Skip to content
This repository was archived by the owner on Sep 4, 2025. It is now read-only.

Commit f0669c7

Browse files
g2vinayg2vinay
authored
Update TSG with Local Auth 401 issue. (#25)
* update TSG * upate TSG description * update TSG with tracking issue
1 parent e24fdf0 commit f0669c7

File tree

1 file changed

+25
-1
lines changed

1 file changed

+25
-1
lines changed

TROUBLESHOOTING.md

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,8 +72,32 @@ By default, VS Code logs informational, warning, and error level messages. To ge
7272
3. Select the "Events" item.
7373
4. Under the Event Types, examine the events under `Microsoft-Extensions-Logging/*`
7474

75+
## Authentication
76+
77+
### 401 Unauthorized: Local authorization is disbaled.
78+
79+
This error indicates that the targeted resource is configured to disallow access using **Access Keys**, which are currently used by Azure MCP for authentication in certain scenarios.
80+
81+
#### Root Cause
82+
83+
Azure MCP currently relies on **access key-based authentication** for some resources. However, many Azure services (e.g., **Cosmos DB**, **Azure Storage**) can be configured to enforce **Azure Entra ID** (formerly AAD) authentication only, thereby disabling local authorization mechanisms such as:
84+
85+
- Primary or secondary access keys
86+
- Shared access signatures (SAS)
87+
- Connection strings containing embedded keys
88+
89+
When these local authorization methods are disabled, any access attempt from Azure MCP using them will result in a `401 Unauthorized` error.
90+
91+
#### Upcoming Enhancement
92+
93+
Support for **Azure Entra ID-based authentication** in these scenarios is to be added in an upcoming release of Azure MCP. This will allow the MCP server to authenticate using federated identity or managed identity flows.
94+
95+
> ℹ️ **Until Entra ID support is available**, ensure that local authorization is enabled for the target resource being accessed by Azure MCP. The latest status can be tracked in this [issue](https://github.com/Azure/azure-mcp/issues/27)
96+
97+
7598
## Common issues
7699

77100
### Console window is empty when running Azure MCP Server
78101

79-
By default, Azure MCP Server communicates with MCP Clients via standard I/O. Any logs output to standard I/O are subject to interpretation from the MCP Client. See [Logging](#logging) on how to view logs.
102+
By default, Azure MCP Server communicates with MCP Clients via standard I/O. Any logs output to standard I/O are subject to interpretation from the MCP Client. See [Logging](#logging) on how to view logs.
103+

0 commit comments

Comments
 (0)