[Feature Request] Global --read-only Mode for Azure CLI

[gunzip]

Preconditions

• No need to upgrade Python SDK or the Python SDK is ready.

Related command

No response

Resource Provider

N/A

Description of Feature or Work Requested

I would like to request the implementation of a global read-only ("sandbox") mode for the Azure CLI, similar to the behavior of the Azure MCP server.

When enabled, this mode should restrict the CLI to only executing list, show, and get commands, effectively blocking any commands that would create, update, or delete resources.

Motivation

With the rise of unsupervised coding agents, Copilot CLI, and MCP-based integrations, there is a growing need for a "safety rail."

Safety: Prevent agents from accidentally modifying or deleting production infrastructure during diagnostic tasks.

Trust: Allow users to grant CLI access to AI tools with the confidence that no state-changing operations will be performed.

Efficiency: Avoid the complexity of creating specific "Reader" RBAC roles for every temporary session or agent environment. Not always users have the needed right on Entra ID.

If a user attempts a command like az group delete, the CLI should intercept the call and return an error:
Error: Azure CLI is in read-only mode. Command execution blocked.

Minimum API Version Required

N/A

Swagger PR link / SDK link

N/A

Request Example

No response

Target Date

2026-12-31

PM Contact

N/A

Engineer Contact

N/A

Additional context

No response

[yonzhan]

Thank you for opening this issue, we will look into it.

[github-actions]

This issue is related to security. Please pay attention.

Powered by issue-sentinel