This repository was archived by the owner on Sep 4, 2025. It is now read-only.
Unable to Authenticate Azure MCP Server to PME Azure Subscription from Non-SAW DeviceΒ #903
Closed as not planned
Description
I'm trying to connect the Azure MCP server to PME Azure subscription, but I'm encountering authentication issues due to tenant restrictions. Public Management Environment (PME) applications hosted in PME tenants can be configured to allow access from users in other Microsoft Entra ID tenants (multi-tenant apps).
π Context:
- The PME subscription requires authentication using my PME account, which is only accessible from a SAW (Secured Admin Workstation) device due to Conditional Access policies.
- When I attempt to authenticate from a non-SAW device in Github copilot chat, I receive a tenant mismatch or access blocked error as Goithub copilot has access token for Azure CORP subscription which works on FTE account.
- Re-authentication prompts do not allow switching to my PME account unless I'm on SAW.
β Request:
Is there a recommended or supported way to Connect the official Azure MCP server to a PME subscription while authenticating from SAW, but developing from a non-SAW device?
Any guidance or best practices for this hybrid setup would be greatly appreciated.
Thanks in advance!