Ejento AI
GuidesQuickstart
RecipesREST APIsRelease NotesFAQs
GuidesQuickstart
RecipesREST APIsRelease NotesFAQs
Ejento AI
  1. MCP Servers
  • How to Setup Ejento on Azure
  • Prerequisites
  • Deployment on Azure
  • Setup After Deployment
    • Custom Domain Set Up
    • Microsoft SSO Authentication
    • Okta SSO Authentication
    • SharePoint Connection Set Up
    • Developer API Set Up
  • MCP Servers
    • Slack
    • Jira
    • Azure
    • Snowflake
  • Overview
    • Azure Resources
GuidesQuickstart
RecipesREST APIsRelease NotesFAQs
GuidesQuickstart
RecipesREST APIsRelease NotesFAQs
Ejento AI
  1. MCP Servers

Azure

Azure MCP Server Setup Guide#

1. Azure AI Search Configuration#

Azure AI Search is a cloud search service that provides APIs and tools for building search capabilities. When connected to the Azure MCP Server, you can query and manage search indexes using natural language prompts.

1.1 Network Configuration#

Since Azure AI Search resources are typically configured with public access, no private network configuration is required. The service can be accessed directly through its public endpoint.

1.2 Enable System-Assigned Managed Identity#

Before configuring permissions, you need to enable the system-assigned managed identity on your Azure AI Search service. This identity will be used by the search service to authenticate with other Azure resources like Azure Blob Storage.
Note: This step is required for the search service to access blob storage and other data sources, not specifically for MCP Server connectivity. We are assuming that querying an index yield results.
Steps to enable:
1.
Navigate to your Azure AI Search service in the Azure Portal
2.
Go to Settings > Identity
3.
Under System assigned tab, set Status to On
4.
Navigate to Storage account
5.
Go to Access Control (IAM) > Add role assignment
6.
Select Storage Blob Data Contributor and assign it to your search service
7.
Click Save

1.3 Configure API Access Control#

Even with the correct RBAC roles, Azure AI Search can be configured to ignore them in favor of API keys.
The Issue: If the service is set to "API keys only," your RBAC permissions won't be recognized for requests.
The Fix:
1.
In the Azure Portal, navigate to your Azure AI Search service (e.g., srch-dev-westus-001)
2.
Go to Settings > Keys
3.
Check the API access control tab
4.
Ensure it is set to Both (API keys and role-based access control) or Role-based access control
Note: This step is critical for the MCP Server to authenticate using its managed identity rather than API keys.

1.4 Configure IAM Permissions for MCP Server#

The Azure MCP Server requires specific role assignments to interact with your Azure AI Search service. You need to grant the MCP Server's service principal the appropriate permissions.
Required Role Assignments:
RolePurpose
Search Index Data ContributorAllows reading and writing index data
Search Index Data ReaderAllows reading index data and querying
Search Service ContributorAllows management operations like viewing indexes and service details
Steps to assign roles:
1.
Navigate to your Azure AI Search service in the Azure Portal
2.
Click on Access control (IAM) in the left navigation menu
3.
Click + Add and select Add role assignment
4.
Search for and select one of the required roles (e.g., Search Index Data Reader)
5.
Click Next to go to the Members tab
6.
Select User, group, or service principal as the identity type
7.
Click + Select members
8.
In the members panel, search for service principal associated with the MCP Server
9.
Select the MCP Server service principal (it will have a GUID in its ID)
10.
Click Select
11.
Click Review + assign and then assign again to confirm
12.
Repeat steps 3-11 for each required role

1.5 Verify Configuration#

After assigning the roles, you can verify the configuration by checking the Role assignments tab in Access control (IAM). You should see the MCPServer service principal listed under the assigned roles.

1.6 Querying Azure AI Search Indexes#

The Azure MCP Server currently supports querying existing indexes. You can use natural language prompts to retrieve information from your search indexes.
Supported Operations:
OperationDescription
Get Index DetailsView schema, fields, analyzers, and scoring profiles
Query IndexExecute search queries against index data
Example Prompts:
Get Index Details:
Show me details of the 'products' index in my 'mysearchservice' service.
What fields are in the 'users' index in service 'mysearchservice'?
Describe the schema for 'documents' index in search service 'mysearchservice'.
Query Index:
Search for 'machine learning' in the 'documents' index of my 'my-search-service' service.
Sample data talking about 'ML' or 'AI' or 'data science' in index 'documents' and tell me what they talk about.
Search my 'content' index in 'my-search-service' for anything mentioning 'climate change'.
Required Parameters:
Service: The name of your Azure AI Search service (required)
Index: The name of the search index (optional for listing, required for querying)
Query: The search terms to execute (required for query operations)
Pro Tip: Adding a custom instruction in this format will increase likelihood of getting better quality responses:
"For azure search related, always assume:
parameters": { "service": "srch-ejento-mcp-eastus-001", "index": "knowledgesource-1770147076153-index", "query": "{}" }"

2. Azure Cosmos DB Configuration#

Azure Cosmos DB is a fully managed NoSQL database service. When connected to the Azure MCP Server, you can query databases, list containers, and retrieve data using natural language prompts.

2.1 Network Configuration#

Important: Network configuration is only required if your Cosmos DB account has network access restrictions enabled (e.g., Selected networks or Private endpoint configurations). If your Cosmos DB account is configured for public access from all networks, you can skip this section.
If your Cosmos DB account has restricted network access, you need to allow the Azure MCP Server to communicate with it by adding the webapp hosting the MCP Server's virtual network to the Cosmos DB firewall.
Steps to configure network access:
1.
Navigate to your Cosmos DB account in the Azure Portal
2.
Go to Settings > Networking
3.
Under the Public access tab, ensure Selected networks is chosen
4.
In the Virtual networks section, click + Add existing virtual network
5.
Select the same virtual network and subnet where your Azure MCP Server web app is deployed
To find this: Navigate to your MCP Server web app > Networking > Virtual network integration
Note the virtual network name and subnet
mcpwebappnetworking.png
6.
Click Enable to add the virtual network
cosmosdbnetworking.png
7.
Click Save to apply the changes
Note: This configuration allows the MCP Server web app to communicate with Cosmos DB through the private virtual network, bypassing public internet access restrictions.

2.2 Configure IAM Permissions for MCP Server#

The Azure MCP Server requires specific role assignments to interact with your Cosmos DB account.
Required Role Assignment:
RolePurpose
Cosmos DB Account Reader RoleAllows reading account metadata, databases, and containers
DocumentDB Account ContributorAllows querying data and managing account resources
Steps to assign roles:
1.
Navigate to your Cosmos DB account in the Azure Portal
2.
Click on Access control (IAM) in the left navigation menu
3.
Click + Add and select Add role assignment
4.
Search for and select Cosmos DB Account Reader Role
5.
Click Next to go to the Members tab
6.
Select Managed identity as the identity type
7.
Click + Select members
8.
Search for and select the MCPServer service principal
9.
Click Select
10.
Click Review + assign and then assign again to confirm
11.
Repeat for DocumentDB Account Contributor role

2.3 Querying Azure Cosmos DB#

The Azure MCP Server supports various operations for managing and querying Cosmos DB resources using natural language prompts.
Supported Operations:
OperationDescription
List AccountsView all Cosmos DB accounts in subscription
List DatabasesView all databases within a Cosmos DB account
List ContainersView all containers within a database
Query ContainerExecute SQL queries against container data
Example Prompts:
List Accounts:
List all my Cosmos DB accounts in my subscription.
What Cosmos DB accounts do I have?
List Databases:
Show me all databases in my 'mycosmosaccount' Cosmos DB account.
What databases do I have in Cosmos DB account 'cosmosdb-prod'?
List Containers:
Show me all containers in database 'products' in my 'mycosmosaccount' Cosmos DB account.
What containers do I have in the 'users' database?
Query Container:
Query all orders placed after January 1, 2025 from the 'orders' container in database 'sales'.
Find all products with price less than $50 in the 'products' container.
Count how many orders we have by status in the 'orders' container.
Query Format Guidelines:
When querying Cosmos DB containers, your prompts should clearly specify:
The account name (e.g., 'mycosmosaccount')
The database name (e.g., 'sales', 'products')
The container name (e.g., 'orders', 'users')
The query conditions in natural language (e.g., 'where price is less than 50', 'placed after January 1')
Note: The MCP Server will translate your natural language query into the appropriate Cosmos DB SQL query syntax automatically.
Pro Tip: Adding a custom instruction in this format will increase likelihood of getting better quality responses:
"For cosmos related responses, always assume:
parameters': {'subscription': {subscription_id}, 'account': 'cosmosdb-ejento-mcp-eastus001', 'database': 'SampleDB', 'container': 'SampleContainer'}"

3. Troubleshooting#

Common issues and their solutions when connecting Azure resources to the MCP Server.

3.1 Permission Errors#

Symptom:
Error messages indicating insufficient permissions or authorization failures.
Solution:
Verify that all required role assignments are in place in IAM
Confirm the MCPServer service principal is selected, not a user account
Wait 5-10 minutes for role assignments to propagate through Azure

3.2 Network Connectivity Issues (Cosmos DB)#

Symptom:
Timeout errors or connection refused messages when accessing Cosmos DB.
Solution:
Verify the Cosmos DB network settings allow the MCP Server's virtual network
Confirm the virtual network configuration matches between the web app and Cosmos DB
If using public access, ensure 'Allow access from Azure Portal' is enabled for testing

3.3 Search Service Identity Not Enabled#

Symptom:
Search service cannot access blob storage or other data sources.
Solution:
Navigate to the Azure AI Search service > Identity
Ensure System assigned managed identity Status is set to On
Grant this identity appropriate roles on blob storage or other data sources

3.4 Query Syntax Issues#

Symptom:
Queries return unexpected results or error messages about query format.
Solution:
Ensure your prompts include all required information (service/account, index/database, container)
Use clear, specific language describing what you want to query
For Cosmos DB, structure queries as natural language conditions (e.g., 'where price is greater than 100')
For AI Search, use search terms and keywords rather than SQL syntax

4. Next Steps#

After completing the configuration steps in this guide, you should be able to:
Query Azure AI Search indexes using natural language prompts
Retrieve schema and field information from search indexes
List and query Cosmos DB accounts, databases, and containers
Execute data queries against Cosmos DB using conversational prompts
For additional help and documentation, refer to the Azure MCP Server documentation.
Previous
Jira
Next
Snowflake