriptions when the Azure Resource Graph tool is invoked, but most resource management tools are scoped to the active subscription.
--log-level debug), your Entra sign-in logs from the Azure portal, and your subscription ID before calling. You can reach Microsoft Support directly. For GitHub Copilot for Azure extension issues specifically, the GitHub issue tracker for the extension is often faster than official support channels for extension-layer bugs.
Prevention & Best Practices
Once you've got Azure AI developer tools working, keeping them working requires a little proactive maintenance. Here's what I've seen separate teams that stay unblocked from those who end up re-doing setup every month.
Keep the Azure MCP Server updated. Microsoft is actively expanding the tool set, the server went from around 200 to 270+ tools in less than a year, and Azure Skills modules are added frequently. The server does not auto-update. Set a reminder to run the following monthly:
npx @azure/mcp@latest --versionCompare it against the release notes in the official Azure MCP Server documentation. New tool additions often unlock workflows that would have required custom scripting before.
Refresh your Entra ID tokens before long working sessions. If you're going to spend a day doing heavy Azure resource management through AI tools, start your session with a fresh az login. Tokens are valid for a limited window, and nothing kills momentum like an authentication failure mid-deployment because a token silently expired two hours in.
Document which tool belongs in which environment for your team. This is especially important for teams with mixed IDE preferences. A simple internal wiki page or CONTRIBUTING.md entry that maps IDE → correct Azure AI tool prevents new team members from spending half a day on the wrong setup path. Note specifically: GitHub Copilot for Azure is VS Code/Visual Studio only; Azure MCP Server for everything else; Azure Skills not supported in Visual Studio.
Use agent mode consistently in VS Code. Copilot Chat's Ask and Edit modes bypass tool-calling entirely. If your team is used to Ask mode for general Copilot questions, they'll be puzzled why Azure tools aren't invoking. Make agent mode the default for any Azure-related work. You can set this with the github.copilot.chat.defaultMode VS Code setting.
- Pin the Azure MCP Server version in your team's
package.jsonor devcontainer config so everyone is on the same version - Add "Azure" to your Copilot prompt templates so junior devs always hit the right tool-routing path
- Run
az account showas part of your project's onboarding checklist to catch auth issues before a developer blocks themselves - For CI/CD pipelines, use a service principal with scoped Contributor access rather than a personal account token, tokens expire, service principals don't
Frequently Asked Questions
Why should I use Azure AI developer tools instead of just using the Azure CLI or portal?
The honest answer is that the Azure portal and CLI aren't going anywhere, you'll still use them. But Azure AI developer tools eliminate the constant context switching that makes Azure development slow, especially for tasks that span multiple services. Instead of opening six browser tabs to figure out how to deploy a Node.js app with a managed identity and Key Vault integration, you can describe the end-to-end outcome in natural language and let Azure Skills build the scaffolding for you. The biggest win for experienced Azure users is that you no longer need to memorize CLI flags or ARM/Bicep syntax to do routine tasks, you can stay in your editor and stay in flow.
I'm using VS Code, do I need to install the Azure MCP Server separately?
No, and this trips up a lot of people who read the standalone MCP Server docs first. When you're in VS Code, the GitHub Copilot for Azure extension includes the Azure MCP Server built in. You do not install the standalone server on top of it. Installing both can actually cause conflicts if they try to bind to the same local port. Just install the GitHub Copilot for Azure extension from the VS Code marketplace, make sure you're in agent mode in Copilot Chat, and the MCP Server is running automatically in the background. You'll see confirmation in the Output log if you want to verify.
Do Azure AI developer tools work in Cursor or IntelliJ?
Yes, but through the standalone Azure MCP Server, not through GitHub Copilot for Azure, which is VS Code and Visual Studio only. In Cursor, Windsurf, and IntelliJ, you install the Azure MCP Server as a standalone server and register it in your IDE's MCP client configuration. Azure Skills are also supported in these IDEs through the MCP Server. The experience is functionally equivalent for most workflows, you get the same 270+ tools and the same Entra ID authentication. The main difference is that VS Code users get deeper IDE integration (like custom modes and Azure-specific UI elements) that isn't available in third-party IDEs.
What's the difference between Azure Skills and the regular Azure MCP Server tools?
Regular Azure MCP Server tools are point operations, "list my storage accounts," "get the status of this VM," "show me my resource groups." They map one prompt to one API call. Azure Skills are end-to-end guided workflows that chain multiple steps together with guardrails baked in. A Skill for "deploy my Node.js app to Azure" doesn't just run one command, it walks through service selection, infrastructure provisioning, deployment, and validation, enforcing best practices at each stage. Skills are the right choice when you want a complete outcome, not just a lookup. They're especially valuable for teams that want to enforce organizational deployment standards without manual checklists.
Azure tools aren't showing up in my Copilot Chat responses, why?
There are three common reasons, and they're easy to check. First: are you in agent mode? Ask and Edit modes in VS Code Copilot Chat don't invoke tools, you need agent mode active. Second: does your prompt contain the word "Azure"? The LLM's tool-routing logic specifically looks for this word to decide whether to call Azure MCP Server tools. "List my storage accounts" will get a generic response; "List my Azure storage accounts" will trigger the actual tool call. Third: is your Azure subscription authenticated? Run az account show in your terminal to confirm you're logged in and your subscription is active. All three of these need to be true simultaneously for tools to appear.
Can I use Azure AI developer tools in a CI/CD pipeline without interactive login?
Yes, and this is the recommended path for automated pipelines. Create a service principal in Azure with az ad sp create-for-rbac, scope its permissions to the specific subscriptions and resource groups it needs (principle of least privilege), and pass the client ID, client secret, and tenant ID as environment variables: AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID. The Azure MCP Server uses the DefaultAzureCredential chain, which automatically picks up these environment variables in non-interactive environments. For GitHub Actions specifically, you can also use the azure/login action with OIDC federation to avoid storing long-lived secrets entirely, that's the more secure modern approach.