Manage tools for agents in Microsoft 365 admin center

Agent Tools in the Microsoft 365 admin center provides a centralized view of all AI-powered tools and Model Context Protocol (MCP) servers available in your organization. These tools define how an AI model interacts with user data, tools, and workflows. Agent Tools allows you to handle requests, responses, and actions in a consistent, safe, secure, and transparent manner.

Each tool listed represents a service that supports Copilot experiences across Microsoft 365 apps. You can monitor availability, manage access, and ensure compliance with organizational policies. Use the Registry tab to view and manage tools available in your tenant, and the Requests tab to review and approve tool requests from users in your organization.

Note

The Bring Your Own (BYO) MCP server feature enables organizations to register their own remote MCP servers with Agent 365 for centralized governance and observability. For more information, see Bring your own (BYO) MCP server.

View the Agent Tools registry

  1. Sign in to the Microsoft 365 admin center.

  2. In the left navigation pane, select Agents > Tools > Registry.

    Screenshot showing a list of available agent tools for a tenant.

Key components of Agent Tools

Agent Tools list under the Registry tab and Request tab provides filter, columns, and actions to help you manage your agent tools.

Actions

You can select the available actions directly from the list, or select the listed agent to display an overview of an agent tool. Agent tools include the following actions:

Action Description
Block Prevents the selected tool from being used by agents or workflows.
Unblock Restores access to a previously blocked tool.

Filters

The agent tools registry can contain a large and diverse inventory of tools. You can filter the list to help you narrow the view to the agent tools that you want to focus on at the moment.

Filters are based on the following criteria:

Filter Description
Status Filter tools by their current state, such as Available or Blocked.
Publisher View tools published by Microsoft or other providers.

Columns

The following table describes the columns that are available in the agent tools registry:

Column Description
Name The tool's display name, such as Microsoft Teams MCP Server.
Status Shows whether the tool is Available or Blocked.
Type Shows the tool category, such as MCP Server.
Publisher Shows the publisher, such as Microsoft for first-party tools.

Common MCP servers

You use an MCP servers as a service to expose data, actions, and business logic to agents.

The following are examples of MCP servers:

For related information, see Microsoft Agent 365 SDK and CLI.

Bring your own (BYO) MCP server

The Bring Your Own (BYO) MCP server feature enables organizations to register their own remote MCP servers with Microsoft Agent 365 for centralized governance and observability.

Important

  • This is a preview feature.
  • Preview features aren't meant for production use and might have restricted functionality. These features are subject to supplemental terms of use, and are available before an official release so that customers can get early access and provide feedback.

Large enterprises often build and operate internal MCP servers to power their agents across various business workflows. These servers typically run outside any organizational governance boundary, with no admin visibility into what tools are being exposed, no policy enforcement over how they're invoked, and no usage of telemetry for security and compliance teams. BYO MCP server addresses this problem by routing registered servers through the Agent 365 Tooling Gateway, giving IT admins control via the Microsoft 365 admin center and security teams the observability data they need.

Note

BYO MCP server is currently in preview. Supported client surfaces are Copilot Studio, VS Code, Claude Code, and GitHub Copilot CLI. Azure AI Foundry and Microsoft 365 Declarative Agents aren't yet supported.

How a BYO MCP server works

A BYO MCP server follows a structured developer-to-admin flow to ensure all remote MCP servers are reviewed and governed before being made available to agents.

The BYO MCP server developer-to-admin flow:

  1. Developer registers a remote MCP server via the Agent 365 CLI, providing the server URL, authentication type, and the tools to expose. For more information, see Register a remote MCP server.
  2. IT admin reviews the server details and declared tools in the Microsoft 365 admin center, and approves or rejects the request. Upon approval, the admin grants the required Microsoft Entra permissions for the server. For more information, see Review and approve tool requests.
  3. Approved MCP server is used by the supported clients, such as Copilot Studio and VS Code, to build and test agents against real tool invocations. For more information, see Use an approved MCP server.
  4. Security team monitors the MCP server activity and tool invocations through Microsoft Defender advanced hunting for compliance and anomaly detection. For more information, see Monitor and observe MCP server activity.

Important

This approach ensures that all external MCP integrations go through proper governance and compliance reviews before becoming available to end users.

Note

BYO MCP server is currently in preview. Republishing new versions of your remote MCP server isn't currently supported.

Register a remote MCP server

Tip

As an administrator, it can be helpful to understand how to register a remote MCP server. Alternatively, you can provide the steps in this section to a developer to implement.

You, or a developer, can register your own remote MCP server with Agent 365. This section walks you through the required steps to register a remote MCP server with Agent 365 using the CLI, so that IT admins can review and approve it for use in agent building surfaces.

This section provides the needed steps (commonly implemented by a developer) to register a remote MCP server:

Developer prerequisites

Before registering a remote MCP server, make sure you have the following prerequisites:

  • Install the Agent 365 CLI (or update to the latest version). For this flow to function, you need version 1.1.165-preview or greater.
  • Ensure the Agent 365 service principal is provisioned in your tenant. If you can't find the service principal associated with appId ea9ffc3e-8a23-4a7d-836d-234d7c7565c1, the service principal isn't provisioned for your tenant. To set up a service principal for Agent 365 in your tenant, see:
  • A publicly accessible MCP server endpoint that you can reach from the internet.
  • The server is configured with one of the supported authentication types:
    • NoAuth
    • APIKey (Header or Query)
    • ExternalOAuth
    • EntraOAuth

Install the Agent 365 CLI

To install the Agent 365 CLI, follow the instructions in Install the Agent 365 CLI.

Register your MCP server

After you install the Agent 365 CLI and make sure that your MCP server endpoint is publicly accessible and configured with a supported authentication type, you're ready to register your MCP server with Agent 365. IT admins can review and approve it for use in agent building surfaces.

You have a couple of options for registering your MCP server with Agent 365:

  • Manual registration via CLI: Run the a365 develop-mcp register-external-mcp-server command from the CLI and manually provide the server details, authentication type, and the tools that your MCP server exposes.

Important

The examples in this section use zava.com as a fictional domain and generic server and tool names for illustration. Replace these values with your actual server URL, name, and tool identifiers.

  • Registration via JSON file: Use a365 develop-mcp register-external-mcp-server -f <path-to-file.json> to register your MCP server by providing a JSON file that contains all of the server details, authentication type, and tool definitions in a single file, rather than specifying them individually on the command line.

Refer to the examples in the following sections for how to register an MCP server with Agent 365 using the CLI for different authentication types.

NoAuth

For MCP servers that require no authentication:

a365 develop-mcp register-external-mcp-server \
--server-name "ZavaServer" \
--server-url "https://mcp.zava.com/mcp" \
--publisher "Contoso" \
--description "My external MCP server for document search" \
--auth-type "NoAuth" \
--tools "tool1,tool2"

{
  "serverName": "ext_DocsSearch",
  "serverUrl": "https://docs.contoso.com/api/mcp",
  "authType": "NoAuth",
  "description": "Documentation search MCP Server for Contoso developer docs.",
  "publisherName": "Contoso",
  "tools": [
    {
      "name": "search_docs",
      "description": "Search Contoso developer documentation and code samples."
    }
  ],
  "remoteScopes": null,
  "externalOAuth": null,
  "apiKey": null
}
APIKey (Query Parameter)

For servers that pass the API key as a query parameter:

a365 develop-mcp register-external-mcp-server \
--server-name "ZavaServer" \
--server-url "https://mcp.zava.com/mcp" \
--publisher "Contoso" \
--description "My external MCP server for document search" \
--auth-type APIKey \
--api-key-location Query \
--api-key-name apiKey \
--tools "tool1,tool2"

{
  "serverName": "ext_MarketData",
  "serverUrl": "https://api.contoso.com/market/mcp",
  "authType": "APIKey",
  "description": "Real-time stock market data and search from Contoso Market Services.",
  "publisherName": "Contoso",
  "tools": [
    {
      "name": "stock-market-data",
      "description": "Get real-time stock market data and financial information."
    },
    {
      "name": "real-time-search",
      "description": "Search the web for real-time information and news."
    }
  ],
  "remoteScopes": null,
  "externalOAuth": null,
  "apiKey": {
    "location": "Query",
    "name": "apiKey"
  }
}
APIKey (Header)

For servers that pass the API key in a request header:

a365 develop-mcp register-external-mcp-server \
--server-name "ZavaServer" \
--server-url "https://mcp.zava.com/mcp" \
--publisher "Contoso" \
--description "My external MCP server for document search" \
--auth-type APIKey \
--api-key-location Header \
--api-key-name token \
--tools "tool1,tool2"

{
  "serverName": "ext_InternalTools",
  "serverUrl": "https://tools.contoso.com/mcp",
  "authType": "APIKey",
  "description": "Contoso internal tools MCP Server with API key authentication.",
  "publisherName": "Contoso",
  "tools": [
    {
      "name": "tool1",
      "description": "First tool exposed by the server."
    },
    {
      "name": "tool2",
      "description": "Second tool exposed by the server."
    }
  ],
  "remoteScopes": null,
  "externalOAuth": null,
  "apiKey": {
    "location": "Header",
    "name": "X-API-Key"
  }
}
ExternalOAuth

For servers that authenticate via an external OAuth provider:

a365 develop-mcp register-external-mcp-server \
--server-name "ZavaServer" \
--server-url "https://zava.com/mcp" \
--publisher "Contoso" \
--description "My external MCP server for document search" \
--auth-type ExternalOAuth \
--idp-authorization-url "https://idp.zava.com/o/oauth2/v2/auth" \
--idp-token-url "https://idp.zava.com/oauth2/token" \
--idp-scopes "https://api.zava.com/read" \
--idp-client-id "<your-client-id>" \
--idp-client-secret "<your-client-secret>" \
--remote-scopes "https://api.zava.com/read" \
--tools "tool1,tool2"


{
  "serverName": "ext_Analytics",
  "serverUrl": "https://analytics.contoso.com/mcp",
  "authType": "ExternalOAuth",
  "description": "Contoso Analytics MCP Server for dataset and query operations.",
  "publisherName": "Contoso",
  "tools": [
    {
      "name": "list_datasets",
      "description": "List all available analytics datasets."
    }
  ],
  "remoteScopes": "https://analytics.contoso.com/.default",
  "externalOAuth": {
    "authorizationUrl": "https://auth.contoso.com/oauth2/authorize",
    "tokenUrl": "https://auth.contoso.com/oauth2/token",
    "scopes": "https://analytics.contoso.com/.default",
    "clientId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "clientSecret": "<your-client-secret>"
  },
  "apiKey": null
}
EntraOAuth

For servers that authenticate via Microsoft Entra ID:

a365 develop-mcp register-external-mcp-server \
--server-name "ZavaServer" \
--server-url "https://mcp.zava.com/mcp" \
--publisher "Contoso" \
--description "My external MCP server for document search" \
--auth-type EntraOAuth \
--remote-scopes "https://api.zava.com/.default" \
--tools "tool1,tool2"

{
  "serverName": "ext_OrgDirectory",
  "serverUrl": "https://directory.contoso.com/mcp",
  "authType": "EntraOAuth",
  "description": "Contoso organization directory MCP Server secured with Entra OAuth.",
  "publisherName": "Contoso",
  "tools": [
    {
      "name": "list_users",
      "description": "List users in the organization directory."
    },
    {
      "name": "get_user_profile",
      "description": "Get the profile of a specific user by ID or UPN."
    }
  ],
  "remoteScopes": "api://contoso-directory/.default",
  "externalOAuth": null,
  "apiKey": null
}

After successful registration, submit the MCP server for admin review in the Microsoft 365 admin center.

Review and approve tool requests

After a developer registers a tool, such as a remote MCP server, the tool appears in the Microsoft 365 Admin Center for review and approval.

Screenshot showing a list of available agent tool requests for a tenant.

As an admin with the right permissions to manage agent tools in the Microsoft 365 Admin Center, you can review, approve, or reject these requests to control which tools are available for use in your organization.

Important

To complete the review and approval process, you need to meet two requirements:

  • You need access to the Microsoft 365 admin center's tool page where you manage agent tools and review MCP server registration requests.
  • You need the ability to grant tenant-wide consent.

Two roles meet both requirements:

Use roles with the fewest permissions, and limit the number of users who have admin permissions. See Least privileged roles by task in Microsoft Entra ID. To learn more about admin roles and permissions in the Microsoft 365 admin center, see:

To review and approve MCP server registration requests, follow these steps:

  1. Sign in to the Microsoft 365 admin center.
  2. Select Agents > Tools, and then select the Requests tab.
  3. Pending requests display the following details for each server:
    • Server name
    • Publisher
    • Requested by
    • Requested date
  4. Review the server information and declared tools for accuracy and compliance.
  5. Select Approve to make the server available in the organizational registry, or Reject to deny the request.
  6. Upon approval, consent to the Microsoft Entra permissions required by the MCP server. The server becomes available to agent building surfaces only after consent is granted.

Note

It can take up to 30 minutes for the MCP server to show up in all the Microsoft Copilot Studio environments in the tenant once it's approved and consent is granted.

Based on the MCP servers availability, you'll see the following status indicators:

  • Available - Tool is active and ready for use.
  • Blocked - Tool is disabled and agents can't access it.

Key governance controls

The following table summarizes the key governance controls:

Control Description
Approval/Rejection Admin explicitly approves or rejects each BYO MCP server before it can be used.
Server-Level Block Admin can block approved servers at any time; blocked servers are enforced at runtime.
Tools Snapshot Admin can view the declared tools exposed by each MCP server for transparency.
Runtime Enforcement Blocked MCP servers can't be invoked at runtime across any client surface.

Use an approved MCP server

After an MCP server has been approved and Microsoft Entra grants consent, you can use it across supported agent-building surfaces. The following client surfaces currently support invoking approved BYO MCP servers in preview:

Client Status
Copilot Studio ✅ Supported
VS Code ✅ Supported
Claude Code ✅ Supported
GitHub Copilot CLI ✅ Supported

As a user in Copilot Studio, take the following steps to invoke the approved BYO MCP server:

  1. Go to Copilot Studio in your environment.
  2. Create a new custom agent (or open an existing one).
  3. Go to the Tools section and select MCP Server.
  4. Select the MCP server from the registry.
  5. Test the agent by entering a prompt that invokes the MCP server.

Note

First-time connection setup: On the initial invocation, you might be prompted to complete a one-time connection setup. Follow the provided URL to create the required connection, such as entering your API key for APIKey-based servers. When you finish, return to your agent and retry the prompt. On successful invocation, you see the MCP server respond with the correct tool output.

Learn how to invoke approved BYO MCP servers from Claude Code, VS Code, and GitHub Copilot CLI in the Set up Work IQ MCP Servers for coding agents section of the Work IQ MCP overview.

Monitor and observe MCP server activity

As a member of your organization's security team, use Microsoft Defender advanced hunting to track and analyze MCP server invocations. This process helps you see which agents invoke which MCP servers, when the invocations occur, and other relevant metadata that can help detect unusual or unauthorized usage patterns.

Sample KQL Query — Defender Advanced Hunting:

CloudAppEvents
| where ActionType in ( "ExecuteToolByGateway")
| where RawEventData contains "tool name"

This query returns details including agent name, MCP server name, and invocation metadata.

  • Last updated on