Preconditions
Related command
No response
Resource Provider
N/A
Description of Feature or Work Requested
I would like to request the implementation of a global read-only ("sandbox") mode for the Azure CLI, similar to the behavior of the Azure MCP server.
When enabled, this mode should restrict the CLI to only executing list, show, and get commands, effectively blocking any commands that would create, update, or delete resources.
Motivation
With the rise of unsupervised coding agents, Copilot CLI, and MCP-based integrations, there is a growing need for a "safety rail."
Safety: Prevent agents from accidentally modifying or deleting production infrastructure during diagnostic tasks.
Trust: Allow users to grant CLI access to AI tools with the confidence that no state-changing operations will be performed.
Efficiency: Avoid the complexity of creating specific "Reader" RBAC roles for every temporary session or agent environment. Not always users have the needed right on Entra ID.
If a user attempts a command like az group delete, the CLI should intercept the call and return an error:
Error: Azure CLI is in read-only mode. Command execution blocked.
Minimum API Version Required
N/A
Swagger PR link / SDK link
N/A
Request Example
No response
Target Date
2026-12-31
PM Contact
N/A
Engineer Contact
N/A
Additional context
No response
Preconditions
Related command
No response
Resource Provider
N/A
Description of Feature or Work Requested
I would like to request the implementation of a global read-only ("sandbox") mode for the Azure CLI, similar to the behavior of the Azure MCP server.
When enabled, this mode should restrict the CLI to only executing list, show, and get commands, effectively blocking any commands that would create, update, or delete resources.
Motivation
With the rise of unsupervised coding agents, Copilot CLI, and MCP-based integrations, there is a growing need for a "safety rail."
Safety: Prevent agents from accidentally modifying or deleting production infrastructure during diagnostic tasks.
Trust: Allow users to grant CLI access to AI tools with the confidence that no state-changing operations will be performed.
Efficiency: Avoid the complexity of creating specific "Reader" RBAC roles for every temporary session or agent environment. Not always users have the needed right on Entra ID.
If a user attempts a command like az group delete, the CLI should intercept the call and return an error:
Error: Azure CLI is in read-only mode. Command execution blocked.Minimum API Version Required
N/A
Swagger PR link / SDK link
N/A
Request Example
No response
Target Date
2026-12-31
PM Contact
N/A
Engineer Contact
N/A
Additional context
No response