Azure Container Apps
Azure Container Apps is Microsoft's serverless container platform — the Azure-native equivalent of Cloud Run. Best for Azure-first stacks.
Container
Use a standard Linux image (the same Dockerfile shape as Cloud Run, typically listening on port 8080). Publish it to Azure Container Registry:
az acr build --registry mcpregistry --image mcp-my-service:latest .Deploy
az containerapp up \
--name my-mcp \
--resource-group my-rg \
--environment my-env \
--image mcpregistry.azurecr.io/mcp-my-service:latest \
--target-port 8080 \
--ingress external \
--env-vars MCP_HTTP_PORT=8080Key flags:
--ingress external— expose the MCP to the internet.--target-port— the port your MCP listens on inside the container.
Then enable session affinity (required for streamable-HTTP sessions):
az containerapp ingress sticky-sessions set \
--name my-mcp --resource-group my-rg --affinity stickySecrets
Store secrets on the container app and attach them as environment variables with secretref:. Your MCP reads them from the environment as usual.
az containerapp secret set \
--name my-mcp --resource-group my-rg \
--secrets my-api-key=supersecret
az containerapp update \
--name my-mcp --resource-group my-rg \
--set-env-vars MY_SERVICE_API_KEY=secretref:my-api-keyRegister with an agent
Get the FQDN, then register https://<fqdn>/mcp on your agent. Make sure the Sema4.ai platform has network line of sight to that URL — if the ingress is internal-only, the platform's network must be able to route to it.
az containerapp show --name my-mcp --resource-group my-rg \
--query properties.configuration.ingress.fqdn -o tsvTips
- Log Analytics workspace attached to the Container Apps environment captures stdout.
- Application Insights gives request-level tracing — wire it up via OpenTelemetry for deeper instrumentation.
- Scale to zero cuts cost but adds cold-start latency. Disable it for latency-sensitive MCPs.