SOC 2 for MCP servers: securing tool access without losing the audit trail (on Azure)

When an auditor asks for proof that only authorized users touched a critical MCP server, the answer is often “we have no logs.” The missing evidence can stall a SOC 2 audit, trigger costly re‑work, and leave the organization exposed to undetected misuse. Without a reliable trail, a single compromised credential can lead to data exfiltration, service disruption, and a breach report that costs millions.

Most teams today connect to MCP servers on Azure by distributing static service‑account keys or embedding passwords in CI pipelines. Engineers log in directly with those secrets, and the servers themselves rarely emit detailed request logs. The result is a flat‑file of occasional health checks, no per‑user attribution, and no way to prove that a privileged operation was reviewed before execution.

Why soc 2 compliance matters for MCP servers

SOC 2 expects continuous evidence of access control, change management, and auditability. The criteria demand that every privileged action be traceable to an identity, that approvals be documented, and that sensitive data be protected in transit. In the current model, the “who, what, and when” information lives only in the memory of a few engineers, not in an immutable record that auditors can inspect.

The immediate fix many organizations apply is to tighten IAM policies around the static keys. While that reduces the blast radius, it does not add any visibility into who actually used the key, what command was run, or whether the output contained sensitive fields. The request still travels straight to the MCP server, bypassing any checkpoint that could enforce masking, block dangerous commands, or require a human approval step.

Introducing a data‑path gateway for continuous evidence

hoop.dev places a Layer 7 gateway between the client and the MCP server. The gateway authenticates each request against an OIDC or SAML identity provider, then forwards the traffic to the server through an agent that resides inside the Azure network. Because the gateway is the only path the traffic can take, it becomes the enforcement point for every SOC 2 control.

hoop.dev records each session, captures the exact command line, and stores the response in a persistent audit log. It masks sensitive fields in real time, so even if a privileged query returns credit‑card numbers, the audit log contains only the masked version. When a command matches a risky pattern, hoop.dev can pause the request and route it to a designated approver, creating a documented approval record before the action proceeds.

Just‑in‑time access is enforced at the gateway as well. An engineer’s request is evaluated against the user’s group membership and the policy attached to the MCP server. If the request is within the allowed scope, hoop.dev grants a short‑lived session token; otherwise the request is denied and the denial is logged. Because the gateway never hands the underlying service credentials to the client, the principle of least privilege is enforced automatically.

How continuous evidence satisfies SOC 2 criteria

• Access control: hoop.dev ties every connection to a verified identity, ensuring that only authorized users can reach the MCP server.
• Change management: risky commands trigger an approval workflow, and the approval decision is stored alongside the command execution record.
• Auditability: each session is recorded, masked as needed, and retained in a searchable log that auditors can query without needing to instrument the MCP server itself.
• Security monitoring: real‑time masking and command blocking reduce the chance that sensitive data leaks or destructive actions succeed.

All of these controls are generated continuously, not as a one‑time snapshot before an audit. The evidence accumulates day by day, so when the SOC 2 audit window arrives the organization already has a complete, verifiable trail.

Getting started on Azure

Deploy the gateway using the official getting‑started guide. The deployment creates a Docker Compose stack that runs the gateway and the network‑resident agent. Connect your OIDC provider (Azure AD, Okta, etc.) so that hoop.dev can validate tokens and map groups to policies. After the gateway is up, register the MCP server as a connection, and define the masking and approval rules that align with your SOC 2 control framework. Detailed configuration steps are covered in the learn section of the documentation.

FAQ

Can hoop.dev replace existing IAM roles on the MCP server? No. hoop.dev works alongside the server’s native IAM. It adds an external enforcement layer without changing the server’s internal role model.

Is the audit log stored in Azure Blob Storage? The storage backend is configurable. hoop.dev writes logs to the location you choose, and the logs can be reviewed for integrity as part of your audit process.

Does hoop.dev support multi‑region deployments? Yes. You can run multiple gateway instances behind a load balancer, each protecting resources in its own Azure region.

Ready to see the code and contribute? Visit the open‑source repository on GitHub: https://github.com/hoophq/hoop.