Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
- This is a preview feature.
- Preview features aren't meant for production use and might have restricted functionality. These features are subject to supplemental terms of use, and are available before an official release so that customers can get early access and provide feedback.
The Bring Your Own (BYO) MCP server feature enables organizations to register their own remote MCP servers with Agent 365 for centralized governance and observability.
Large enterprises often build and operate internal MCP servers to power their agents across various business workflows. These servers typically run outside any organizational governance boundary, with no admin visibility into what tools are being exposed, no policy enforcement over how they're invoked, and no usage of telemetry for security and compliance teams. BYO MCP server addresses this problem by routing registered servers through the Agent 365 Tooling Gateway, giving IT admins control via the Microsoft 365 admin center and security teams the observability data they need.
Note
BYO MCP server is currently in preview. Supported client surfaces are Copilot Studio, VS Code, Claude Code, and GitHub Copilot CLI. Azure AI Foundry and M365 Declarative Agents aren't yet supported.
How it works
BYO MCP server follows a structured developer-to-admin flow to ensure all remote MCP servers are reviewed and governed before being made available to agents:
- Developer registers a remote MCP server via the Agent 365 CLI, providing the server URL, authentication type, and the tools to expose.
- IT admin reviews the server details and declared tools in the Microsoft 365 admin center, and approves or rejects the request. Upon approval, the admin grants the required Entra permissions for the server.
- Agent building surfaces consume the approved MCP server through supported clients such as Copilot Studio and VS Code to build and test agents against real tool invocations.
- Security team monitors MCP server activity and tool invocations through Microsoft Defender advanced hunting for compliance and anomaly detection.
This approach ensures that all external MCP integrations go through proper governance and compliance reviews before becoming available to end users.
Register a remote MCP server
As a developer, you can register your own remote MCP server with Agent 365. This section walks you through the required steps to register a remote MCP server with Agent 365 using the CLI, so that IT admins can review and approve it for use in agent building surfaces.
Developer prerequisites
Before registering a remote MCP server, make sure you have the following prerequisites:
- Install the Agent 365 CLI (or update to the latest version). For this flow to function, you need version 1.1.165-preview or greater.
- Ensure the Agent 365 service principal is provisioned in your tenant. If you can't find the service principal associated with appId
ea9ffc3e-8a23-4a7d-836d-234d7c7565c1, the service principal isn't provisioned for your tenant. To set up a service principal for Agent 365 in your tenant, see: - A publicly accessible MCP server endpoint that you can reach from the internet.
- The server is configured with one of the supported authentication types:
- NoAuth
- APIKey (Header or Query)
- ExternalOAuth
- EntraOAuth
Install the Agent 365 CLI
- Download the Agent 365 CLI package.
- Install the CLI tool. Replace package-path with the directory where you extracted the downloaded package:
dotnet tool update --global Microsoft.Agents.A365.DevTools.Cli –prerelease
Register your MCP server
After you install the Agent 365 CLI and make sure that your MCP server endpoint is publicly accessible and configured with a supported authentication type, you're ready to register your MCP server with Agent 365. IT admins can review and approve it for use in agent building surfaces.
You have a couple of options for registering your MCP server with Agent 365:
- Manual registration via CLI: Run the
a365 develop-mcp register-external-mcp-servercommand from the CLI and manually provide the server details, authentication type, and the tools that your MCP server exposes.
Important
The examples in this section use zava.com as a fictional domain and generic server and tool names for illustration. Replace these values with your actual server URL, name, and tool identifiers.
- Registration via JSON file: Use
a365 develop-mcp register-external-mcp-server -f <path-to-file.json>to register your MCP server by providing a JSON file that contains all of the server details, authentication type, and tool definitions in a single file, rather than specifying them individually on the command line.
Refer to the examples in the following sections for how to register an MCP server with Agent 365 using the CLI for different authentication types.
NoAuth
For MCP servers that require no authentication:
a365 develop-mcp register-external-mcp-server \
--server-name "ZavaServer" \
--server-url "https://mcp.zava.com/mcp" \
--publisher "Contoso" \
--description "My external MCP server for document search" \
--auth-type "NoAuth" \
--tools "tool1,tool2"
{
"serverName": "ext_DocsSearch",
"serverUrl": "https://docs.contoso.com/api/mcp",
"authType": "NoAuth",
"description": "Documentation search MCP Server for Contoso developer docs.",
"publisherName": "Contoso",
"tools": [
{
"name": "search_docs",
"description": "Search Contoso developer documentation and code samples."
}
],
"remoteScopes": null,
"externalOAuth": null,
"apiKey": null
}
APIKey (Query Parameter)
For servers that pass the API key as a query parameter:
a365 develop-mcp register-external-mcp-server \
--server-name "ZavaServer" \
--server-url "https://mcp.zava.com/mcp" \
--publisher "Contoso" \
--description "My external MCP server for document search" \
--auth-type APIKey \
--api-key-location Query \
--api-key-name apiKey \
--tools "tool1,tool2"
{
"serverName": "ext_MarketData",
"serverUrl": "https://api.contoso.com/market/mcp",
"authType": "APIKey",
"description": "Real-time stock market data and search from Contoso Market Services.",
"publisherName": "Contoso",
"tools": [
{
"name": "stock-market-data",
"description": "Get real-time stock market data and financial information."
},
{
"name": "real-time-search",
"description": "Search the web for real-time information and news."
}
],
"remoteScopes": null,
"externalOAuth": null,
"apiKey": {
"location": "Query",
"name": "apiKey"
}
}
APIKey (Header)
For servers that pass the API key in a request header:
a365 develop-mcp register-external-mcp-server \
--server-name "ZavaServer" \
--server-url "https://mcp.zava.com/mcp" \
--publisher "Contoso" \
--description "My external MCP server for document search" \
--auth-type APIKey \
--api-key-location Header \
--api-key-name token \
--tools "tool1,tool2"
{
"serverName": "ext_InternalTools",
"serverUrl": "https://tools.contoso.com/mcp",
"authType": "APIKey",
"description": "Contoso internal tools MCP Server with API key authentication.",
"publisherName": "Contoso",
"tools": [
{
"name": "tool1",
"description": "First tool exposed by the server."
},
{
"name": "tool2",
"description": "Second tool exposed by the server."
}
],
"remoteScopes": null,
"externalOAuth": null,
"apiKey": {
"location": "Header",
"name": "X-API-Key"
}
}
ExternalOAuth
For servers that authenticate via an external OAuth provider:
a365 develop-mcp register-external-mcp-server \
--server-name "ZavaServer" \
--server-url "https://zava.com/mcp" \
--publisher "Contoso" \
--description "My external MCP server for document search" \
--auth-type ExternalOAuth \
--idp-authorization-url "https://idp.zava.com/o/oauth2/v2/auth" \
--idp-token-url "https://idp.zava.com/oauth2/token" \
--idp-scopes "https://api.zava.com/read" \
--idp-client-id "<your-client-id>" \
--idp-client-secret "<your-client-secret>" \
--remote-scopes "https://api.zava.com/read" \
--tools "tool1,tool2"
{
"serverName": "ext_Analytics",
"serverUrl": "https://analytics.contoso.com/mcp",
"authType": "ExternalOAuth",
"description": "Contoso Analytics MCP Server for dataset and query operations.",
"publisherName": "Contoso",
"tools": [
{
"name": "list_datasets",
"description": "List all available analytics datasets."
}
],
"remoteScopes": "https://analytics.contoso.com/.default",
"externalOAuth": {
"authorizationUrl": "https://auth.contoso.com/oauth2/authorize",
"tokenUrl": "https://auth.contoso.com/oauth2/token",
"scopes": "https://analytics.contoso.com/.default",
"clientId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"clientSecret": "<your-client-secret>"
},
"apiKey": null
}
EntraOAuth
For servers that authenticate via Microsoft Entra ID:
a365 develop-mcp register-external-mcp-server \
--server-name "ZavaServer" \
--server-url "https://mcp.zava.com/mcp" \
--publisher "Contoso" \
--description "My external MCP server for document search" \
--auth-type EntraOAuth \
--remote-scopes "https://api.zava.com/.default" \
--tools "tool1,tool2"
{
"serverName": "ext_OrgDirectory",
"serverUrl": "https://directory.contoso.com/mcp",
"authType": "EntraOAuth",
"description": "Contoso organization directory MCP Server secured with Entra OAuth.",
"publisherName": "Contoso",
"tools": [
{
"name": "list_users",
"description": "List users in the organization directory."
},
{
"name": "get_user_profile",
"description": "Get the profile of a specific user by ID or UPN."
}
],
"remoteScopes": "api://contoso-directory/.default",
"externalOAuth": null,
"apiKey": null
}
After successful registration, submit the MCP server for admin review in the Microsoft 365 admin center.
Review MCP server registration requests
After a developer registers a remote MCP server, the server appears in the Microsoft 365 Admin Center for review and approval. As an admin with the right permissions to manage agent tools in the Microsoft 365 Admin Center, you can review, approve, or reject these requests to control which MCP servers are available for use in your organization.
To learn more about reviewing and approving MCP server registration requests, see Manage agent tools in Microsoft 365 admin center.
Admin prerequisites
To complete the review and approval process, you need to meet two requirements:
- You need access to the Microsoft 365 admin center's tool page where you manage agent tools and review MCP server registration requests.
- You need the ability to grant tenant-wide consent.
Two roles meet both requirements:
Important
Use roles with the fewest permissions, and limit the number of users who have admin permissions. See Least privileged roles by task in Microsoft Entra ID.
To learn more about admin roles and permissions in the Microsoft 365 admin center, see:
- About administrator roles in the Microsoft 365 admin center.
- Grant tenant-wide admin consent to an application.
Review and approve in Microsoft 365 admin center
- Go to the Microsoft 365 Admin Center.
- Select Agents > Tools, and then select the Requests tab.
- Pending requests display the following details for each server:
- Server name
- Publisher
- Requested by
- Requested date
- Review the server information and declared tools for accuracy and compliance.
- Select Approve to make the server available in the organizational registry, or Reject to deny the request.
- Upon approval, consent to the Microsoft Entra permissions required by the MCP server. The server becomes available to agent building surfaces only after consent is granted.
Note
It can take up to 30 minutes for the MCP server to show up in all the Microsoft Copilot Studio environments in the tenant once it is approved and consent is granted.
Key governance controls
The following table summarizes the key governance controls:
| Control | Description |
|---|---|
| Approval/Rejection | Admin explicitly approves or rejects each BYO MCP server before it can be used. |
| Server-Level Block | Admin can block approved servers at any time; blocked servers are enforced at runtime. |
| Tools Snapshot | Admin can view the declared tools exposed by each MCP server for transparency. |
| Runtime Enforcement | Blocked MCP servers can't be invoked at runtime across any client surface. |
Use the approved MCP server
After Microsoft approves the MCP server and Microsoft Entra grants consent, you can use it across supported agent-building surfaces. The following client surfaces currently support invoking approved BYO MCP servers in preview:
| Client | Status |
|---|---|
| Copilot Studio | ✅ Supported |
| VS Code | ✅ Supported |
| Claude Code | ✅ Supported |
| GitHub Copilot CLI | ✅ Supported |
As a user in Copilot Studio, take the following steps to invoke the approved BYO MCP server:
- Go to Copilot Studio in your environment.
- Create a new custom agent (or open an existing one).
- Go to the Tools section and select MCP Server.
- Select the MCP server from the registry.
- Test the agent by entering a prompt that invokes the MCP server.
Note
First-time connection setup: On the initial invocation, you might be prompted to complete a one-time connection setup. Follow the provided URL to create the required connection, such as entering your API key for APIKey-based servers. When you finish, return to your agent and retry the prompt. On successful invocation, you see the MCP server respond with the correct tool output.
Learn how to invoke approved BYO MCP servers from Claude Code, VS Code, and GitHub Copilot CLI in the Set up Work IQ MCP Servers for coding agents section of the Work IQ MCP overview.
Monitor and observe MCP server activity
As a member of your organization's security team, use Microsoft Defender advanced hunting to track and analyze MCP server invocations. This process helps you see which agents invoke which MCP servers, when the invocations occur, and other relevant metadata that can help detect unusual or unauthorized usage patterns.
Sample KQL Query — Defender Advanced Hunting:
CloudAppEvents
| where ActionType in ( "ExecuteToolByGateway")
| where RawEventData contains "tool name"
This query returns details including agent name, MCP server name, and invocation metadata.
Related content
Manage tools for Agent 365 in the Microsoft 365 admin center.