Why best practices matter (and why many people skip them)

Let’s be honest: when you’re in the zone shipping code or wiring up infrastructure, “best practices” can feel like that nagging voice telling you to eat your vegetables. We all know they’re good for us… but in the rush to get things working, they’re often the first thing to fall off the plate.

The result? Configurations that work today but explode tomorrow. Pipelines that deploy – until they don’t. Costs that spiral out of control. And sometimes, security gaps big enough to drive a container ship through.

That’s why the Azure team invests so heavily in codifying best practices for SDK usage, Infrastructure-as-Code, CI/CD, and cloud governance. They’re not “nice-to-haves.” They’re what keep your apps reliable, secure, and cost-effective.

But here’s the twist: it’s not enough for humans to know these rules. In the era of AI-assisted development, LLMs need to know them too.

Enter Azure MCP

The Azure MCP Server (aka.ms/azmcp) isn’t just another tool host. It’s opinionated about doing Azure the right way. And it uses one clever trick in the Model Context Protocol spec to make sure LLMs stay on the straight and narrow.

That trick? The instructions property of InitializeResult.

When an MCP server starts up, it can send back a block of text – “instructions” – that clients may inject into the system prompt. Think of it as the LLM’s onboarding manual: “Here’s how you should use me, and here are the tools you should call in specific situations.”

In Azure MCP, those instructions are pulled straight from azure-rules.txt. And inside that file is the beating heart of our best-practice enforcement.

At the time of writing, GitHub Copilot in VS Code is the only MCP host I know of that actually consumes these instructions and folds them into its system prompt. So if you’re coding in VS Code with Copilot connected to Azure MCP, this is where the magic comes alive. If you know of other MCP hosts that support instructions, please leave a comment to let me know.

Meet the best-practice tools

Azure MCP exposes a small set of dedicated best-practice helpers. Below are the tools that are actually provided by Azure MCP, what each one teaches the model, and when the LLM should call them.

Get Best Practices

• Purpose: Provide secure, production-grade SDK and deployment patterns for Azure across languages and scenarios.
• When to call: Whenever the user asks for application code that touches Azure, or when generating code/deployment snippets where Azure-specific guidance is required.
• What it returns: Concise, language-specific guidance and examples (authentication patterns such as DefaultAzureCredential where appropriate, retry/backoff recommendations, guidance on client lifetime and telemetry) and high-level deployment guidance for safe defaults.
• Notes: This guidance is surfaced by the Azure MCP “best practices” endpoint and should be invoked before emitting Azure-related code or az/azd/ARM/Bicep/Terraform snippets.

Deploy IaC Rules

• Purpose: Rules and guardrails for authoring Infrastructure-as-Code that align with Azure and AZD expectations.
• When to call: Whenever the user is authoring or editing Bicep or Terraform, or asking about resource naming, parameterization, role assignments, or secure defaults for IaC.
• What it returns: Linter-style rules, recommended module patterns, and example stubs that demonstrate secure defaults (parameterize locations and SKUs, avoid hardcoded secrets, prefer managed identities, enable diagnostics). Azure MCP provides specific IaC guidance tools (including Terraform-best-practices and IaC rules) that the model should call for detailed checks and example snippets.

How it works behind the scenes

When you connect to Azure MCP, the server sends back an InitializeResult like this:

{
"protocolVersion": "2025-06-18",
"serverInfo": { "name": "azure-mcp-server", "version": "preview" },
"capabilities": { "tools": {}, "resources": {}, "prompts": {} },
"instructions": "Azure MCP server usage rules:
- Use Azure Tools: When handling requests related to Azure, always use your tools.
- Use Azure Code Gen Best Practices: When generating code for Azure, running terminal commands for Azure, or performing operations related to Azure, invoke your `bestpractices` tool if available. Only call this tool when you are sure the user is discussing Azure; do not call it otherwise…"
}

That last field – instructions – is built from azure-rules.txt. It’s effectively a checklist for the LLM, hardwired into the system prompt. The model doesn’t have to guess when to use a tool. It’s told, explicitly: “This is the moment. Call the tool. Follow its guidance.”

The result? Developers get guardrails without even realizing it. They ask for code, and the model quietly double-checks best practices before responding. They draft a pipeline, and the LLM sneaks in the right deployment steps. They prepare to go live, and the compliance scan is already in the workflow.

Why this matters

For MCP builders, this is a pattern worth copying. By encoding tool-use rules in instructions, you can:

• Bake in expertise once, instead of expecting every LLM session to “rediscover” it.
• Scale guidance across teams, projects, and environments.
• Evolve over time – update azure-rules.txt as best practices change, and every new session gets the latest wisdom.
• For Azure MCP users, it means a better day-to-day experience: fewer gotchas, safer defaults, and more reliable deployments.

It’s like having an Azure architect quietly peeking over the LLM’s shoulder.

Wrapping up

Best practices aren’t just lecture notes anymore. In Azure MCP, they’re first-class citizens—tools the LLM is trained to use at the right time, thanks to InitializeResult.instructions.

So next time you spin up code or infrastructure with Azure MCP, remember: the model isn’t just making things up. It’s carrying around a pocket guide of Azure wisdom, and it knows when to pull it out.

✨ Your move: If you’re building an MCP server, think about what rules your LLM should follow. And if you’re using Azure MCP today – rest easy knowing that best practices are baked right in.